Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.03.2012, 13:32   #1
haudegen
 
Bundestrojaner - Standard

Bundestrojaner



Gruesse,

ich hab mir gestern den Bundestrojaner eingefangen.
Explorer gesperrt und es wird nur noch dieses Bild mit der Aufforderung zur Ueberweisung angezeigt.

Hier der Log von OTL.
Wird noch etwas benoetigt?

mfg haudegen

Code:
ATTFilter
OTL logfile created on: 3/22/2012 3:16:31 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 330.71 Gb Free Space | 35.51% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 35.11 Gb Free Space | 3.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/02/14 23:13:00 | 000,235,520 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/17 09:53:33 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 11:02:00 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto] -- D:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 11:01:52 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto] -- D:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 10:04:52 | 011,839,488 | ---- | M] () [On_Demand] -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/01/18 08:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto] -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/29 17:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto] -- D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/07/21 06:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/14 23:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/02/14 23:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 22:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 11:02:28 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 10:59:48 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 08:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 08:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/12/23 13:49:35 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/23 10:48:27 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/12 08:47:39 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/10/12 08:47:39 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/29 17:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/10 11:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/08 09:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/28 13:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/26 13:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/07/21 06:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 06:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/19 05:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/03/18 08:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 08:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 11:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 11:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 09:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 09:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/08/23 07:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 20:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/10/11 05:40:00 | 000,027,648 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV:64bit: - [2006/12/26 08:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/03/28 19:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/08/18 14:43:50 | 000,027,808 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2008/07/26 17:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand] -- D:\Users\Jensen\Desktop\OC\RealTemp_370\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2006/12/26 08:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C F1 06 50 75 9A CC 01  [binary data]
IE - HKU\Jensen_ON_D\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Reg Error: Key error. File not found
IE - HKU\Jensen_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: D:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.110.0: D:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0: D:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.96.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Jensen\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/25 15:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 08:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 10:01:31 | 000,000,000 | ---D | M]
 
[2011/08/24 09:05:16 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Extensions
[2012/03/15 15:27:51 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions
[2012/03/15 15:27:51 | 000,000,000 | ---D | M] (Flagfox) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/12/24 07:34:19 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/16 04:05:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\DeviceDetection@logitech.com
[2011/08/30 17:16:00 | 000,000,000 | ---D | M] (Facemoods) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\ffxtlbr@Facemoods.com
[2012/03/08 14:53:24 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2012/01/06 18:20:13 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/17 08:23:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/04 23:38:54 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/04 23:32:18 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:38:54 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/30 17:16:01 | 000,002,048 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/04 23:38:54 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 23:38:54 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 23:38:54 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/02/21 17:51:27 | 000,001,162 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 flashfxp.com 
O1 - Hosts: 127.0.0.1 flashfxp.org 
O1 - Hosts: 127.0.0.1 flashfxp.ws 
O1 - Hosts: 127.0.0.1 www.flashfxp.com 
O1 - Hosts: 127.0.0.1 www.flashfxp.org 
O1 - Hosts: 127.0.0.1 www.flashfxp.ws 
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net/verify.php 
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net 
O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com 
O1 - Hosts: 127.0.0.1 update.inicom.net 
O1 - Hosts: 127.0.0.1 update.flashfxp.com
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\Jensen_ON_D\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AutoShutdownManager]  File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\Jensen_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Jensen_ON_D..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Jensen_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe - Verknüpfung.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Jensen_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jensen_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{351e5517-d30b-11e0-a0aa-0022156a903d}\Shell - "" = AutoRun
O33 - MountPoints2\{351e5517-d30b-11e0-a0aa-0022156a903d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a9a25a27-f3f1-11e0-b2af-0022156a903d}\Shell - "" = AutoRun
O33 - MountPoints2\{a9a25a27-f3f1-11e0-b2af-0022156a903d}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/20 11:22:02 | 000,000,000 | ---D | C] -- D:\Poker
[2012/03/14 22:03:46 | 005,559,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/03/14 22:03:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 22:03:46 | 003,913,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 13:53:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/14 13:53:35 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/14 04:40:21 | 000,000,000 | ---D | C] -- D:\ProgramData\ATI
[2012/03/14 04:35:19 | 000,000,000 | ---D | C] -- D:\ProgramData\AMD
[2012/03/14 04:35:18 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AMD AVT
[2012/03/14 04:35:17 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AMD APP
[2012/03/14 04:35:06 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/14 04:31:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/14 04:31:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/14 04:31:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/14 04:31:20 | 001,112,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorets.dll
[2012/03/14 04:31:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/14 04:31:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/12 17:26:32 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\Bücher
[2012/03/12 12:58:04 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\dvdcss
[2012/03/11 22:01:00 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat
[2012/03/11 22:01:00 | 000,000,000 | ---D | C] -- D:\Windows\System32\Wat
[2012/03/10 02:42:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012/03/05 12:41:04 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\Natural Selection 2
[2012/03/04 08:48:40 | 000,063,088 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\vmx86.sys
[2012/03/04 08:48:12 | 000,354,416 | ---- | C] (VMware, Inc.) -- D:\Windows\SysWow64\vmnetdhcp.exe
[2012/03/04 08:48:11 | 000,433,264 | ---- | C] (VMware, Inc.) -- D:\Windows\SysWow64\vmnat.exe
[2012/03/04 08:48:10 | 000,030,320 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\vmnetuserif.sys
[2012/03/04 08:48:08 | 000,942,192 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\vnetlib64.dll
[2012/03/04 08:48:05 | 000,039,024 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\hcmon.sys
[2012/03/04 08:47:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/03/04 08:47:35 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\VMware
[2012/03/04 08:47:30 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\VMware
[2012/03/04 08:42:20 | 000,000,000 | ---D | C] -- D:\Windows\XSxS
[2012/03/04 08:42:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Xenocode
[2012/03/04 08:39:28 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Documents\Virtual Machines
[2012/03/04 08:16:59 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\Shared Virtual Machines
[2012/03/02 13:34:46 | 000,000,000 | -H-D | C] -- D:\ProgramData\CanonBJ
[2012/02/25 11:07:21 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\oscam-svn6451-mips-freetz-webif-libusb-Distribution
[2012/02/25 11:05:03 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\oscam
[2012/02/24 17:48:17 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eufloria
[2012/02/24 10:30:56 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Local\MooExt
[2012/02/24 10:29:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Diablo III Beta
[2012/02/24 10:29:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/02/24 10:29:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Battle.net
[2012/02/24 06:09:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/24 06:09:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Android
[2012/02/23 08:04:55 | 000,000,000 | ---D | C] -- D:\eclipse3.7
[2012/02/23 06:47:43 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Local\Eclipse
[2012/02/23 06:35:05 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\Java
[2012/02/23 06:33:08 | 000,000,000 | ---D | C] -- D:\Program Files\Oracle
[2012/02/23 06:32:35 | 000,750,488 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\npdeployJava1.dll
[2012/02/23 06:32:35 | 000,265,096 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/02/23 06:32:35 | 000,188,808 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/02/23 06:32:35 | 000,188,808 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/02/23 06:30:30 | 091,662,296 | ---- | C] (Oracle Corporation) -- D:\Users\Jensen\Desktop\jdk-7u3-windows-x64.exe
[2012/02/23 06:18:37 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Documents\Paradox Interactive
[2012/02/23 06:11:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/22 04:56:15 | 3220,475,904 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/21 21:08:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/21 20:43:50 | 000,012,608 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 20:43:50 | 000,012,608 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 20:40:36 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 20:38:23 | 000,001,059 | ---- | M] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk
[2012/03/21 20:28:01 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 11:49:20 | 000,660,382 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/21 11:49:20 | 000,621,658 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/21 11:49:20 | 000,132,280 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/21 11:49:20 | 000,108,504 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/20 11:22:06 | 000,000,721 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk
[2012/03/17 08:26:36 | 000,477,855 | ---- | M] () -- D:\Users\Jensen\Desktop\AudioCover.exe
[2012/03/16 16:47:04 | 000,277,662 | R--- | M] () -- D:\Users\Jensen\Documents\eDark Vlc.vlt
[2012/03/14 22:21:13 | 000,413,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/14 04:35:18 | 000,002,047 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 04:35:18 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/14 04:35:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/10 02:42:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012/03/05 14:34:17 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/05 12:19:56 | 000,000,186 | ---- | M] () -- D:\Users\Jensen\Desktop\Natural Selection 2.url
[2012/03/04 08:47:51 | 001,535,084 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/04 08:47:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/03/04 08:17:25 | 000,001,024 | ---- | M] () -- D:\.rnd
[2012/03/02 14:38:23 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/02 14:38:23 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/03/02 14:38:03 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/27 12:18:05 | 000,001,001 | ---- | M] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 17:41:35 | 109,087,511 | ---- | M] () -- D:\Users\Jensen\Desktop\E2.07.rar
[2012/02/24 06:09:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/23 07:59:07 | 424,451,841 | ---- | M] () -- D:\Users\Jensen\Desktop\eclipse3-7webtools.zip
[2012/02/23 07:35:19 | 020,933,759 | ---- | M] () -- D:\Users\Jensen\Desktop\mdt-uml2tools-SDK-incubation-0.9.0.zip
[2012/02/23 07:28:41 | 016,953,179 | ---- | M] () -- D:\Users\Jensen\Desktop\mdt-uml2-SDK-3.2.1.zip
[2012/02/23 06:32:32 | 000,188,808 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/02/23 06:32:32 | 000,188,808 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/02/23 06:30:57 | 091,662,296 | ---- | M] (Oracle Corporation) -- D:\Users\Jensen\Desktop\jdk-7u3-windows-x64.exe
[2012/02/23 06:11:09 | 000,001,637 | ---- | M] () -- D:\Users\Public\Desktop\Crusader Kings II.lnk
[2012/02/23 06:11:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[2012/02/21 17:58:37 | 000,021,128 | ---- | M] () -- D:\Users\Jensen\Desktop\fxp.ftp
 
========== Files Created - No Company Name ==========
 
[2012/03/21 20:38:23 | 000,001,059 | ---- | C] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk
[2012/03/20 11:22:06 | 000,000,721 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk
[2012/03/17 08:26:28 | 000,477,855 | ---- | C] () -- D:\Users\Jensen\Desktop\AudioCover.exe
[2012/03/16 16:47:13 | 000,277,662 | R--- | C] () -- D:\Users\Jensen\Documents\eDark Vlc.vlt
[2012/03/14 04:35:18 | 000,002,047 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/05 12:19:56 | 000,000,186 | ---- | C] () -- D:\Users\Jensen\Desktop\Natural Selection 2.url
[2012/02/24 17:23:37 | 109,087,511 | ---- | C] () -- D:\Users\Jensen\Desktop\E2.07.rar
[2012/02/23 07:55:04 | 424,451,841 | ---- | C] () -- D:\Users\Jensen\Desktop\eclipse3-7webtools.zip
[2012/02/23 07:35:13 | 020,933,759 | ---- | C] () -- D:\Users\Jensen\Desktop\mdt-uml2tools-SDK-incubation-0.9.0.zip
[2012/02/23 07:28:23 | 016,953,179 | ---- | C] () -- D:\Users\Jensen\Desktop\mdt-uml2-SDK-3.2.1.zip
[2012/02/23 06:11:09 | 000,001,637 | ---- | C] () -- D:\Users\Public\Desktop\Crusader Kings II.lnk
[2012/02/21 17:57:46 | 000,021,128 | ---- | C] () -- D:\Users\Jensen\Desktop\fxp.ftp
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat
[2012/02/14 17:05:16 | 000,054,784 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2012/02/09 04:52:00 | 000,000,000 | ---- | C] () -- D:\Windows\Bench32.INI
[2012/02/01 07:55:06 | 000,000,000 | ---- | C] () -- D:\Users\Jensen\AppData\Local\{706D02F1-D6DA-4473-A9E4-196E6B1B0764}
[2012/01/31 01:00:24 | 000,016,896 | ---- | C] () -- D:\Windows\SysWow64\kdbsdk32.dll
[2012/01/27 12:19:40 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2012/01/27 12:19:40 | 000,014,392 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2012/01/17 09:31:28 | 000,000,017 | ---- | C] () -- D:\Users\Jensen\AppData\Local\resmon.resmoncfg
[2011/12/30 09:28:14 | 000,000,113 | ---- | C] () -- D:\Windows\(null)toolkit.ini
[2011/12/02 12:45:52 | 000,282,864 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/12/02 12:45:45 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/11/01 06:34:18 | 000,139,432 | -H-- | C] () -- D:\Windows\SysWow64\mlfcache.dat
[2011/10/31 04:39:15 | 000,004,250 | ---- | C] () -- D:\Windows\Sandboxie.ini
[2011/10/25 16:21:34 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\OVDecoder.dll
[2011/10/08 17:15:37 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/09/20 09:18:29 | 001,535,084 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 03:08:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/09/09 12:58:09 | 000,002,394 | ---- | C] () -- D:\Users\Jensen\AppData\Roaming\default.rss
[2011/09/09 12:57:20 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini
[2011/09/03 06:52:20 | 000,000,039 | ---- | C] () -- D:\Windows\Irremote.ini
[2011/08/26 09:12:13 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/08/24 08:52:58 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/03/14 04:35:19 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2012/02/24 10:29:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/12/28 06:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2012/03/02 13:34:46 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/12/08 05:57:48 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/08/24 08:56:48 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/09/29 12:35:32 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/02/18 10:52:34 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2011/10/26 06:42:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2011/08/25 05:43:47 | 000,000,000 | ---D | M] -- D:\ProgramData\FlashFXP
[2011/09/29 12:10:25 | 000,000,000 | ---D | M] -- D:\ProgramData\FreeHideIP
[2011/10/14 15:54:36 | 000,000,000 | ---D | M] -- D:\ProgramData\IObit
[2011/10/27 13:25:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/03/05 19:08:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/10/15 13:15:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/03/15 12:38:52 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/09/14 03:07:40 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/08/31 08:53:19 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2012/01/25 08:02:53 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/09/14 03:07:39 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/01/27 03:36:51 | 000,000,000 | ---D | M] -- D:\AMD
[2011/08/24 09:29:06 | 000,000,000 | ---D | M] -- D:\ATI
[2011/08/24 08:56:48 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2012/03/22 13:26:24 | 000,000,000 | ---D | M] -- D:\Downloads
[2012/03/21 20:41:21 | 000,000,000 | R--D | M] -- D:\Dropbox
[2012/02/24 07:56:58 | 000,000,000 | ---D | M] -- D:\eclipse3.7
[2011/09/20 09:14:03 | 000,000,000 | ---D | M] -- D:\IDE
[2011/09/14 03:09:17 | 000,000,000 | ---D | M] -- D:\Intel
[2011/09/20 09:12:59 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2012/02/13 14:01:42 | 000,000,000 | ---D | M] -- D:\Musik
[2011/09/04 18:47:03 | 000,000,000 | ---D | M] -- D:\MyS2GApp
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2012/03/20 11:22:02 | 000,000,000 | ---D | M] -- D:\Poker
[2012/02/23 06:33:08 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/14 04:35:18 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2012/03/14 04:40:21 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\Programme
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011/10/31 04:57:45 | 000,000,000 | R--D | M] -- D:\Sandbox
[2012/03/10 02:42:28 | 000,000,000 | ---D | M] -- D:\spiele
[2012/03/20 04:58:10 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012/03/20 20:15:02 | 000,000,000 | ---D | M] -- D:\torrent
[2011/08/24 08:56:58 | 000,000,000 | R--D | M] -- D:\Users
[2012/03/21 20:48:37 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Files - Unicode (All) ==========
[2011/11/17 06:30:35 | 000,000,650 | ---- | M] ()(D:\Users\Jensen\AppData\Local\PMB Fik?s) -- D:\Users\Jensen\AppData\Local\PMB Fik聥s
[2011/11/17 06:30:35 | 000,000,650 | ---- | C] ()(D:\Users\Jensen\AppData\Local\PMB Fik?s) -- D:\Users\Jensen\AppData\Local\PMB Fik聥s
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:5A868D37
< End of report >
         

Alt 24.03.2012, 19:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - Standard

Bundestrojaner



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 24.03.2012, 20:44   #3
haudegen
 
Bundestrojaner - Standard

Bundestrojaner



Hi,

vielen Dank für die Antwort.
Ich habe mich etwas belesen und konnte den Trojaner selbst entfernen.
Problem hat sich somit erledigt.

mfg haudegen
__________________

Alt 25.03.2012, 14:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - Standard

Bundestrojaner



Du hast mit Sicherheit auch auf Rookits geprüft? Auch den MBR gecheckt?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bundestrojaner
adobe, alternate, antivir, avira, bho, conduit, defender, desktop, disabletaskmgr, error, firefox, format, gesperrt, google earth, helper, hotspot shield, langs, launch, log, logfile, microsoft, nvidia, nvstor.sys, object, pando media booster, plug-in, realtek, registry, rundll, scan, secure, software, usb, winlogon, winlogon.exe




Ähnliche Themen: Bundestrojaner


  1. Bundestrojaner auf 2.ten Pc
    Plagegeister aller Art und deren Bekämpfung - 26.06.2015 (18)
  2. Bundestrojaner ?
    Log-Analyse und Auswertung - 01.01.2015 (1)
  3. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  4. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (13)
  5. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (27)
  6. GVU Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (5)
  7. GVU - Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (15)
  8. Bundestrojaner
    Log-Analyse und Auswertung - 23.11.2012 (2)
  9. Bundestrojaner will 100€
    Log-Analyse und Auswertung - 21.11.2012 (34)
  10. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (13)
  11. Bundestrojaner
    Log-Analyse und Auswertung - 27.09.2012 (31)
  12. Bundestrojaner 1.13 :(
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (10)
  13. Bundestrojaner
    Log-Analyse und Auswertung - 09.09.2012 (2)
  14. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (1)
  15. Bundestrojaner
    Log-Analyse und Auswertung - 09.03.2012 (15)
  16. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (11)
  17. Bundestrojaner
    Log-Analyse und Auswertung - 14.02.2012 (22)

Zum Thema Bundestrojaner - Gruesse, ich hab mir gestern den Bundestrojaner eingefangen. Explorer gesperrt und es wird nur noch dieses Bild mit der Aufforderung zur Ueberweisung angezeigt. Hier der Log von OTL. Wird noch - Bundestrojaner...
Archiv
Du betrachtest: Bundestrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.