Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: UKash Windows Security Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 30.03.2012, 13:43   #1
webcollector
 
UKash Windows Security Trojaner - Standard

UKash Windows Security Trojaner



Hallo Gemeinde, wie bei der Vielzahl von anderen Usern hat es mich auch erwischt (zum 2-ten Mal). Beim ersten Mal vor zwei Wochen hatte ich den BKA-Trojaner mit der gleichen Aufforderung 100 € zu zahlen, hab den Rechner im abgesicherten Modus neugestartet, unter Autostart auffällige EXE-Datei mit vielen zahlen gelöscht und da wa Ruhe. Heute das gleiche Prinzip nur unter anderen Umständen: angeblich illegale Windoof Version und darum Aufforderung von 100 €. Hab im abgesichertem Modus gestartet, mit dem OTL Tool und dem Script von euch den Quick Scan durchgeführt, wie es in der Anleitung stand, die TXT-Dateien hefte ich euch an. Danke schon mal im Vorraus

Grüße webcollectorOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.03.2012 14:21:58 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\install\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,39 Gb Available Physical Memory | 84,90% Memory free
7,99 Gb Paging File | 7,41 Gb Available in Paging File | 92,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 14,76 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 14,99 Gb Free Space | 76,73% Space Free | Partition Type: NTFS
Drive E: | 397,39 Gb Total Space | 257,52 Gb Free Space | 64,80% Space Free | Partition Type: NTFS
Drive H: | 0,96 Mb Total Space | 0,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT
Drive I: | 1,82 Gb Total Space | 1,80 Gb Free Space | 98,82% Space Free | Partition Type: FAT32
 
Computer Name: PC | User Name: install | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2011.12.11 20:17:19 | 001,768,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2011.07.25 23:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 23:41:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.03.04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.11 22:25:43 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.25 23:41:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.25 23:41:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.11 15:56:34 | 000,057,424 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.05.11 15:56:26 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.04 03:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011.03.04 03:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.12.07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.10 00:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009.09.25 16:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.09.25 16:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {73AE0EAB-5680-456d-9FF1-97103CEA3839}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45156678-551C-455a-A717-95AB3653AB9F}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{73AE0EAB-5680-456d-9FF1-97103CEA3839}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins
 
[2011.07.25 23:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Extensions
[2011.07.27 15:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Firefox\Profiles\71zsfnsc.default\extensions
 
O1 HOSTS File: ([2011.09.21 20:55:43 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll (Wi2Geo)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [LWS] E:\Logitech WebCam\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MAgent] E:\MailAgent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\install\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\install\AppData\Local\Temp\mor.exe (fbnF)
O4 - Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\install\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05FA07F0-B0A2-4DFD-941D-6B134BC56818}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell - "" = AutoRun
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 14:16:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
[2012.03.30 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\install\Desktop\links
[2012.03.22 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.22 21:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.22 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.03.18 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\DeepBurner
[2012.03.18 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner
[2012.03.17 16:16:44 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\Bewerbung
[2012.03.10 20:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSVideoBurner
[2012.03.10 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.03.10 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.03.10 16:40:28 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\AVS4YOU
[2012.03.10 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.03.10 16:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.03.10 16:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.03.09 23:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012.03.09 22:29:49 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.03.09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Local\Diagnostics
[2012.03.03 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\BFBC2
[2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Ubisoft
[2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.03.03 16:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 14:13:51 | 001,740,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 14:13:51 | 000,748,932 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 14:13:51 | 000,694,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 14:13:51 | 000,165,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 14:13:51 | 000,134,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 14:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 14:09:39 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
[2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 17:27:06 | 000,022,466 | ---- | M] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt
[2012.03.25 17:49:48 | 001,693,400 | ---- | M] () -- C:\Users\install\Documents\ANJ2.jpg
[2012.03.23 14:48:46 | 004,992,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.22 21:35:55 | 000,000,754 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.03.20 20:12:16 | 000,030,574 | ---- | M] () -- C:\Users\install\Documents\Debatte Komplett.odt
[2012.03.18 17:42:07 | 000,000,540 | ---- | M] () -- C:\Users\install\Desktop\DeepBurner.lnk
[2012.03.18 17:25:21 | 000,012,911 | ---- | M] () -- C:\Users\install\Documents\Deutsch Debatte.odt
[2012.03.17 16:12:20 | 005,895,632 | ---- | M] () -- C:\Users\install\Documents\e.pdf
[2012.03.17 16:02:04 | 000,382,987 | ---- | M] () -- C:\Users\install\Documents\f.pdf
[2012.03.15 16:16:32 | 001,070,924 | ---- | M] () -- C:\Users\install\Documents\J.jpg
[2012.03.15 16:13:30 | 001,283,479 | ---- | M] () -- C:\Users\install\Documents\ef.jpg
[2012.03.15 16:10:36 | 001,681,964 | ---- | M] () -- C:\Users\install\Documents\4_2.jpg
[2012.03.15 16:08:59 | 002,304,696 | ---- | M] () -- C:\Users\install\Documents\4_1.jpg
[2012.03.15 16:07:16 | 002,364,941 | ---- | M] () -- C:\Users\install\Documents\3.jpg
[2012.03.15 16:05:36 | 002,250,248 | ---- | M] () -- C:\Users\install\Documents\2.jpg
[2012.03.15 16:03:46 | 002,146,404 | ---- | M] () -- C:\Users\install\Documents\1.jpg
[2012.03.15 15:59:37 | 001,083,003 | ---- | M] () -- C:\Users\install\Documents\ung.jpg
[2012.03.15 15:56:06 | 002,347,949 | ---- | M] () -- C:\Users\install\Documents\s.jpg
[2012.03.11 20:19:55 | 000,027,838 | ---- | M] () -- C:\Users\install\Documents\Debatte.odt
[2012.03.10 20:45:37 | 000,001,294 | ---- | M] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk
[2012.03.10 20:45:20 | 000,000,629 | ---- | M] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk
[2012.03.10 02:34:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.10 02:34:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.03.09 22:29:49 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.03.29 17:19:53 | 000,022,466 | ---- | C] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt
[2012.03.20 18:41:40 | 000,030,574 | ---- | C] () -- C:\Users\install\Documents\Debatte Komplett.odt
[2012.03.18 17:42:07 | 000,000,540 | ---- | C] () -- C:\Users\install\Desktop\DeepBurner.lnk
[2012.03.18 17:20:55 | 000,012,911 | ---- | C] () -- C:\Users\install\Documents\Deutsch Debatte.odt
[2012.03.17 16:12:20 | 005,895,632 | ---- | C] () -- C:\Users\install\Documents\e.pdf
[2012.03.17 16:02:02 | 000,382,987 | ---- | C] () -- C:\Users\install\Documents\ief.pdf
[2012.03.15 21:25:16 | 001,693,400 | ---- | C] () -- C:\Users\install\Documents\2.jpg
[2012.03.15 16:16:32 | 001,070,924 | ---- | C] () -- C:\Users\install\Documents\.jpg
[2012.03.15 16:13:29 | 001,283,479 | ---- | C] () -- C:\Users\install\Documents\jpg
[2012.03.15 16:10:36 | 001,681,964 | ---- | C] () -- C:\Users\install\Documents\gnis 4_2.jpg
[2012.03.15 16:08:58 | 002,304,696 | ---- | C] () -- C:\Users\install\Documents\is 4_1.jpg
[2012.03.15 16:07:15 | 002,364,941 | ---- | C] () -- C:\Users\install\Documents\gnis 3.jpg
[2012.03.15 16:05:35 | 002,250,248 | ---- | C] () -- C:\Users\install\Documents\gnis 2.jpg
[2012.03.15 16:03:45 | 002,146,404 | ---- | C] () -- C:\Users\install\Documents\gnis 1.jpg
[2012.03.15 15:59:37 | 001,083,003 | ---- | C] () -- C:\Users\install\Documents\ng.jpg
[2012.03.15 15:56:06 | 002,347,949 | ---- | C] () -- C:\Users\install\Documents\gnis.jpg
[2012.03.11 20:15:20 | 000,027,838 | ---- | C] () -- C:\Users\install\Documents\Debatte.odt
[2012.03.10 20:45:37 | 000,001,294 | ---- | C] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk
[2012.03.10 20:45:20 | 000,000,629 | ---- | C] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk
[2012.03.10 02:34:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.10 02:34:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.09 16:30:20 | 000,003,584 | ---- | C] () -- C:\Users\install\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.24 21:54:36 | 001,626,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.20 21:27:27 | 011,516,718 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe
[2011.09.21 20:55:41 | 000,000,754 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\Users\install\AppData\Roaming\msregsvv.dll
[2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.07.26 14:43:12 | 000,000,235 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.07.26 14:41:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011.07.26 14:41:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011.07.26 14:41:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011.07.26 14:41:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011.07.26 14:41:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011.07.26 14:41:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011.07.26 14:41:57 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011.07.26 14:41:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011.07.26 14:41:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011.07.26 14:41:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011.07.26 14:41:57 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011.07.26 14:41:57 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011.07.26 14:41:57 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011.07.26 14:41:57 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011.07.26 14:41:57 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011.07.26 14:41:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011.07.26 14:41:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011.07.25 22:59:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.25 22:56:00 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.25 22:45:03 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.25 22:45:03 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.25 22:39:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.04 03:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.03.04 03:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.03.04 03:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
 
========== LOP Check ==========
 
[2012.02.02 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DAEMON Tools Lite
[2012.03.18 17:52:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DeepBurner
[2012.03.30 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Dropbox
[2012.03.28 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\ICQ
[2011.07.31 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\IK Multimedia
[2011.07.28 02:31:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Leadertech
[2011.12.21 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Mra
[2012.02.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\OpenOffice.org
[2011.11.01 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\pdfforge
[2011.07.26 02:29:45 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.02 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Steinberg
[2011.09.28 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\TeamViewer
[2012.03.03 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Ubisoft
[2012.03.10 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\uTorrent
[2012.02.15 11:56:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.25 22:37:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.25 23:25:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.26 14:40:43 | 000,000,000 | ---D | M] -- C:\drivers
[2011.12.24 21:53:39 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.07.25 22:41:37 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.05 14:45:39 | 000,000,000 | ---D | M] -- C:\meinfotoalbum_GesendeterAuftrag
[2011.07.26 21:06:07 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.03 16:26:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.22 21:34:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.10 20:56:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.30 12:39:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.15 16:16:20 | 000,000,000 | ---D | M] -- C:\temp
[2011.07.25 22:37:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.22 21:33:47 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.18 15:18:58 | 000,000,000 | ---D | M] -- C:\WindowsESD
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.30 14:23:59 | 002,359,296 | -HS- | M] () -- C:\Users\install\NTUSER.DAT
[2012.03.30 14:23:58 | 000,262,144 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG1
[2011.07.25 22:37:02 | 000,000,000 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG2
[2011.07.25 22:42:35 | 000,065,536 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.07.25 22:37:03 | 000,000,020 | -HS- | M] () -- C:\Users\install\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2011.12.24 22:08:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL
[2011.12.24 22:08:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL
[2011.12.05 22:08:56 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL
[2011.12.05 22:08:56 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL
[2011.11.30 21:47:32 | 000,000,059 | ---- | M] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL
[2011.11.30 21:47:32 | 000,000,059 | ---- | C] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL
[2011.11.29 22:19:00 | 000,000,061 | ---- | M] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL
[2011.11.29 22:19:00 | 000,000,061 | ---- | C] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL
[2011.11.29 21:52:02 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL
[2011.11.29 21:52:02 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL
[2011.11.21 22:06:47 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL
[2011.11.21 22:06:47 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL
[2011.11.20 00:27:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL
[2011.11.20 00:27:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL
[2011.10.28 21:59:42 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL
[2011.10.28 21:59:42 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL
[2011.09.21 16:11:08 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL
[2011.09.21 16:11:08 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL
[2011.09.01 23:18:29 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL
[2011.09.01 23:18:29 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL
[2011.08.22 10:07:14 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL
[2011.08.22 10:07:14 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL
[2011.08.09 20:34:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\‪Rammstein - Sehnsucht on bayan %))‬‏ - YouTube.URL
[2011.08.09 20:34:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\‪Rammstein - Sehnsucht on bayan %))‬‏ - YouTube.URL
[2011.08.08 16:15:42 | 000,000,000 | ---D | M](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента
[2011.08.08 16:15:42 | 000,000,000 | ---D | C](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента
[2011.07.29 03:48:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\‪Gnomus - Värgtimmen‬‏ - YouTube.URL
[2011.07.29 03:48:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\‪Gnomus - Värgtimmen‬‏ - YouTube.URL

< End of report >
         
--- --- ---

Geändert von webcollector (30.03.2012 um 14:01 Uhr)

 

Themen zu UKash Windows Security Trojaner
0x00000001, abgesicherten, anderen, anleitung, askbar, autostart, durchgeführt, erwischt, gelöscht, heute, illegale, lws.exe, modus, mor.exe, nvstor.sys, pando media booster, plug-in, rechner, required, scan, script, searchscopes, security, tool, trojane, trojaner, usb 3.0, usern, version, windoof, windows, woche, wochen, zahlen




Ähnliche Themen: UKash Windows Security Trojaner


  1. Windows Security Center UKash-Aufforderung
    Log-Analyse und Auswertung - 25.04.2012 (29)
  2. Windows Security Center 100€ Ukash oder paysafe
    Log-Analyse und Auswertung - 31.03.2012 (1)
  3. Windows Security Center Virus , Bezahlen mit Ukash und PSC , Betrug.
    Log-Analyse und Auswertung - 29.03.2012 (2)
  4. Windows Security Center Ukash Virus
    Log-Analyse und Auswertung - 29.03.2012 (1)
  5. Windows Security Center als Vollbild 100 € Ukash oder paysafe
    Log-Analyse und Auswertung - 23.03.2012 (12)
  6. windows security center - ukash zahlungsaufforderung - windows xp
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (10)
  7. Windows Security Center - PC gesperrt - 100 Euro bezahlen - Ukash
    Log-Analyse und Auswertung - 21.03.2012 (3)
  8. Ukash Windows Security Center Virus Wie Entfernen?
    Log-Analyse und Auswertung - 19.03.2012 (10)
  9. Windows Security Center Ukash Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (1)
  10. Windows Security Center - PC gesperrt - 100 Euro bezahlen - Ukash
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (11)
  11. Computer gesperrt! security center ukash virus! windows 7
    Log-Analyse und Auswertung - 15.03.2012 (3)
  12. Windows Security Center - 100€ ukash paysafe Trojaner
    Log-Analyse und Auswertung - 14.03.2012 (4)
  13. Windows Security (100 € Zahlen per Ukash oder Paysafecard)
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (1)
  14. Windows Security Center - PC gesperrt - 100 Euro bezahlen - Ukash
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (9)
  15. Computer gesperrt Windows Security Center 100 € Ukash
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (22)
  16. Windows Security Center - Ukash
    Log-Analyse und Auswertung - 08.02.2012 (37)
  17. Ukash Trojaner Windows Security Center Computer wurde gesperrt
    Log-Analyse und Auswertung - 29.01.2012 (7)

Zum Thema UKash Windows Security Trojaner - Hallo Gemeinde, wie bei der Vielzahl von anderen Usern hat es mich auch erwischt (zum 2-ten Mal). Beim ersten Mal vor zwei Wochen hatte ich den BKA-Trojaner mit der gleichen - UKash Windows Security Trojaner...

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:11 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: UKash Windows Security Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.