PC blockiert durch Verschluesselungstrojaner / was tun mit log files

jumper6

Liebe helfer,
mein pc ist gesperrt, die 50 euro will ich nicht zahlen. malwarebytes-antimaleware habe ich runtergeladen, komme ABER NICHT DRAN - DIE BOESE fahne ist schneller.

habe OTLPEN.exe auf CD gebrannt wie von euch beschrieben, damit jetzt PC gebootet und den scanner laufen lassen. was muss ich nun mit den logfiles tun?
wie beseitigt das programm die schaedlinge und wie werden meine dateien wieder lesbar??

ich bin anf'nger im Umgang mit so einem Forum und bitte um nachsicht.

HIER DIE LOGFILES

OTL logfile created on: 4/30/2012 5:51:19 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 9.77 Gb Total Space | 2.74 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
Drive D: | 139.27 Gb Total Space | 131.87 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/05/08 07:48:36 | 000,229,376 | ---- | M] () [Auto] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2005/04/06 10:03:28 | 000,110,592 | ---- | M] () [Auto] -- D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (massfilter)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HSPADataCardusbser)
DRV - File not found [Kernel | On_Demand] -- -- (HSPADataCardusbnmea)
DRV - File not found [Kernel | On_Demand] -- -- (HSPADataCardusbmdm)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ALLOW-IO)
DRV - [2010/04/09 10:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 05:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 06:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 05:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/12/08 06:31:22 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 04:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 04:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/02 16:58:51 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/06/26 04:15:00 | 000,262,912 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/06/14 05:41:58 | 004,429,312 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/31 04:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005/08/31 04:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/07/29 10:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/07/29 10:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 08:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 08:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 11:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 07:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2001/08/02 19:07:20 | 000,019,317 | ---- | M] (Walter Oney Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\filter.sys -- (filter)
DRV - [1999/05/20 00:05:18 | 000,005,824 | ---- | M] (PHD Computer Consultants Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DebugPrt.sys -- (DebugPrt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Besucher_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Besucher_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\Besucher_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/03/16 16:28:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/11/03 06:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012/01/31 07:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins

[2009/01/08 08:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Extensions
[2012/04/26 16:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\7lovjgwb.default\extensions
[2012/04/27 18:28:46 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7lovjgwb.default\searchplugins\locked-11-suche.xml.swjy
[2012/04/27 18:28:46 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7lovjgwb.default\searchplugins\locked-englische-ergebnisse.xml.otzo
[2012/04/27 18:28:46 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7lovjgwb.default\searchplugins\locked-gmx-suche.xml.ngan
[2012/04/27 18:28:46 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7lovjgwb.default\searchplugins\locked-lastminute.xml.zhrz
[2012/04/27 18:28:46 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7lovjgwb.default\searchplugins\locked-webde-suche.xml.ngan
File not found (No name found) --

O1 HOSTS File: ([2009/01/18 18:22:59 | 000,291,308 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10029 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [Tweak UI 1.33 deutsch] C:\WINDOWS\System32\TWEAKUI.CPL (Brummelchen@gmx.at)
O4 - HKU\Besitzer_ON_C..\Run: [44929E2A] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Fwrf\312D559544929E2A9413.exe (Pigna colada)
O4 - HKU\Besitzer_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Besitzer_ON_C..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Besucher_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = D:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Besucher_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 08:19:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0b546a6d-07d5-11e0-be6f-00508dbab4c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b546a6d-07d5-11e0-be6f-00508dbab4c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b546a6d-07d5-11e0-be6f-00508dbab4c9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0b546a71-07d5-11e0-be6f-00508dbab4c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0b546a71-07d5-11e0-be6f-00508dbab4c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b546a71-07d5-11e0-be6f-00508dbab4c9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0c7fb937-0c82-11e0-be71-00508dbab4c9}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7fb937-0c82-11e0-be71-00508dbab4c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c7fb937-0c82-11e0-be71-00508dbab4c9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk - D:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe - (IVT Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} -
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - Internet Explorer 6
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/28 16:41:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/28 14:09:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Besitzer\Recent
[2012/04/27 18:26:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Fwrf
[2012/04/27 18:25:52 | 000,065,536 | -H-- | C] (Pigna colada) -- C:\WINDOWS\System32\360BB89344929E2A38D9.exe
[2012/04/01 18:00:58 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Besitzer\Desktop\April 2012
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/28 14:13:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/28 14:10:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/27 20:00:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track15.cda.wdow
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track14.cda.nirn
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track13.cda.gymg
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track12.cda.ynif
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track11.cda.ffnf
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track10.cda.osvh
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track09.cda.baub
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track08.cda.umcu
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track07.cda.ckfc
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track06.cda.zerz
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track05.cda.hrph
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track04.cda.gwyg
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track03.cda.lgml
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track02.cda.gymg
[2012/04/27 18:36:29 | 000,000,044 | ---- | M] () -- C:\locked-Track01.cda.zerk
[2012/04/27 18:34:49 | 168,165,494 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-Image.nrg.rcfq
[2012/04/27 18:34:49 | 004,722,298 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-Mauzi vorm Ofen.JPG.nmcn
[2012/04/27 18:34:49 | 000,751,433 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-Katze - Pille.JPG.rmjt
[2012/04/27 18:34:48 | 004,976,085 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-Fiedlers und Gila am 20.03.2011.JPG.nvan
[2012/04/27 18:34:48 | 000,228,464 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-ike, Tübingen 2003.JPG.nisn
[2012/04/27 18:34:42 | 002,581,629 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-DATA2.CAB.ewfe
[2012/04/27 18:34:42 | 000,694,687 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-DATA1.CAB.mnxm
[2012/04/27 18:34:41 | 025,755,856 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-WordViewer2007.exe.ntrn
[2012/04/27 18:34:41 | 000,189,693 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-Wolf-NR.mp3.hgah
[2012/04/27 18:34:41 | 000,003,277 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\locked-Bfb 12 songs in one day.nri.qnlq
[2012/04/27 18:34:40 | 006,136,901 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-slackline-bonus-report-so-werden-sie-slackliner.pdf.ppup
[2012/04/27 18:34:40 | 000,015,345 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-rtl auflade.odt.vehv
[2012/04/27 18:34:39 | 000,281,140 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-Paarberatung.jpg.etyp
[2012/04/27 18:34:39 | 000,056,295 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-narziss.pdf.cxqc
[2012/04/27 18:34:38 | 000,262,382 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-KVB-Formular.pdf.omco
[2012/04/27 18:34:35 | 000,557,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Besucher\Desktop\locked-V7_Theorie.pdf.agla
[2012/04/27 18:34:35 | 000,140,164 | ---- | M] () -- C:\Dokumente und Einstellungen\Besucher\Desktop\locked-V7_Versuchsanleitung.pdf.lril
[2012/04/27 18:28:36 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\locked-Desktop anzeigen.scf.iofo
[2012/04/27 18:28:04 | 000,091,557 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-Foto.JPG.yizt
[2012/04/27 18:28:02 | 005,926,776 | ---- | M] () -- D:\Dokumente und Einstellungen\Besitzer\Desktop\locked-11 - When The Sun Goes Down.mp3.tkcu
[2012/04/27 18:25:52 | 000,065,536 | -H-- | M] (Pigna colada) -- C:\WINDOWS\System32\360BB89344929E2A38D9.exe
[2012/04/26 17:01:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/04/26 17:01:18 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/26 12:36:46 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/04/26 12:34:58 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/04/26 12:33:28 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/04/26 12:32:36 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/27 20:00:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/27 18:27:28 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/04/27 18:27:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/04/27 18:27:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/04/27 18:27:27 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/04/27 18:27:26 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/04/27 18:27:26 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2009/02/23 18:42:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/01 13:45:58 | 000,028,672 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/18 18:07:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/01/08 15:05:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/08 15:02:27 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/08 08:44:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/08 08:39:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2009/01/08 08:37:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/08 08:21:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/08 08:17:28 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/29 10:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2004/12/16 10:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/04/27 18:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Fwrf
[2009/06/22 12:12:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GetRightToGo
[2010/12/04 19:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Internetmanager
[2009/09/23 06:42:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org
[2012/01/31 07:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunderbird
[2009/01/08 08:39:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TMP
[2010/04/09 15:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2009/06/25 16:49:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012/04/27 18:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2012/04/27 18:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 15:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2IFSL.SYS >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/08 16:01:41 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/01/08 16:01:41 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/01/08 16:01:41 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 08:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/04 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/04 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/04 08:00:00 | 001,483,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2004/08/04 08:00:00 | 008,424,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >