AKM Trojaner entfernen! Scan ausgeführt - Log-dateien!

edompilf · 13.03.2012, 15:53

Hallo Community!

ich hoffe dass mir jemand hier im Forum beim Problem meines Freundes helfen kann! Er hat, wie so viel andere, den hartnäckigen 50 Euro AKM Trojaner.

Habe den OTL scan laut Anleitung ausgeführt und habe die Log-Dateien parat.

Extras.txt

Zitat:

OTL Extras logfile created on: 3/13/2012 7:26:34 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 452.48 Gb Total Space | 354.76 Gb Free Space | 78.40% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.36% Space Free | Partition Type: FAT32
Drive X: | 3.73 Gb Total Space | 3.10 Gb Free Space | 83.06% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64726C2C-0B39-5D87-3117-E11F59C9460D}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{75FDB05A-C1C2-CD17-35CE-3C1A454CC79F}" = ATI Catalyst Install Manager
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"001FFF2FFF14FF00FF0901F01F02F000-R1" = ArchiCAD 14 AUT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64726C2C-0B39-5D87-3117-E11F59C9460D}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{75FDB05A-C1C2-CD17-35CE-3C1A454CC79F}" = ATI Catalyst Install Manager
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"001FFF2FFF14FF00FF0901F01F02F000-R1" = ArchiCAD 14 AUT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

< End of report >

OTL

Zitat:

OTL logfile created on: 3/13/2012 7:41:08 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 452.48 Gb Total Space | 354.75 Gb Free Space | 78.40% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.36% Space Free | Partition Type: FAT32
Drive X: | 3.73 Gb Total Space | 3.10 Gb Free Space | 83.06% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV:64bit: - (ePowerSvc) -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- D:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DsiWMIService) -- D:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (NOBU) -- D:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- D:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GREGService) -- D:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Sftvol) -- D:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- D:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- D:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- D:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- D:\Windows\System32\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HSPADataCardusbser) -- D:\Windows\System32\drivers\HSPADataCardusbser.sys (D-Link Incorporated)
DRV:64bit: - (HSPADataCardusbnmea) -- D:\Windows\System32\drivers\HSPADataCardusbnmea.sys (D-Link Incorporated)
DRV:64bit: - (HSPADataCardusbmdm) -- D:\Windows\System32\drivers\HSPADataCardusbmdm.sys (D-Link Incorporated)
DRV:64bit: - (huawei_enumerator) -- D:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- D:\Windows\System32\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (hwdatacard) -- D:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (AmUStor) -- D:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- D:\Windows\System32\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- D:\Windows\System32\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZTEusbser6k) -- D:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- D:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- D:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- D:\Windows\System32\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (HECIx64) Intel(R) -- D:\Windows\System32\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- D:\Windows\System32\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- D:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- D:\Windows\System32\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- D:\Windows\System32\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- D:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- D:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- D:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (mwlPSDVDisk) -- D:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- D:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- D:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\Sebastian_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/
IE - HKU\Sebastian_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 10:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/12/10 10:44:08 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Sebastian\AppData\Roaming\Mozilla\Extensions
[2010/12/10 10:44:08 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Sebastian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Sebastian_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] D:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] D:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] D:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [K3aRyluP6SiCkoR] D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] D:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] D:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sebastian_ON_D..\Run: [K3aRyluP6SiCkoR] D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O20 - HKLM Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Sebastian_ON_D Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O20 - HKU\Sebastian_ON_D Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 12:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{38a2e910-f373-11e0-a1bc-206a8a1c1dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{38a2e910-f373-11e0-a1bc-206a8a1c1dc6}\Shell\AutoRun\command - "" = E:\Windows/AutoRun.exe
O33 - MountPoints2\{44c9967f-0189-11e0-a99b-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{44c9967f-0189-11e0-a99b-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{44c9968e-0189-11e0-a99b-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{44c9968e-0189-11e0-a99b-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{50f62922-0172-11e0-86df-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{50f62922-0172-11e0-86df-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6fcf6a21-1ca0-11e0-86d1-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{6fcf6a21-1ca0-11e0-86d1-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a76f027-0c80-11e0-882f-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{9a76f027-0c80-11e0-882f-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a216f055-1370-11e0-a1c9-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{a216f055-1370-11e0-a1c9-207c8f26a807}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ae1407bd-43e9-11e0-8cd2-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{ae1407bd-43e9-11e0-8cd2-207c8f26a807}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c1789f30-69e0-11e1-98f7-206a8a1c1dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{c1789f30-69e0-11e1-98f7-206a8a1c1dc6}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{fc0672db-0c1e-11e0-bf69-207c8f26a807}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0672db-0c1e-11e0-bf69-207c8f26a807}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 04:34:11 | 000,307,200 | ---- | C] (Microsoft Corp., Veritas Software) -- D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe
[2012/03/08 15:46:42 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/08 15:46:42 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Skype
[2012/02/25 03:49:23 | 000,096,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/02/25 03:49:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/02/25 03:49:20 | 002,308,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/02/25 03:49:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/02/25 03:49:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/02/25 03:49:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/02/25 03:49:19 | 001,798,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/02/25 03:49:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/02/25 03:49:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/02/25 03:49:18 | 000,818,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/02/25 03:49:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/02/25 03:49:17 | 001,493,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/02/23 14:49:39 | 000,367,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2012/02/23 14:49:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2012/02/23 14:49:39 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2012/02/23 14:49:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakeng.dll
[2012/02/23 14:49:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2012/02/23 14:49:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2012/02/23 14:49:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2012/02/23 14:49:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/23 14:49:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/23 14:49:39 | 000,063,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2012/02/23 14:49:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2012/02/23 14:49:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2012/02/23 14:49:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2012/02/23 14:49:38 | 000,580,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/02/23 14:49:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2012/02/23 14:49:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2012/02/23 14:49:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2012/02/23 14:49:38 | 000,152,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2012/02/23 14:49:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2012/02/23 14:49:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2012/02/23 14:49:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2012/02/23 14:49:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ie4uinit.exe
[2012/02/23 14:49:38 | 000,066,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2012/02/23 14:49:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2012/02/23 14:49:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2012/02/23 14:49:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2012/02/23 14:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2012/02/23 14:49:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/02/23 14:49:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/02/23 14:49:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2012/02/23 14:49:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2012/02/23 14:49:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/02/23 14:49:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2012/02/23 14:49:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieaksie.dll
[2012/02/23 14:49:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieaksie.dll
[2012/02/23 14:49:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2012/02/23 14:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2012/02/23 14:49:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/02/23 14:49:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2012/02/23 14:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakui.dll
[2012/02/23 14:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieakui.dll
[2012/02/23 14:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2012/02/23 14:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieakeng.dll
[2012/02/23 14:49:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2012/02/23 14:49:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/02/23 14:49:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2012/02/23 14:49:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2012/02/23 14:49:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2012/02/23 14:49:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\admparse.dll
[2012/02/23 14:49:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2012/02/23 14:49:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2012/02/23 14:49:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\admparse.dll
[2012/02/23 14:49:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2012/02/23 14:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/23 14:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2012/02/23 14:49:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2012/02/23 14:49:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2012/02/23 14:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2012/02/23 14:49:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2012/02/23 14:49:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2012/02/23 14:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2012/02/23 14:49:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2012/02/23 14:49:37 | 000,035,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2012/02/23 14:49:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/02/23 14:49:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2012/02/23 14:49:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2012/02/15 06:20:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntshrui.dll
[2012/02/15 06:19:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\timedate.cpl
[2012/02/15 06:19:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\timedate.cpl
[2012/02/15 06:19:50 | 000,634,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcrt.dll
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/13 09:39:37 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/13 09:27:41 | 3111,514,112 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/13 08:37:14 | 000,001,112 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 08:21:10 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 08:15:52 | 000,017,600 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 08:15:52 | 000,017,600 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 08:08:24 | 000,065,536 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2012/03/13 04:34:10 | 000,307,200 | ---- | M] (Microsoft Corp., Veritas Software) -- D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe
[2012/03/09 08:01:20 | 000,669,464 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/09 08:01:20 | 000,620,976 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/09 08:01:20 | 000,134,990 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/09 08:01:20 | 000,110,906 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/08 15:46:42 | 000,002,517 | ---- | M] () -- D:\Users\Public\Desktop\Skype.lnk
[2012/03/08 15:46:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/04 00:54:09 | 000,001,090 | ---- | M] () -- D:\Users\Public\Desktop\World of Warcraft.lnk
[2012/02/23 17:52:26 | 000,001,441 | ---- | M] () -- D:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 14:49:39 | 000,367,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2012/02/23 14:49:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2012/02/23 14:49:39 | 000,161,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2012/02/23 14:49:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakeng.dll
[2012/02/23 14:49:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2012/02/23 14:49:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2012/02/23 14:49:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2012/02/23 14:49:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/23 14:49:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/23 14:49:39 | 000,063,488 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2012/02/23 14:49:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2012/02/23 14:49:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2012/02/23 14:49:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2012/02/23 14:49:38 | 000,580,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/02/23 14:49:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2012/02/23 14:49:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2012/02/23 14:49:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2012/02/23 14:49:38 | 000,152,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2012/02/23 14:49:38 | 000,150,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2012/02/23 14:49:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2012/02/23 14:49:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2012/02/23 14:49:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ie4uinit.exe
[2012/02/23 14:49:38 | 000,072,822 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/02/23 14:49:38 | 000,066,048 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2012/02/23 14:49:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2012/02/23 14:49:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2012/02/23 14:49:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2012/02/23 14:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2012/02/23 14:49:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/02/23 14:49:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/02/23 14:49:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2012/02/23 14:49:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2012/02/23 14:49:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/02/23 14:49:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2012/02/23 14:49:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieaksie.dll
[2012/02/23 14:49:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieaksie.dll
[2012/02/23 14:49:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2012/02/23 14:49:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2012/02/23 14:49:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/02/23 14:49:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2012/02/23 14:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakui.dll
[2012/02/23 14:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieakui.dll
[2012/02/23 14:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2012/02/23 14:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieakeng.dll
[2012/02/23 14:49:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2012/02/23 14:49:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/02/23 14:49:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2012/02/23 14:49:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2012/02/23 14:49:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2012/02/23 14:49:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\admparse.dll
[2012/02/23 14:49:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2012/02/23 14:49:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2012/02/23 14:49:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\admparse.dll
[2012/02/23 14:49:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2012/02/23 14:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/23 14:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2012/02/23 14:49:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2012/02/23 14:49:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2012/02/23 14:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2012/02/23 14:49:37 | 000,072,822 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2012/02/23 14:49:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2012/02/23 14:49:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2012/02/23 14:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2012/02/23 14:49:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2012/02/23 14:49:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2012/02/23 14:49:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/02/23 14:49:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2012/02/23 14:49:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2012/02/16 21:29:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/16 04:30:59 | 000,292,872 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/02/16 04:09:15 | 001,556,172 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/23 17:52:23 | 000,001,447 | ---- | C] () -- D:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/02/23 14:49:38 | 000,072,822 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/02/23 14:49:37 | 000,072,822 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2011/01/16 09:49:25 | 016,985,472 | ---- | C] () -- D:\Users\Sebastian\AppData\Roaming\UserTile.png
[2010/12/13 14:22:36 | 001,556,172 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/08 12:56:25 | 000,004,096 | ---- | C] () -- D:\Windows\d3dx.dat
[2010/10/06 03:16:58 | 000,000,267 | ---- | C] () -- D:\Windows\LaunApp.ini
[2010/10/06 03:15:07 | 000,002,189 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2010/10/06 03:14:26 | 000,001,655 | ---- | C] () -- D:\Windows\WPatchProgress.ini
[2010/10/05 17:39:51 | 000,206,208 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/10/05 17:39:51 | 000,113,264 | ---- | C] () -- D:\Windows\FixUVC.exe
[2010/10/05 17:39:51 | 000,000,302 | ---- | C] () -- D:\Windows\PidList_C.ini
[2010/10/05 17:36:22 | 000,002,189 | ---- | C] () -- D:\Windows\SysWow64\atipblup.dat
[2010/10/05 17:33:41 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2010/09/15 20:10:45 | 000,000,321 | ---- | C] () -- D:\Windows\Prelaunch.ini
[2010/09/15 20:10:45 | 000,000,271 | ---- | C] () -- D:\Windows\WisPriority.ini
[2010/09/15 20:10:45 | 000,000,166 | ---- | C] () -- D:\Windows\WisLangCode.ini
[2010/09/15 19:41:45 | 000,131,984 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- D:\Windows\SysWow64\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- D:\Windows\SysWow64\ssleay32.dll
[2010/03/24 08:35:54 | 000,000,715 | ---- | C] () -- D:\Windows\TipGlobal70.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/15 20:45:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/12/27 09:08:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Age of Empires 3
[2010/12/08 12:58:46 | 000,000,000 | ---D | M] -- D:\ProgramData\AirportMania
[2010/09/15 19:30:14 | 000,000,000 | ---D | M] -- D:\ProgramData\AmUStor
[2010/12/06 12:42:18 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/09/15 20:41:40 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2012/02/27 18:28:24 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/12/06 12:42:18 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/10/05 17:35:55 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec IPS
[2010/09/15 19:32:57 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/12/08 13:00:08 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy2
[2010/12/06 12:42:18 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/12/11 09:38:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Friends Games
[2010/12/20 06:52:19 | 000,000,000 | ---D | M] -- D:\ProgramData\mquadr.at
[2010/09/15 19:48:14 | 000,000,000 | ---D | M] -- D:\ProgramData\OberonGameConsole
[2010/12/06 12:43:57 | 000,000,000 | ---D | M] -- D:\ProgramData\oem
[2010/12/08 12:49:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/12/06 12:42:18 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/12/11 09:41:01 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/02/08 18:19:25 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2010/12/06 12:42:18 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/11/14 17:48:26 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0594BEF1-12CE-4053-A10C-630DD69A5F94}
[2010/12/20 06:52:02 | 000,000,000 | -H-D | M] -- D:\ProgramData\{92809A0D-A823-4253-90B2-7D5F59F20E10}
[2010/12/12 16:55:59 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/01/11 10:04:03 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> D:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> D:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 135 bytes -> D:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> D:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> D:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> D:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> D:\ProgramData\Temp:4D066AD2
< End of report >

Ich Bitte höfflichst um Hilfe!

danke im Voraus

mfg Christopher

markusg · 13.03.2012, 17:56

hi
ehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Sebastian_ON_D..\Run: [K3aRyluP6SiCkoR] D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O4 - HKLM..\Run: [K3aRyluP6SiCkoR] D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Sebastian_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas
Software)
O20 - HKLM Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft Corp.,
Veritas Software)
O20 - HKU\Sebastian_ON_D Winlogon: Shell - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft
Corp., Veritas Software)
O20 - HKU\Sebastian_ON_D Winlogon: UserInit - (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) - D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe (Microsoft
Corp., Veritas Software)
:Files
D:\Users\Sebastian\AppData\Roaming\flint4ytw.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

bei dir evtl. d:

edompilf · 14.03.2012, 12:11

hallo markus,

habe den fix mittels OTL gemacht, nach dem fix sollte der PC neustarte, doch da ist er eingefroren.. somit leider keine LOG vom fix. Finde ich diese sonst irgendwo?

PC manuel neu gestartet -> keine Desktopsymbole (ging erst nach scan mit malewarebytes!)

Hier die Log davon (falls du sie brauchen kannst)

Zitat:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.03.14.01

Windows 7 x64 FAT
Internet Explorer 9.0.8112.16421
Sebastian :: SEBASTIAN-PC [Administrator]

Schutz: Aktiviert

14.03.2012 15:06:37
mbam-log-2012-03-14 (16-32-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367278
Laufzeit: 1 Stunde(n), 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{xZZHlbZp-cp9b-vHzS-P0ZA-6t3dhx9Vn6Sh} (Backdoor.Agent) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|K3aRyluP6SiCkoR (Backdoor.Agent) -> Daten: C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|K3aRyluP6SiCkoR (Backdoor.Agent) -> Daten: C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen.A) -> Bösartig: (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe) Gut: (Explorer.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Users\Sebastian\AppData\Roaming\flint4ytw.exe,C:\WINDOWS\System32\userinit.exe,) Gut: (userinit.exe) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Sebastian\AppData\Local\Temp\0.816674409859077.exe (Trojan.Ransom.BP) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\03142012_145313\D_Users\Sebastian\AppData\Roaming\flint4ytw.exe (Trojan.Ransom.BP) -> Keine Aktion durchgeführt.

(Ende)

Bis jetzt fast zufrieden, habe nur noch Probleme mit dem TaskManager (".. wurde duch den Administrator deaktiviert")

Vielen Danke erstmal für deine professionelle Hilfe!

gruß Christopher

edompilf · 14.03.2012, 12:25

hab Problem mit dem TaskManager gelöst...

den Registry Eintrag DisableTaskMgr unter

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

löschen!

gruß Christopher

markusg · 14.03.2012, 12:31

naja, da du anscheinend selbst arbeiten willst und nicht auf anweisungen wartest kann ich mir das ja auch schenken oder? von Malwarebytes etc stand hier nichts...

edompilf · 14.03.2012, 14:32

ok ok.. sry, ich wollte dir nur entgegekommen! wie geht es dann deiner meinung weiter?

markusg · 14.03.2012, 18:15

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

AKM Trojaner entfernen! Scan ausgeführt - Log-dateien!

Log-Analyse und Auswertung: AKM Trojaner entfernen! Scan ausgeführt - Log-dateien!