| |
| |||||||
Log-Analyse und Auswertung: Fix-Log fuer Windowsverschluesselungs-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.05.2012, 12:30
| #1 |
| |  Fix-Log fuer Windowsverschluesselungs-Trojaner Ich habe das Problem mit dem Windowsverschluesselungs-Trojaner und bin der Anleitung gefolgt (OTLPE download & Scan) und habe nun das Logfile an diese Mail angehaengt. Ich gehe davon aus, dass Du mir nun ein geaendertes Logfile fuer den Fix zuschicken wirst. Bitte mal kurz die Vorgehensweise bestaetigen oder korrigieren und ueber ein Zeitabschaetzung wuerde ich mich auch freuen. Vielen Dank fuer Deine Hilfe hxxp://img.trojaner-board.de/verschluesselungs-trojaner/trojan.encoder.png Hier nochmal das Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/16/2012 3:43:55 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 101.97 Mb Total Space | 76.39 Mb Free Space | 74.91% Space Free | Partition Type: NTFS
Drive D: | 3.90 Gb Total Space | 3.90 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive E: | 1.83 Gb Total Space | 1.71 Gb Free Space | 93.37% Space Free | Partition Type: FAT
Drive F: | 285.99 Gb Total Space | 224.31 Gb Free Space | 78.43% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/11/24 10:17:18 | 000,202,752 | ---- | M] (AMD) [Auto] -- F:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 07:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 06:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- F:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/13 06:50:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/30 14:53:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- F:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 06:04:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/03 12:07:48 | 000,246,520 | ---- | M] () [Auto] -- F:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/12/29 09:18:52 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 07:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- F:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 21:05:56 | 000,044,312 | ---- | M] () [On_Demand] -- F:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- F:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/28 16:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand] -- F:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 10:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/06/30 14:53:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 14:53:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/11/24 10:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/06 00:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/02 07:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/05 03:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/05 16:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/24 06:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/06/15 22:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- F:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/11/11 11:46:50 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/29 14:29:58] [Kernel | Auto] -- F:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273602109615l0374z1k5f4982y252
IE - HKU\Manuel_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.sweetim.com/?src=10
IE - HKU\Manuel_ON_F\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\Manuel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010/11/14 17:49:47 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - F:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - F:\Program Files (x86)\ICQ6Toolbar\20101005170805\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - F:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Manuel_ON_F\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - F:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] F:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] F:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Manuel_ON_F..\Run: [10AE3BF6] F:\Users\Manuel\AppData\Roaming\Sctbht\7D2CAFBC10AE3BF66E36.exe ()
O4 - HKU\Manuel_ON_F..\Run: [3J5X4I3VYX0EZV9HKFYSEMAAUDPN] F:\updates64\395D483BBD1.exe ()
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: F:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{1addd759-d29e-11df-bdb0-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{54c30523-c637-11df-90d3-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1dec-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{69bd1df7-3192-11df-8636-705ab6182a25}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{7a33b265-2205-11e0-b53f-705ab6182a25}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell - "" = AutoRun
O33 - MountPoints2\{c070afc5-6d4d-11df-bb5e-705ab6182a25}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - F:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: Camera Assistant Software - hkey= - key= - F:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - F:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - F:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - F:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - F:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - F:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - F:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - F:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - F:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/15 14:25:51 | 000,000,000 | ---D | C] -- F:\Users\Manuel\AppData\Roaming\Sctbht
[2012/05/14 15:02:08 | 000,000,000 | ---D | C] -- F:\ProgramData\Sun
[2012/05/14 15:02:07 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\Java
[2012/05/14 15:01:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\deployJava1.dll
[2012/05/14 15:01:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaws.exe
[2012/05/14 15:01:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaw.exe
[2012/05/14 15:01:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\java.exe
[2012/05/14 15:01:05 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Java
[2012/05/13 06:50:49 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 06:50:49 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/13 06:50:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\Macromed
[2012/05/12 04:09:46 | 000,739,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d2d1.dll
[2012/05/12 04:09:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2012/05/12 04:09:45 | 001,074,176 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\DWrite.dll
[2012/05/12 04:09:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1.dll
[2012/05/12 04:09:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10_1.dll
[2012/05/12 04:09:44 | 001,837,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10warp.dll
[2012/05/12 04:09:44 | 001,170,944 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10warp.dll
[2012/05/12 04:09:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d2d1.dll
[2012/05/12 04:09:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3d10_1core.dll
[2012/05/12 04:09:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\d3d10_1core.dll
[2012/05/12 04:08:47 | 005,504,880 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/05/12 04:08:45 | 003,958,128 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 04:08:45 | 003,902,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2010/09/14 07:13:24 | 002,736,736 | ---- | C] (Conduit Ltd.) -- F:\Program Files (x86)\tbsoft.dll
========== Files - Modified Within 30 Days ==========
[2012/05/16 08:22:47 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/05/16 08:22:46 | 000,629,254 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/05/16 08:22:46 | 000,602,908 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/05/16 08:22:46 | 000,121,838 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/05/16 08:22:46 | 000,099,478 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/05/16 08:20:56 | 000,001,106 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 08:20:38 | 3113,304,064 | -HS- | M] () -- F:\hiberfil.sys
[2012/05/16 03:47:42 | 000,001,110 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 03:46:03 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 01:56:57 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 01:56:57 | 000,009,696 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 15:01:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\deployJava1.dll
[2012/05/14 15:01:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaws.exe
[2012/05/14 15:01:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\javaw.exe
[2012/05/14 15:01:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\Windows\SysWow64\java.exe
[2012/05/13 16:34:04 | 000,352,816 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2012/05/13 14:02:05 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 06:50:49 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 06:50:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012/05/13 06:50:50 | 000,000,884 | ---- | C] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2010/11/15 16:52:42 | 000,000,056 | -H-- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/10/18 05:49:08 | 000,028,672 | ---- | C] () -- F:\Windows\SysWow64\hlduinst.exe
[2010/10/18 05:49:07 | 000,164,864 | ---- | C] () -- F:\Windows\SysWow64\UNWISE.EXE
[2010/10/18 05:49:07 | 000,006,836 | ---- | C] () -- F:\Windows\SysWow64\UNWISE.INI
[2010/10/18 05:48:15 | 000,000,163 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/18 05:48:12 | 000,036,864 | ---- | C] () -- F:\Windows\SysWow64\cmll10sx.dll
[2010/09/23 10:43:58 | 000,000,164 | ---- | C] () -- F:\Windows\DBDUIHost.exe.config
[2010/09/14 07:13:24 | 000,153,088 | ---- | C] () -- F:\Program Files (x86)\UNWISE.EXE
[2010/09/14 07:13:24 | 000,006,836 | ---- | C] () -- F:\Program Files (x86)\UNWISE.INI
[2010/06/10 06:23:21 | 000,000,173 | ---- | C] () -- F:\Windows\gabau2_cd.ini
[2010/02/04 15:00:45 | 000,000,000 | ---- | C] () -- F:\Users\Manuel\AppData\Roaming\wklnhst.dat
[2009/12/29 09:17:16 | 000,206,208 | ---- | C] () -- F:\Windows\PLFSetI.exe
[2009/12/29 09:17:16 | 000,000,169 | ---- | C] () -- F:\Windows\PidList.ini
[2009/12/29 09:09:24 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2009/11/05 18:47:00 | 000,131,368 | ---- | C] () -- F:\ProgramData\FullRemove.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/07/20 07:20:20 | 000,000,000 | ---D | M] -- F:\ProgramData\Arcade Lab
[2009/11/05 19:01:08 | 000,000,000 | ---D | M] -- F:\ProgramData\BackupManager
[2010/05/05 05:57:33 | 000,000,000 | ---D | M] -- F:\ProgramData\cadwork
[2010/05/05 06:54:11 | 000,000,000 | ---D | M] -- F:\ProgramData\cadwork.cat
[2010/07/09 06:16:46 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2010/11/26 04:37:21 | 000,000,000 | ---D | M] -- F:\ProgramData\DBD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/11/01 04:33:33 | 000,000,000 | ---D | M] -- F:\ProgramData\Downloaded Installations
[2010/07/12 03:17:39 | 000,000,000 | ---D | M] -- F:\ProgramData\FarmFrenzy2
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/09/15 06:23:16 | 000,000,000 | ---D | M] -- F:\ProgramData\Friends Games
[2010/11/01 04:34:49 | 000,000,000 | ---D | M] -- F:\ProgramData\HSETU
[2010/02/03 15:12:42 | 000,000,000 | ---D | M] -- F:\ProgramData\ICQ
[2010/02/02 12:09:17 | 000,000,000 | ---D | M] -- F:\ProgramData\OEM
[2009/11/05 19:02:29 | 000,000,000 | ---D | M] -- F:\ProgramData\Packard Bell
[2010/02/23 17:25:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Partner
[2010/07/12 04:25:20 | 000,000,000 | ---D | M] -- F:\ProgramData\PlayFirst
[2010/09/15 06:01:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Sandlot Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/11/14 17:49:38 | 000,000,000 | ---D | M] -- F:\ProgramData\SweetIM
[2010/09/22 04:49:45 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/04/08 17:48:47 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/03/08 07:15:08 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2011/10/13 16:39:41 | 000,000,000 | ---D | M] -- F:\4e4c9c8eaf772664b23fd6d99edc69
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2010/09/14 07:50:53 | 000,000,000 | ---D | M] -- F:\highscore
[2010/10/21 08:08:50 | 000,000,000 | ---D | M] -- F:\HWS32
[2009/11/05 18:41:35 | 000,000,000 | ---D | M] -- F:\Intel
[2009/11/05 18:54:07 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2010/02/02 12:09:55 | 000,000,000 | -H-D | M] -- F:\OEM
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2010/12/12 05:21:54 | 000,000,000 | R--D | M] -- F:\Program Files
[2012/05/14 15:01:05 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2012/05/14 15:02:08 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/02/02 12:08:40 | 000,000,000 | -HSD | M] -- F:\Programme
[2010/02/02 12:08:41 | 000,000,000 | -HSD | M] -- F:\Recovery
[2012/05/15 13:56:55 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/05/15 16:15:55 | 000,000,000 | -H-D | M] -- F:\updates64
[2010/02/02 12:08:47 | 000,000,000 | R--D | M] -- F:\Users
[2012/05/16 03:50:35 | 000,000,000 | ---D | M] -- F:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2009/10/13 15:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Windows\System32\drivers\iaStor.sys
[2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- F:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\System32\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> F:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 149 bytes -> F:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 140 bytes -> F:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 139 bytes -> F:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 138 bytes -> F:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 129 bytes -> F:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 128 bytes -> F:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 122 bytes -> F:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 120 bytes -> F:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 118 bytes -> F:\ProgramData\Temp:444C53BA
< End of report >
|
| Themen zu Fix-Log fuer Windowsverschluesselungs-Trojaner |
| alternate, anleitung, conduit, download, fix, freue, google earth, launch, leitung, logfile, mail, nvstor.sys, otlpe, packard bell, plug-in, problem, scan, verschluesselung trojaner windows blockiert, version=1.0, vorgehensweise |
Baum-Darstellung