Fix-Log fuer Windowsverschluesselungs-Trojaner

mfg · 16.05.2012, 12:30

Ich habe das Problem mit dem Windowsverschluesselungs-Trojaner und bin der Anleitung gefolgt (OTLPE download & Scan) und habe nun das Logfile an diese Mail angehaengt.
Ich gehe davon aus, dass Du mir nun ein geaendertes Logfile fuer den Fix zuschicken wirst. Bitte mal kurz die Vorgehensweise bestaetigen oder korrigieren und ueber ein Zeitabschaetzung wuerde ich mich auch freuen.

Vielen Dank fuer Deine Hilfe

hxxp://img.trojaner-board.de/verschluesselungs-trojaner/trojan.encoder.png

Hier nochmal das Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/16/2012 3:43:55 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 76.39 Mb Free Space | 74.91% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 3.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 1.83 Gb Total Space | 1.71 Gb Free Space | 93.37% Space Free | Partition Type: FAT
Drive F: | 285.99 Gb Total Space | 224.31 Gb Free Space | 78.43% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/11/24 10:17:18 | 000,202,752 | ---- | M] (AMD) [Auto] -- F:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 07:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 06:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- F:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/13 06:50:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/30 14:53:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- F:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 06:04:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/03 12:07:48 | 000,246,520 | ---- | M] () [Auto] -- F:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/12/29 09:18:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 07:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- F:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 21:05:56 | 000,044,312 | ---- | M] () [On_Demand] -- F:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/28 16:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- F:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 10:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/06/30 14:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 14:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/24 10:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/06 00:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/02 07:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/05 03:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/05 16:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/24 06:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/06/15 22:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- F:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/11/11 11:46:50 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/29 14:29:58] [Kernel | Auto] -- F:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sweetim.com/?src=10
IE - HKU\Manuel_ON_F\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010/11/14 17:49:47 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - F:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - F:\Program Files (x86)\ICQ6Toolbar\20101005170805\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] F:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] F:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Manuel_ON_F..\Run: [10AE3BF6] F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe ()
O4 - HKU\Manuel_ON_F..\Run: [3J5X4I3VYX0EZV9HKFYSEMAAUDPN] F:\updates64\395D483BBD1.exe ()
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - F:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: Camera Assistant Software - hkey= - key= - F:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - F:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - F:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - F:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - F:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - F:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - F:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/15 14:25:51 | 000,000,000 | ---D | C] -- F:\Users\Manuel\AppData\Roaming\Sctbht
[2012/05/14 15:02:08 | 000,000,000 | ---D | C] -- F:\ProgramData\Sun
[2012/05/14 15:02:07 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Java
[2012/05/14 15:01:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\deployJava1.dll
[2012/05/14 15:01:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaws.exe
[2012/05/14 15:01:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaw.exe
[2012/05/14 15:01:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\java.exe
[2012/05/14 15:01:05 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Java
[2012/05/13 06:50:49 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 06:50:49 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/13 06:50:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\Macromed
[2012/05/12 04:09:46 | 000,739,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d2d1.dll
[2012/05/12 04:09:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2012/05/12 04:09:45 | 001,074,176 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\DWrite.dll
[2012/05/12 04:09:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1.dll
[2012/05/12 04:09:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10_1.dll
[2012/05/12 04:09:44 | 001,837,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10warp.dll
[2012/05/12 04:09:44 | 001,170,944 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10warp.dll
[2012/05/12 04:09:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d2d1.dll
[2012/05/12 04:09:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1core.dll
[2012/05/12 04:09:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10_1core.dll
[2012/05/12 04:08:47 | 005,504,880 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/05/12 04:08:45 | 003,958,128 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 04:08:45 | 003,902,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2010/09/14 07:13:24 | 002,736,736 | ---- | C] (Conduit Ltd.) -- F:\Program Files (x86)\tbsoft.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/16 08:22:47 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/05/16 08:22:46 | 000,629,254 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/05/16 08:22:46 | 000,602,908 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/05/16 08:22:46 | 000,121,838 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/05/16 08:22:46 | 000,099,478 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/05/16 08:20:56 | 000,001,106 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 08:20:38 | 3113,304,064 | -HS- | M] () -- F:\hiberfil.sys
[2012/05/16 03:47:42 | 000,001,110 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 03:46:03 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 01:56:57 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 01:56:57 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 15:01:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\deployJava1.dll
[2012/05/14 15:01:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaws.exe
[2012/05/14 15:01:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaw.exe
[2012/05/14 15:01:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\java.exe
[2012/05/13 16:34:04 | 000,352,816 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/05/13 14:02:05 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 06:50:49 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 06:50:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012/05/13 06:50:50 | 000,000,884 | ---- | C] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2010/11/15 16:52:42 | 000,000,056 | -H-- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/10/18 05:49:08 | 000,028,672 | ---- | C] () -- F:\Windows\SysWow64\hlduinst.exe
[2010/10/18 05:49:07 | 000,164,864 | ---- | C] () -- F:\Windows\SysWow64\UNWISE.EXE
[2010/10/18 05:49:07 | 000,006,836 | ---- | C] () -- F:\Windows\SysWow64\UNWISE.INI
[2010/10/18 05:48:15 | 000,000,163 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/18 05:48:12 | 000,036,864 | ---- | C] () -- F:\Windows\SysWow64\cmll10sx.dll
[2010/09/23 10:43:58 | 000,000,164 | ---- | C] () -- F:\Windows\DBDUIHost.exe.config
[2010/09/14 07:13:24 | 000,153,088 | ---- | C] () -- F:\Program Files (x86)\UNWISE.EXE
[2010/09/14 07:13:24 | 000,006,836 | ---- | C] () -- F:\Program Files (x86)\UNWISE.INI
[2010/06/10 06:23:21 | 000,000,173 | ---- | C] () -- F:\Windows\gabau2_cd.ini
[2010/02/04 15:00:45 | 000,000,000 | ---- | C] () -- F:\Users\Manuel\AppData\Roaming\wklnhst.dat
[2009/12/29 09:17:16 | 000,206,208 | ---- | C] () -- F:\Windows\PLFSetI.exe
[2009/12/29 09:17:16 | 000,000,169 | ---- | C] () -- F:\Windows\PidList.ini
[2009/12/29 09:09:24 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2009/11/05 18:47:00 | 000,131,368 | ---- | C] () -- F:\ProgramData\FullRemove.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/07/20 07:20:20 | 000,000,000 | ---D | M] -- F:\ProgramData\Arcade Lab
[2009/11/05 19:01:08 | 000,000,000 | ---D | M] -- F:\ProgramData\BackupManager
[2010/05/05 05:57:33 | 000,000,000 | ---D | M] -- F:\ProgramData\cadwork
[2010/05/05 06:54:11 | 000,000,000 | ---D | M] -- F:\ProgramData\cadwork.cat
[2010/07/09 06:16:46 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2010/11/26 04:37:21 | 000,000,000 | ---D | M] -- F:\ProgramData\DBD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/11/01 04:33:33 | 000,000,000 | ---D | M] -- F:\ProgramData\Downloaded Installations
[2010/07/12 03:17:39 | 000,000,000 | ---D | M] -- F:\ProgramData\FarmFrenzy2
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/09/15 06:23:16 | 000,000,000 | ---D | M] -- F:\ProgramData\Friends Games
[2010/11/01 04:34:49 | 000,000,000 | ---D | M] -- F:\ProgramData\HSETU
[2010/02/03 15:12:42 | 000,000,000 | ---D | M] -- F:\ProgramData\ICQ
[2010/02/02 12:09:17 | 000,000,000 | ---D | M] -- F:\ProgramData\OEM
[2009/11/05 19:02:29 | 000,000,000 | ---D | M] -- F:\ProgramData\Packard Bell
[2010/02/23 17:25:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Partner
[2010/07/12 04:25:20 | 000,000,000 | ---D | M] -- F:\ProgramData\PlayFirst
[2010/09/15 06:01:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Sandlot Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/11/14 17:49:38 | 000,000,000 | ---D | M] -- F:\ProgramData\SweetIM
[2010/09/22 04:49:45 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/04/08 17:48:47 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/03/08 07:15:08 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2011/10/13 16:39:41 | 000,000,000 | ---D | M] -- F:\4e4c9c8eaf772664b23fd6d99edc69
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2010/09/14 07:50:53 | 000,000,000 | ---D | M] -- F:\highscore
[2010/10/21 08:08:50 | 000,000,000 | ---D | M] -- F:\HWS32
[2009/11/05 18:41:35 | 000,000,000 | ---D | M] -- F:\Intel
[2009/11/05 18:54:07 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2010/02/02 12:09:55 | 000,000,000 | -H-D | M] -- F:\OEM
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2010/12/12 05:21:54 | 000,000,000 | R--D | M] -- F:\Program Files
[2012/05/14 15:01:05 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2012/05/14 15:02:08 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\Programme
[2010/02/02 12:08:41 | 000,000,000 | -HSD | M] -- F:\Recovery
[2012/05/15 13:56:55 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/05/15 16:15:55 | 000,000,000 | -H-D | M] -- F:\updates64
[2010/02/02 12:08:47 | 000,000,000 | R--D | M] -- F:\Users
[2012/05/16 03:50:35 | 000,000,000 | ---D | M] -- F:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 15:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Windows\System32\drivers\iaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\System32\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> F:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 149 bytes -> F:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 140 bytes -> F:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 139 bytes -> F:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 138 bytes -> F:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> F:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 128 bytes -> F:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> F:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 120 bytes -> F:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 118 bytes -> F:\ProgramData\Temp:444C53BA
< End of report >

--- --- ---

kira · 16.05.2012, 14:27

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTLPE

Starte die OTLPE
Kopiere folgendes Skript (unverändert inkl. :OTL, nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!)
:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.sweetim.com/?src=10
IE - HKU\Manuel_ON_F\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\Manuel_ON_F..\Run: [10AE3BF6] F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe ()
O4 - HKU\Manuel_ON_F..\Run: [3J5X4I3VYX0EZV9HKFYSEMAAUDPN] F:\updates64\395D483BBD1.exe ()
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2012/05/16 08:20:56 | 000,001,106 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 03:47:42 | 000,001,110 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 151 bytes -> F:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 149 bytes -> F:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 140 bytes -> F:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 139 bytes -> F:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 138 bytes -> F:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> F:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 128 bytes -> F:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> F:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 120 bytes -> F:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 118 bytes -> F:\ProgramData\Temp:444C53BA

:Files
F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe
F:\updates64\395D483BBD1.exe
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Run Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
Am besten alle verschlüsselten Daten extern sichern (auf leere USB-Stick oder ext. Festplatte). Dann mit Entschlüsselung beginnen. Also am Computer sollen die geänderten Daten um Nummer sicher zu gehen zuerst unberührt bleiben
Wenn alles gut geht, kannst Du dann am PC weiter machen

5.
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
► SemperVideo hat ein Video zum Thema erstellt.

6.
Systemscan mit OTL - nicht mehr das OTLPE starten!

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

7.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

mfg · 16.05.2012, 15:00

Hallo Kira,
Danke erstmal fuer die Hilfestellung.

Der Fix ist durchgelaufen und der log ist unten angefuegt.
Nach dem Reboot kann ich bereits im normalen Modus weiter arbeiten! Keine WinBlockung & i-net funktiniert auch wieder. *phew*

)

Werde mich im Laufe des Nachmittags an die weiteren schritte rantasten.
vielen lieben Dank schonmal,
m

Code:

ATTFilter

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\Manuel_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\Manuel_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\Manuel_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry value HKEY_USERS\Manuel_ON_F\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
HKU\Manuel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\Manuel_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe moved successfully.
Registry key HKEY_USERS\Manuel_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
F:\updates64\395D483BBD1.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_F\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1addd759-d29e-11df-bdb0-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1addd759-d29e-11df-bdb0-705ab6182a25}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54c30523-c637-11df-90d3-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54c30523-c637-11df-90d3-705ab6182a25}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69bd1dec-3192-11df-8636-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69bd1dec-3192-11df-8636-705ab6182a25}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69bd1df7-3192-11df-8636-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69bd1df7-3192-11df-8636-705ab6182a25}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a33b265-2205-11e0-b53f-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a33b265-2205-11e0-b53f-705ab6182a25}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\ not found.
File F:\LaunchU3.exe -a not found.
F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS F:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS F:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS F:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS F:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS F:\ProgramData\Temp:E3C56885 deleted successfully.
ADS F:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS F:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS F:\ProgramData\Temp:AB689DEA deleted successfully.
ADS F:\ProgramData\Temp:93DE1838 deleted successfully.
ADS F:\ProgramData\Temp:444C53BA deleted successfully.
========== FILES ==========
File\Folder F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe not found.
File\Folder F:\updates64\395D483BBD1.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
 
User: Manuel
->Temp folder emptied: 34295369 bytes
->Temporary Internet Files folder emptied: 268535820 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 112303156 bytes
->Flash cache emptied: 73661 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4018045 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46374103 bytes
 
Total Files Cleaned = 444.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05162012_184656

Fix-Log fuer Windowsverschluesselungs-Trojaner

Log-Analyse und Auswertung: Fix-Log fuer Windowsverschluesselungs-Trojaner