Habe auch den AKM Trojaner

kingk · 13.03.2012, 21:22

Hallo,

ich habe auch den AKM Trojaner und bitte Euch um Hilfe.

Hier das OTL-Log:

Code:

ATTFilter

  OTL logfile created on: 3/13/2012 9:56:57 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 76.36 Mb Free Space | 74.88% Space Free | Partition Type: NTFS
Drive D: | 285.99 Gb Total Space | 212.12 Gb Free Space | 74.17% Space Free | Partition Type: NTFS
Drive E: | 30.11 Gb Total Space | 13.67 Gb Free Space | 45.39% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- D:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/10/11 11:14:56 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2010/08/25 14:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/02 10:17:41 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/11/03 00:14:38 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/11/03 00:14:38 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/11/03 00:14:38 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/11/03 00:14:38 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/06/15 06:03:40 | 000,245,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2010/07/01 14:58:20 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/06/04 17:49:16 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100728.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g725&r=273606101605l04e4z115r44i2560p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g725&r=273606101605l04e4z115r44i2560p
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Acer_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g725&r=273606101605l04e4z115r44i2560p
IE - HKU\Acer_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Acer_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 14:31:20 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Acer_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Acer_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EEventManager] D:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKU\Acer_ON_D..\Run: [EPSON SX210 Series]  File not found
O4 - HKU\Acer_ON_D..\Run: [K3aRyluP6SiCkoR] D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Acer_ON_D..\RunOnce: [FlashPlayerUpdate] D:\Windows\SysWOW64\Macromed\Flash\FlashUtil10r_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Acer_ON_D Winlogon: Shell - (C:\Users\Acer\AppData\Roaming\flint4ytw.exe) - D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O20 - HKU\Acer_ON_D Winlogon: UserInit - (C:\Users\Acer\AppData\Roaming\flint4ytw.exe) - D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2e2287c2-4789-11e1-a0f9-705ab63937ad}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2287c2-4789-11e1-a0f9-705ab63937ad}\Shell\AutoRun\command - "" = F:\SETUP.EXE /adminfile IU.MSP
O33 - MountPoints2\{2e2287c2-4789-11e1-a0f9-705ab63937ad}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{2e2287c2-4789-11e1-a0f9-705ab63937ad}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/13 06:50:24 | 000,307,200 | ---- | C] (Microsoft Corp., Veritas Software) -- D:\Users\Acer\AppData\Roaming\flint4ytw.exe
[2012/03/11 17:49:21 | 000,000,000 | ---D | C] -- D:\Windows\Minidump
[2012/03/08 04:13:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2012/03/08 04:13:58 | 001,798,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/03/08 04:13:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/03/08 04:13:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/03/08 04:13:58 | 000,580,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/03/08 04:13:58 | 000,434,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2012/03/08 04:13:58 | 000,367,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2012/03/08 04:13:58 | 000,353,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2012/03/08 04:13:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/03/08 04:13:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieaksie.dll
[2012/03/08 04:13:58 | 000,223,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2012/03/08 04:13:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/03/08 04:13:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakui.dll
[2012/03/08 04:13:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2012/03/08 04:13:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2012/03/08 04:13:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2012/03/08 04:13:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2012/03/08 04:13:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2012/03/08 04:13:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakeng.dll
[2012/03/08 04:13:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2012/03/08 04:13:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2012/03/08 04:13:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2012/03/08 04:13:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\admparse.dll
[2012/03/08 04:13:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/08 04:13:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2012/03/08 04:13:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2012/03/08 04:13:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/08 04:13:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/08 04:13:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2012/03/08 04:13:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ie4uinit.exe
[2012/03/08 04:13:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/03/08 04:13:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2012/03/08 04:13:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2012/03/08 04:13:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2012/03/08 04:13:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2012/03/08 04:13:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2012/03/08 04:13:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2012/03/08 04:13:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2012/03/08 04:13:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2012/03/08 04:13:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2012/03/08 04:13:57 | 002,308,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/03/08 04:13:57 | 001,493,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/03/08 04:13:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/03/08 04:13:57 | 000,697,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/03/08 04:13:57 | 000,603,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/03/08 04:13:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2012/03/08 04:13:57 | 000,452,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2012/03/08 04:13:57 | 000,448,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/03/08 04:13:57 | 000,282,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2012/03/08 04:13:57 | 000,267,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieaksie.dll
[2012/03/08 04:13:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/03/08 04:13:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/03/08 04:13:57 | 000,222,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2012/03/08 04:13:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2012/03/08 04:13:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/03/08 04:13:57 | 000,165,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2012/03/08 04:13:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieakui.dll
[2012/03/08 04:13:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2012/03/08 04:13:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieakeng.dll
[2012/03/08 04:13:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2012/03/08 04:13:57 | 000,145,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/03/08 04:13:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2012/03/08 04:13:57 | 000,114,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\admparse.dll
[2012/03/08 04:13:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2012/03/08 04:13:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2012/03/08 04:13:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/03/08 04:13:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2012/03/08 04:13:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2012/03/08 04:13:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2012/03/08 04:13:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2012/03/08 04:13:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2012/03/08 04:13:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2012/03/08 04:13:57 | 000,049,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2012/03/08 04:13:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2012/03/08 04:13:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2012/03/08 04:13:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/03/08 04:13:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2012/03/08 04:13:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2012/03/08 04:12:42 | 004,068,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mf.dll
[2012/03/08 04:12:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mf.dll
[2012/03/08 04:12:42 | 001,888,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMVDECOD.DLL
[2012/03/08 04:12:42 | 001,863,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ExplorerFrame.dll
[2012/03/08 04:12:42 | 001,837,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2012/03/08 04:12:42 | 001,619,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/08 04:12:42 | 001,540,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/08 04:12:42 | 001,495,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/08 04:12:42 | 001,170,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2012/03/08 04:12:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/08 04:12:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2012/03/08 04:12:42 | 000,739,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2012/03/08 04:12:42 | 000,662,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2012/03/08 04:12:42 | 000,470,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2012/03/08 04:12:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2012/03/08 04:12:42 | 000,320,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2012/03/08 04:12:42 | 000,283,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/08 04:12:42 | 000,265,088 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2012/03/08 04:12:42 | 000,257,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfreadwrite.dll
[2012/03/08 04:12:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsRasterService.dll
[2012/03/08 04:12:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2012/03/08 04:12:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfps.dll
[2012/03/08 04:12:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2012/03/08 04:12:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mfreadwrite.dll
[2012/03/08 04:12:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2012/03/08 04:12:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2012/03/08 04:12:42 | 000,135,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsRasterService.dll
[2012/02/15 13:58:55 | 000,634,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msvcrt.dll
[2009/11/02 23:52:36 | 000,036,136 | ---- | C] (Oberon Media) -- D:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/13 15:43:42 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/13 15:43:08 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/13 15:42:54 | 2360,848,384 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/13 15:27:59 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 07:10:47 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 07:10:47 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 06:50:23 | 000,307,200 | ---- | M] (Microsoft Corp., Veritas Software) -- D:\Users\Acer\AppData\Roaming\flint4ytw.exe
[2012/03/11 18:21:47 | 000,643,866 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/11 18:21:47 | 000,607,190 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/11 18:21:47 | 000,126,394 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/11 18:21:47 | 000,103,568 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/11 17:49:18 | 353,352,587 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2012/03/08 14:18:44 | 000,001,442 | ---- | M] () -- D:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/08 04:13:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2012/03/08 04:13:58 | 001,798,656 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2012/03/08 04:13:58 | 001,427,456 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2012/03/08 04:13:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/03/08 04:13:58 | 000,580,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/03/08 04:13:58 | 000,434,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2012/03/08 04:13:58 | 000,367,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2012/03/08 04:13:58 | 000,353,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2012/03/08 04:13:58 | 000,231,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/03/08 04:13:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieaksie.dll
[2012/03/08 04:13:58 | 000,223,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2012/03/08 04:13:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/03/08 04:13:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakui.dll
[2012/03/08 04:13:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2012/03/08 04:13:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2012/03/08 04:13:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2012/03/08 04:13:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2012/03/08 04:13:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2012/03/08 04:13:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieakeng.dll
[2012/03/08 04:13:58 | 000,123,392 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2012/03/08 04:13:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2012/03/08 04:13:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2012/03/08 04:13:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\admparse.dll
[2012/03/08 04:13:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/08 04:13:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2012/03/08 04:13:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2012/03/08 04:13:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/08 04:13:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/08 04:13:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2012/03/08 04:13:58 | 000,074,240 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ie4uinit.exe
[2012/03/08 04:13:58 | 000,072,822 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/03/08 04:13:58 | 000,072,704 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/03/08 04:13:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2012/03/08 04:13:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2012/03/08 04:13:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2012/03/08 04:13:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2012/03/08 04:13:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2012/03/08 04:13:58 | 000,031,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2012/03/08 04:13:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2012/03/08 04:13:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2012/03/08 04:13:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2012/03/08 04:13:57 | 002,308,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/03/08 04:13:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/03/08 04:13:57 | 000,818,688 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/03/08 04:13:57 | 000,697,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/03/08 04:13:57 | 000,603,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/03/08 04:13:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2012/03/08 04:13:57 | 000,452,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2012/03/08 04:13:57 | 000,448,512 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2012/03/08 04:13:57 | 000,282,112 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2012/03/08 04:13:57 | 000,267,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieaksie.dll
[2012/03/08 04:13:57 | 000,248,320 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/03/08 04:13:57 | 000,237,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/03/08 04:13:57 | 000,222,208 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2012/03/08 04:13:57 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2012/03/08 04:13:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/03/08 04:13:57 | 000,165,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2012/03/08 04:13:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieakui.dll
[2012/03/08 04:13:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2012/03/08 04:13:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieakeng.dll
[2012/03/08 04:13:57 | 000,149,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2012/03/08 04:13:57 | 000,145,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2012/03/08 04:13:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2012/03/08 04:13:57 | 000,114,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\admparse.dll
[2012/03/08 04:13:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2012/03/08 04:13:57 | 000,103,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2012/03/08 04:13:57 | 000,096,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/03/08 04:13:57 | 000,091,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2012/03/08 04:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2012/03/08 04:13:57 | 000,085,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2012/03/08 04:13:57 | 000,082,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2012/03/08 04:13:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2012/03/08 04:13:57 | 000,072,822 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2012/03/08 04:13:57 | 000,065,024 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2012/03/08 04:13:57 | 000,049,664 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2012/03/08 04:13:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2012/03/08 04:13:57 | 000,039,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2012/03/08 04:13:57 | 000,030,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2012/03/08 04:13:57 | 000,012,288 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2012/03/08 04:13:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2012/03/08 04:12:42 | 004,068,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mf.dll
[2012/03/08 04:12:42 | 003,181,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mf.dll
[2012/03/08 04:12:42 | 001,888,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WMVDECOD.DLL
[2012/03/08 04:12:42 | 001,863,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ExplorerFrame.dll
[2012/03/08 04:12:42 | 001,837,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2012/03/08 04:12:42 | 001,619,456 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/08 04:12:42 | 001,540,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/08 04:12:42 | 001,495,040 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/08 04:12:42 | 001,170,944 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2012/03/08 04:12:42 | 001,074,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/08 04:12:42 | 000,902,656 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2012/03/08 04:12:42 | 000,739,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2012/03/08 04:12:42 | 000,662,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2012/03/08 04:12:42 | 000,470,016 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2012/03/08 04:12:42 | 000,442,880 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2012/03/08 04:12:42 | 000,320,512 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2012/03/08 04:12:42 | 000,283,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/08 04:12:42 | 000,265,088 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2012/03/08 04:12:42 | 000,257,024 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mfreadwrite.dll
[2012/03/08 04:12:42 | 000,229,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsRasterService.dll
[2012/03/08 04:12:42 | 000,218,624 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2012/03/08 04:12:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mfps.dll
[2012/03/08 04:12:42 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2012/03/08 04:12:42 | 000,196,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mfreadwrite.dll
[2012/03/08 04:12:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2012/03/08 04:12:42 | 000,144,384 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2012/03/08 04:12:42 | 000,135,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsRasterService.dll
[2012/02/17 15:35:23 | 000,451,184 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/02/17 08:44:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
========== Files Created - No Company Name ==========
 
[2012/03/11 17:49:18 | 353,352,587 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2012/03/08 04:13:58 | 000,072,822 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2012/03/08 04:13:57 | 000,072,822 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2010/08/25 14:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 14:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 14:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll
[2010/07/29 12:21:18 | 000,000,000 | ---- | C] () -- D:\Windows\EEventManager.INI
[2010/07/29 11:32:34 | 000,111,932 | ---- | C] () -- D:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/07/29 11:32:34 | 000,031,053 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern131.dat
[2010/07/29 11:32:34 | 000,027,417 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern121.dat
[2010/07/29 11:32:34 | 000,026,154 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern1.dat
[2010/07/29 11:32:34 | 000,024,903 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern3.dat
[2010/07/29 11:32:34 | 000,021,390 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern5.dat
[2010/07/29 11:32:34 | 000,020,148 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern2.dat
[2010/07/29 11:32:34 | 000,011,811 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern4.dat
[2010/07/29 11:32:34 | 000,004,943 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern6.dat
[2010/07/29 11:32:34 | 000,001,146 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/07/29 11:32:34 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/07/29 11:32:34 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/07/29 11:32:34 | 000,001,136 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/07/29 11:32:34 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/07/29 11:32:34 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/07/29 11:32:34 | 000,001,120 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/07/29 11:32:34 | 000,001,107 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/07/29 11:32:34 | 000,001,104 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/07/29 11:32:34 | 000,000,097 | ---- | C] () -- D:\Windows\SysWow64\PICSDK.ini
[2010/07/15 12:11:55 | 000,000,000 | ---- | C] () -- D:\Users\Acer\AppData\Roaming\wklnhst.dat
[2010/02/23 01:12:54 | 000,626,688 | ---- | C] () -- D:\Windows\Image.dll
[2010/02/23 01:12:54 | 000,200,704 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/02/23 01:12:54 | 000,020,480 | ---- | C] () -- D:\Windows\USB_VIDEO_REG.exe
[2009/11/02 23:38:38 | 000,000,000 | ---- | C] () -- D:\Windows\SETUP.INI
[2009/11/02 23:30:26 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/06/25 15:30:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/07/20 14:54:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Arcade Lab
[2012/01/25 15:22:45 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/06/25 15:30:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2009/11/03 00:06:18 | 000,000,000 | ---D | M] -- D:\ProgramData\eMachines
[2010/07/29 11:39:00 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2010/06/25 15:30:54 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/07/29 07:50:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Friends Games
[2010/06/25 15:31:47 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2010/07/23 03:28:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/06/25 15:30:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/07/20 15:36:54 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/07/29 11:37:45 | 000,000,000 | ---D | M] -- D:\ProgramData\UDL
[2010/06/25 15:30:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/12/20 12:24:53 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/06/25 15:33:15 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2010/02/23 01:37:23 | 000,000,000 | -H-D | M] -- D:\AcerSW
[2010/02/23 01:11:13 | 000,000,000 | ---D | M] -- D:\book
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2010/06/25 15:30:54 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011/09/21 13:57:02 | 000,000,000 | R--D | M] -- D:\Eigene Bilder
[2011/04/04 10:52:03 | 000,000,000 | R--D | M] -- D:\Eigene Musik
[2009/11/02 23:39:42 | 000,000,000 | ---D | M] -- D:\Intel
[2012/02/14 11:43:41 | 000,000,000 | ---D | M] -- D:\Lisi
[2009/11/02 23:59:35 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2010/06/25 15:33:03 | 000,000,000 | -H-D | M] -- D:\OEM
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2010/07/02 10:17:41 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/01/25 15:44:30 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2012/01/25 15:18:38 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2010/06/25 15:30:55 | 000,000,000 | -HSD | M] -- D:\Programme
[2010/06/25 15:30:56 | 000,000,000 | -HSD | M] -- D:\Recovery
[2012/03/12 11:15:19 | 000,000,000 | ---D | M] -- D:\Sophie
[2012/03/13 06:47:30 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2010/06/25 15:31:23 | 000,000,000 | R--D | M] -- D:\Users
[2010/07/29 17:38:19 | 000,000,000 | ---D | M] -- D:\Video
[2012/03/13 06:55:49 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 15:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- D:\Windows\System32\drivers\iaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\System32\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> D:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 132 bytes -> D:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 131 bytes -> D:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:444C53BA
@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:AB689DEA
< End of report >

Danke & lg
Kurt

markusg · 13.03.2012, 21:34

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Acer_ON_D..\Run: [K3aRyluP6SiCkoR] D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Acer_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Acer_ON_D Winlogon: Shell - (C:\Users\Acer\AppData\Roaming\flint4ytw.exe) - D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp., Veritas
Software)
O20 - HKU\Acer_ON_D Winlogon: UserInit - (C:\Users\Acer\AppData\Roaming\flint4ytw.exe) - D:\Users\Acer\AppData\Roaming\flint4ytw.exe (Microsoft Corp.,
Veritas Software)
:Files
D:\Users\Acer\AppData\Roaming\flint4ytw.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

edit, bei dir evtl. d:

kingk · 13.03.2012, 21:56

Danke hat funktioniert, hab auch das File upgeloaded.

lg
Kurt

markusg · 14.03.2012, 12:18

danke

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

kingk · 19.03.2012, 23:21

Sorry, war die letzten Tage verreist. Hier der Combfix.txt Inhalt:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-18.04 - Acer 19.03.2012  23:42:28.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3002.1924 [GMT 1:00]
ausgeführt von:: c:\users\Acer\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\emachines.ico
c:\users\Acer\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-19 bis 2012-03-19  ))))))))))))))))))))))))))))))
.
.
2012-03-19 22:53 . 2012-03-19 22:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-16 15:02 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B88245C9-E9B1-45EE-A328-34A4674B8A51}\mpengine.dll
2012-03-14 15:52 . 2012-02-03 04:16	3143168	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 15:52 . 2012-02-10 05:41	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-03-14 15:52 . 2012-02-10 06:18	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 15:52 . 2012-02-10 06:17	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 15:52 . 2012-02-10 06:17	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 15:52 . 2012-02-10 06:17	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 15:52 . 2012-02-10 06:17	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 15:52 . 2012-02-10 05:41	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 15:52 . 2012-02-10 05:41	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 15:52 . 2012-02-10 05:41	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-03-14 15:52 . 2012-02-10 05:41	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-03-14 15:50 . 2012-01-25 06:27	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 15:50 . 2012-01-25 06:27	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:50 . 2012-01-25 06:20	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:50 . 2012-02-15 06:27	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 15:50 . 2012-02-15 05:44	826368	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:50 . 2012-02-15 04:47	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:50 . 2012-02-15 04:46	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 03:44 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-03-08 08:20 . 2012-03-08 08:20	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-03-08 08:20 . 2012-03-08 08:20	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-03-08 08:12 . 2012-03-08 08:12	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-07-01 07:37	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-25 19:40 . 2012-01-25 19:40	472576	----a-w-	c:\windows\AutoKMS.exe
2011-12-28 03:59 . 2012-02-15 17:58	499200	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100728.001\IDSvia64.sys [2010-06-04 463408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 11:34]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 11:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g725&r=273606101605l04e4z115r44i2560p
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{17C6F4FD-8927-422E-A629-788E3084A1BE}: DhcpNameServer = 10.0.0.138
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-K3aRyluP6SiCkoR - c:\users\Acer\AppData\Roaming\flint4ytw.exe
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-20  00:11:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-19 23:11
.
Vor Suchlauf: 13 Verzeichnis(se), 229.920.772.096 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 229.901.062.144 Bytes frei
.
- - End Of File - - 6E177D42EEFBB7BBB413C8F8D7915429

--- --- ---

markusg · 20.03.2012, 12:18

bis wir fertig sind, wird ausschließlich auf den für die reinigung nötigen seiten gearbeitet.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

kingk · 20.03.2012, 21:56

Schaut aus als wäre der PC clean. Danke.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [Administrator]

20.03.2012 22:02:36
mbam-log-2012-03-20 (22-02-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351596
Laufzeit: 46 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg · 21.03.2012, 11:46

nein, fertig sind wir nicht.
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
wenn fertig, bitte melden.

kingk · 22.03.2012, 08:26

Erledigt. Nach gefühlten 37 Update-Durchgängen bin ich am neuesten Stand.

markusg · 22.03.2012, 10:50

jo, hättest regelmäßige updates eingestellt wäre das nicht so viel gewesen :-)
und vor allem ist das nen guter anfang, um infektionen zu vermeiden.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

kingk · 22.03.2012, 20:54

ok, das ist der laptop von meiner schwester. hab mal versucht das zu bewerten:

ABBYY FineReader 6.0 Sprint ABBYY Software House 28.07.2010 119,5MB 6.00.1395.4512 unbekannt
Acrobat.com Adobe Systems Incorporated 01.11.2009 1,61MB 1.6.65 unnötig
Adobe AIR Adobe Systems Inc. 16.03.2011 2.5.1.17730 unnötig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 31.05.2011 6,00MB 10.3.181.16 notwendig
Adobe Reader 9.2 MUI Adobe Systems Incorporated 07.10.2010 695MB 9.2.0 notwendig
Alice Greenfingers Oberon Media 22.02.2010 unnötig
ALPS Touch Pad Driver Alps Electric 22.02.2010 Version 7.102.2002.208 unbekannt
Amazonia Oberon Media 22.02.2010 unbekannt
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 01.11.2009 1.0.0.10 unbekannt
CCleaner Piriform 21.03.2012 3.16 unbekannt
Chicken Invaders 2 Oberon Media 22.02.2010 unnötig
Compatibility Pack für 2007 Office System Microsoft Corporation 15.03.2012 154,3MB 12.0.6612.1000 unnötig
Dairy Dash Oberon Media 22.02.2010 unbekannt
Dream Day First Home Oberon Media 22.02.2010 unnötig
eBay Worldwide OEM 24.06.2010 100,00KB 2.1.0901 unnötig
eMachines GameZone Console Oberon Media, Inc. 01.11.2009 5.1.1.3 unbekannt
eMachines Power Management Acer Incorporated 01.11.2009 4.05.3004 unbekannt
eMachines Recovery Management Acer Incorporated 01.11.2009 4.05.3006 unbekannt
eMachines Registration Acer Incorporated 22.02.2010 1.02.3006 unbekannt
eMachines ScreenSaver eMachines Incorporated 22.02.2010 1.2.0805 unbekannt
eMachines Updater Acer Incorporated 01.11.2009 1.01.3017 unbekannt
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 28.07.2010 2.1.0.0 unbekannt
Epson Event Manager SEIKO EPSON Corporation 28.07.2010 2.20.00 unbekannt
EPSON Scan 28.07.2010 unbekannt
Epson Stylus SX210_SX410_TX210_TX410 Handbuch 28.07.2010 unnötig
EPSON SX210 Series Printer Uninstall SEIKO EPSON Corporation 28.07.2010 unbekannt
Farm Frenzy 2 Oberon Media 22.02.2010 unnötig
First Class Flurry Oberon Media 22.02.2010 unnötig
Google Chrome Google Inc. 21.03.2012 17.0.963.83 notwendig
Google Toolbar for Internet Explorer Google Inc. 20.03.2012 7.3.2710.138 unnötig
Granny In Paradise Oberon Media 22.02.2010 unnötig
Heroes of Hellas Oberon Media 22.02.2010 unnötig
Identity Card Acer Incorporated 22.02.2010 1.00.3003 unbekannt
Intel(R) Graphics Media Accelerator Driver Intel Corporation 21.03.2012 54,3MB 8.15.10.1892 unbekannt
Intel® Matrix Storage Manager Intel Corporation 22.02.2010 unbekannt
Java(TM) 6 Update 23 Sun Microsystems, Inc. 13.09.2010 97,2MB 6.0.230 notwendig
Launch Manager eMachines 22.02.2010 3.0.02 unbekannt
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 19.03.2012 17,4MB 1.60.1.1000 unbekannt
Merriam Websters Spell Jam Oberon Media 22.02.2010 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.03.2012 38,8MB 4.0.30319 unbekannt
Microsoft IntelliPoint 8.2 Microsoft Corporation 21.03.2012 8.20.468.0 unbekannt
Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 15.03.2012 12.0.6612.1000 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.03.2012 17,9MB 12.0.6612.1000 unbekannt
Microsoft Office Professional Plus 2010 Microsoft Corporation 26.01.2012 14.0.6029.1000 notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 01.11.2009 8,37MB 2.9 unbekannt
Microsoft Silverlight Microsoft Corporation 16.02.2012 208MB 4.1.10111.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.02.2010 1,72MB 3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 15.07.2010 0,25MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 15.07.2010 0,24MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 0,29MB 8.0.61001 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 18.06.2011 0,56MB 8.0.61000 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 14.09.2010 0,21MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 13.09.2010 2,52MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.06.2011 0,77MB 9.0.30729.6161 unbekannt
Microsoft Works Microsoft Corporation 15.12.2010 1.043MB 9.7.0621 unnötig
Norton Internet Security Symantec Corporation 11.10.2011 16.8.3.6 unnötig
Norton Online Backup Symantec 01.11.2009 2,09MB 1.2.0.36 unnötig
NTI Backup Now 5 NewTech Infosystems 01.11.2009 466MB 5.1.2.627 unbekannt
NTI Media Maker 8 NewTech Infosystems 01.11.2009 766MB 8.0.12.6623 unbekannt
OpenOffice.org 3.2 OpenOffice.org 13.09.2010 380MB 3.2.9502 unnötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.11.2009 6.0.1.5904 notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 01.11.2009 6.1.7600.30104 notwendig
simfy simfy GmbH 16.03.2011 1.3.6 notwendig
Video Web Camera SuYin 22.02.2010 5.1.0.1 notwendig
VLC media player 1.1.7 VideoLAN 16.03.2011 1.1.7 notwendig
Welcome Center Acer Incorporated 22.02.2010 1.00.3009 unnötig
Windows Live Anmelde-Assistent Microsoft Corporation 22.02.2010 1,94MB 5.000.818.5 unnötig
Windows Live Essentials Microsoft Corporation 22.02.2010 14.0.8089.0726unnötig
Windows Live Sync Microsoft Corporation 22.02.2010 2,79MB 14.0.8089.726 unnötig
Windows Live-Uploadtool Microsoft Corporation 22.02.2010 0,22MB 14.0.8014.1029 unnötig

markusg · 22.03.2012, 20:55

frag doch einfach deine schwester, poste die liste dann überarbeitet.

kingk · 24.03.2012, 11:53

ok, habe es mit meiner Schwester geklärt. Ist nun doch einiges anders:

ABBYY FineReader 6.0 Sprint ABBYY Software House 28.07.2010 119,5MB 6.00.1395.4512 unbekannt
Acrobat.com Adobe Systems Incorporated 01.11.2009 1,61MB 1.6.65 unnötig
Adobe AIR Adobe Systems Inc. 16.03.2011 2.5.1.17730 unnötig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 31.05.2011 6,00MB 10.3.181.16 notwendig
Adobe Reader 9.2 MUI Adobe Systems Incorporated 07.10.2010 695MB 9.2.0 notwendig
Alice Greenfingers Oberon Media 22.02.2010 unnötig
ALPS Touch Pad Driver Alps Electric 22.02.2010 Version 7.102.2002.208 notwendig
Amazonia Oberon Media 22.02.2010 unnötig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 01.11.2009 1.0.0.10 unbekannt
CCleaner Piriform 21.03.2012 3.16 notwendig
Chicken Invaders 2 Oberon Media 22.02.2010 unnötig
Compatibility Pack für 2007 Office System Microsoft Corporation 15.03.2012 154,3MB 12.0.6612.1000 notwendig
Dairy Dash Oberon Media 22.02.2010 unnötig
Dream Day First Home Oberon Media 22.02.2010 unnötig
eBay Worldwide OEM 24.06.2010 100,00KB 2.1.0901 unnötig
eMachines GameZone Console Oberon Media, Inc. 01.11.2009 5.1.1.3 unnötig
eMachines Power Management Acer Incorporated 01.11.2009 4.05.3004 notwendig
eMachines Recovery Management Acer Incorporated 01.11.2009 4.05.3006 notwendig
eMachines Registration Acer Incorporated 22.02.2010 1.02.3006 unnötig
eMachines ScreenSaver eMachines Incorporated 22.02.2010 1.2.0805 unnötig
eMachines Updater Acer Incorporated 01.11.2009 1.01.3017 notwendig
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 28.07.2010 2.1.0.0 notwendig
Epson Event Manager SEIKO EPSON Corporation 28.07.2010 2.20.00 notwendig
EPSON Scan 28.07.2010 notwendig
Epson Stylus SX210_SX410_TX210_TX410 Handbuch 28.07.2010 notwendig
EPSON SX210 Series Printer Uninstall SEIKO EPSON Corporation 28.07.2010 notwendig
Farm Frenzy 2 Oberon Media 22.02.2010 unnötig
First Class Flurry Oberon Media 22.02.2010 unnötig
Google Chrome Google Inc. 21.03.2012 17.0.963.83 notwendig
Google Toolbar for Internet Explorer Google Inc. 20.03.2012 7.3.2710.138 notwendig
Granny In Paradise Oberon Media 22.02.2010 unnötig
Heroes of Hellas Oberon Media 22.02.2010 unnötig
Identity Card Acer Incorporated 22.02.2010 1.00.3003 unbekannt
Intel(R) Graphics Media Accelerator Driver Intel Corporation 21.03.2012 54,3MB 8.15.10.1892 unbekannt
Intel® Matrix Storage Manager Intel Corporation 22.02.2010 unbekannt
Java(TM) 6 Update 23 Sun Microsystems, Inc. 13.09.2010 97,2MB 6.0.230 notwendig
Launch Manager eMachines 22.02.2010 3.0.02 notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 19.03.2012 17,4MB 1.60.1.1000 notwendig
Merriam Websters Spell Jam Oberon Media 22.02.2010 unnötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.03.2012 38,8MB 4.0.30319 notwendig
Microsoft IntelliPoint 8.2 Microsoft Corporation 21.03.2012 8.20.468.0 notwendig
Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 15.03.2012 12.0.6612.1000 notwendig
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.03.2012 17,9MB 12.0.6612.1000 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 26.01.2012 14.0.6029.1000 notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 01.11.2009 8,37MB 2.9 notwendig
Microsoft Silverlight Microsoft Corporation 16.02.2012 208MB 4.1.10111.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.02.2010 1,72MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 15.07.2010 0,25MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 15.07.2010 0,24MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 0,29MB 8.0.61001 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 18.06.2011 0,56MB 8.0.61000 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 14.09.2010 0,21MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 13.09.2010 2,52MB 9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.06.2011 0,77MB 9.0.30729.6161 notwendig
Microsoft Works Microsoft Corporation 15.12.2010 1.043MB 9.7.0621 unnötig
Norton Internet Security Symantec Corporation 11.10.2011 16.8.3.6 unnötig
Norton Online Backup Symantec 01.11.2009 2,09MB 1.2.0.36 unnötig
NTI Backup Now 5 NewTech Infosystems 01.11.2009 466MB 5.1.2.627 unbekannt
NTI Media Maker 8 NewTech Infosystems 01.11.2009 766MB 8.0.12.6623 unbekannt
OpenOffice.org 3.2 OpenOffice.org 13.09.2010 380MB 3.2.9502 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.11.2009 6.0.1.5904 notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 01.11.2009 6.1.7600.30104 notwendig
simfy simfy GmbH 16.03.2011 1.3.6 unbekannt
Video Web Camera SuYin 22.02.2010 5.1.0.1 notwendig
VLC media player 1.1.7 VideoLAN 16.03.2011 1.1.7 notwendig
Welcome Center Acer Incorporated 22.02.2010 1.00.3009 unnötig
Windows Live Anmelde-Assistent Microsoft Corporation 22.02.2010 1,94MB 5.000.818.5 unnötig
Windows Live Essentials Microsoft Corporation 22.02.2010 14.0.8089.0726unnötig
Windows Live Sync Microsoft Corporation 22.02.2010 2,79MB 14.0.8089.726 unnötig
Windows Live-Uploadtool Microsoft Corporation 22.02.2010 0,22MB 14.0.8014.1029 unnötig

markusg · 24.03.2012, 16:33

deinstaliere:
ABBYY
Acrobat.com
Adobe AIR
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Alice
Amazonia
Chicken
Dairy
Dream Day
eBay
Farm Frenzy
First Class
Google Toolbar
Granny
Heroes
Java
Download der kostenlosen Java-Software
downloade java jre, instaliren.

deinstaliere:
Merriam
Norton : beide
NTI : beide
Windows Live alle die du nicht nutzt.
öffne CCleaner analysieren CCleaner starten.
pc neustarten, testen wie das system läuft

kingk · 26.03.2012, 20:00

hab ich gemacht, schaut alles gut aus.

danke & lg kurt

22.03.2012, 20:55	#12
markusg /// Malware-holic	Habe auch den AKM Trojaner frag doch einfach deine schwester, poste die liste dann überarbeitet. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Habe auch den AKM Trojaner

Log-Analyse und Auswertung: Habe auch den AKM Trojaner