|
Plagegeister aller Art und deren Bekämpfung: AKM Virus - ScreenlockWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.06.2012, 18:45 | #1 |
| AKM Virus - Screenlock Liebes Trojaner Board... habe mir heute den AKM Virus eingefangen. Aktuell läuft die (aktuelle) Avira Rescue Disc mit einem Scan....Funde bis jetzt Null. habe mir bereits eine OTLPenet Disc gebrannt die ich dann ausführen werde. OLT.txt folgt. habe OTL mit der rescue disc von oldtimer durchgefuehrt. mit dem abgesicherten modus *inkl netzwerktreiber* komme ich leider nicht in mein windows Code:
ATTFilter OTL logfile created on: 6/26/2012 10:40:21 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78.12 Gb Total Space | 8.47 Gb Free Space | 10.85% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 300.74 Gb Free Space | 32.29% Space Free | Partition Type: NTFS Drive I: | 219.96 Gb Total Space | 212.30 Gb Free Space | 96.52% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/06/26 12:32:37 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/07/01 11:43:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/28 13:11:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/01/14 10:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/05/27 13:27:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/17 20:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV - [2011/07/01 11:43:30 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/01 11:43:30 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/21 04:03:30 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011/05/10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011/01/12 05:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2010/07/11 11:55:40 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/08/17 21:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/13 18:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009/07/13 18:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2005/11/25 12:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage) DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE D3 48 B7 46 D7 CA 01 [binary data] IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\christoph.pramhofer_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\christoph.pramhofer_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 02 7C 0B 94 FE CC 01 [binary data] IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christoph.pramhofer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christoph.pramhofer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/08/16 14:39:27 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TwonkyMediaContextMenuHandler) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo) O3 - HKLM\..\Toolbar: (NuSphere Debugger ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [QGetIEMenuExt] File not found O4 - HKLM..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.exe (QNAP Systems, Inc.) O4 - HKU\christoph.pramhofer_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\christoph.pramhofer_ON_C..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\christoph.pramhofer_ON_C..\Run: [Hobbyist Software VLC Streamer] C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software) O4 - HKU\christoph.pramhofer_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\christoph.pramhofer_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\christoph.pramhofer_ON_C..\Run: [Spotify] C:\Users\christoph.pramhofer\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\christoph.pramhofer_ON_C..\Run: [Spotify Web Helper] C:\Users\christoph.pramhofer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\christoph.pramhofer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Playlist - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: TwonkyBeam to - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo) O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} hxxp://10.0.0.10:8080/cgi-bin/QNAPG726.cab (G726 BE/LE Audio Decoder) O16 - DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} hxxp://10.0.0.10:8080/cgi-bin/QNAPQ264.cab (H264 Based Transform Filter) O16 - DPF: {603E0052-7B06-496B-A04B-192419174876} hxxp://10.0.0.10:8080/cgi-bin/QNAPQIVG.cab (MJPG Based Transform Filter) O16 - DPF: {61E5C641-8F33-41A8-A95A-DAFA586052F2} hxxp://free.vivicom.de/Files/client/SHInstaller.cab (SHInstaller Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} hxxp://10.0.0.10:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor) O16 - DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} hxxp://10.0.0.10:8080/cgi-bin/QNAPQMP4.cab (QMPEG4 Based Transform Filter) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} hxxp://10.0.0.10:8080/cgi-bin/QNAPQVivoTek.cab (VivoTek AVDecoder) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe) - C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{6bc64bb3-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun O33 - MountPoints2\{6bc64bb3-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{6bc64bb8-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun O33 - MountPoints2\{6bc64bb8-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{6bc64bbb-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun O33 - MountPoints2\{6bc64bbb-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{f5a6aaaa-af7d-11e0-a042-0009dd5002d6}\Shell - "" = AutoRun O33 - MountPoints2\{f5a6aaaa-af7d-11e0-a042-0009dd5002d6}\Shell\AutoRun\command - "" = "Y:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{fc7bec96-d9c6-11df-a47f-0009dd5002d6}\Shell - "" = AutoRun O33 - MountPoints2\{fc7bec96-d9c6-11df-a47f-0009dd5002d6}\Shell\AutoRun\command - "" = K:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 13:24:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/21 13:24:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/21 13:23:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/21 13:23:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/21 13:23:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/21 13:23:41 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/21 13:23:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/06/14 14:10:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/06/14 14:10:17 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/06/14 14:10:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2012/06/14 14:10:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/06/14 14:10:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/06/14 14:10:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/06/14 14:10:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/06/14 14:10:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/06/14 13:55:54 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/06/14 13:55:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012/06/14 13:55:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012/06/14 13:55:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012/06/11 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/09 14:28:12 | 000,067,008 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0_x86.dll [2012/06/09 14:28:12 | 000,035,776 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys [2012/06/09 14:24:54 | 000,067,008 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll [2012/06/09 09:06:40 | 000,000,000 | ---D | C] -- C:\Users\christoph.pramhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2012/06/09 09:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2011/03/02 16:30:29 | 001,719,336 | ---- | C] (Yugma,Inc. ) -- C:\ProgramData\YugmaSE-Uninstaller.exe [2011/01/28 12:27:34 | 055,531,291 | -HS- | C] (UltraMixer Digitial Audio Solutions ) -- C:\Users\christoph.pramhofer\AppData\Roaming\setup.exe ========== Files - Modified Within 30 Days ========== [2012/06/26 15:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 15:23:02 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 13:18:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3721063302-531977108-1383609599-1001UA.job [2012/06/26 13:18:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3721063302-531977108-1383609599-1001Core.job [2012/06/26 13:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/26 13:07:52 | 000,002,117 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\DJ ProMixer Free Home Edition 1.5 Setup.lnk [2012/06/26 13:06:21 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/06/26 13:06:21 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/26 13:06:21 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/06/26 13:06:21 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/26 12:50:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/26 12:38:21 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 12:38:21 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/26 12:32:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/06/26 12:32:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/06/26 12:30:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/17 06:17:47 | 000,418,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/14 14:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/06/11 16:29:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2012/06/11 16:24:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/09 09:16:59 | 000,001,004 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ Home FREE.lnk [2012/06/09 09:08:37 | 000,000,183 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml [2012/06/09 09:06:41 | 000,000,999 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ PRO Full.lnk [2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe ========== Files Created - No Company Name ========== [2012/06/26 13:07:52 | 000,002,117 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DJ ProMixer Free Home Edition 1.5 Setup.lnk [2012/06/25 13:50:56 | 003,660,424 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DSC05233.JPG [2012/06/25 13:50:37 | 003,111,208 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DSC00706.JPG [2012/06/09 09:16:59 | 000,001,004 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ Home FREE.lnk [2012/06/09 09:08:36 | 000,000,183 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml [2012/06/09 09:06:41 | 000,000,999 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ PRO Full.lnk [2012/03/18 12:15:16 | 000,000,000 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\.cvspass [2011/08/16 14:46:33 | 000,020,000 | -H-- | C] () -- C:\ProgramData\R49LW [2011/08/15 08:57:55 | 000,466,528 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\mdbu.bin [2011/06/26 10:38:16 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll [2011/06/26 10:37:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/05/11 13:22:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Distortion [2011/05/11 13:22:20 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Digital Light [2011/05/11 13:22:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/05/11 13:22:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Echo [2011/05/11 13:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Piano [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Dynamic Library [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Drums [2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Drum Kits [2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flowers [2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw [2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters [2011/05/07 02:23:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drums [2011/05/07 02:23:59 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Distortion [2011/05/07 02:23:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples [2011/05/07 02:12:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Libraries [2011/05/07 02:12:56 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Keychains [2011/05/07 02:12:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Standard [2011/05/07 02:10:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2011/05/07 02:01:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT [2011/04/26 14:53:01 | 000,000,600 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Local\PUTTY.RND [2011/03/31 23:15:52 | 000,188,665 | -HS- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\jvsupc_2.exe.vir [2011/03/22 14:19:39 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011/02/14 14:45:09 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2011/01/07 09:26:32 | 000,000,215 | ---- | C] () -- C:\Windows\NNVRVCLI.INI [2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010/09/26 03:22:51 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2010/09/25 10:52:57 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI [2010/09/09 12:52:55 | 000,038,443 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Microsoft Excel 97-2003.ADR [2010/09/09 12:52:53 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010/08/29 14:04:13 | 000,139,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010/06/29 15:09:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/05/02 03:46:23 | 000,008,192 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/08 13:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/07/14 04:47:43 | 000,700,130 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009/07/14 04:47:43 | 000,148,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 00:33:53 | 000,418,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 22:05:48 | 000,654,842 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 22:05:48 | 000,121,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/18 13:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll [2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll [2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2011/08/18 14:13:55 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\.purple [2010/08/10 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\3DataManager [2012/03/04 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\BitTorrent [2012/04/25 15:59:24 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Canneverbe Limited [2011/08/20 13:17:07 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Canon [2012/03/17 06:01:58 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/09/01 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011/07/16 08:24:17 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoft [2011/03/17 12:10:21 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoftIEHelpers [2012/03/19 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\FileZilla [2010/09/09 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\GHISLER [2012/03/17 14:16:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\gtk-2.0 [2010/05/16 10:49:25 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\HeidiSQL [2011/03/17 08:08:46 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Hobbyist Software [2010/12/08 10:07:09 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\ICAClient [2010/09/06 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\ImgBurn [2011/05/11 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\IrfanView [2011/08/21 09:17:24 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\jAlbum [2011/08/20 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Lasersoft Imaging [2010/09/06 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NetBak [2011/01/09 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NewsLeecher [2011/10/17 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Nikon [2012/03/18 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NuSphere [2010/04/08 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Scooter Software [2011/04/26 14:28:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Seas0nPass [2011/04/03 04:53:15 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Software4u [2012/06/26 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Spotify [2011/02/20 05:33:13 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TagScanner [2011/01/23 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TeamViewer [2011/02/14 14:10:28 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TwonkyMedia [2012/01/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\UltraMixer [2011/03/27 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Usenet.nl [2011/02/12 03:11:59 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\uTorrent [2011/01/09 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\WindSolutions [2011/08/07 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\Canon [2011/01/12 09:01:51 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\ICAClient [2011/08/10 07:21:17 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\JAlbum [2010/09/11 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\NetBak [2011/09/11 04:07:15 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\TagScanner [2011/03/02 03:12:22 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\TwonkyMedia [2010/09/25 05:14:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\.nusphere [2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2011/10/21 11:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess [2012/04/25 15:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2012/03/26 12:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ [2012/06/14 13:44:37 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM [2011/07/22 11:57:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan [2011/07/22 11:58:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011/05/11 13:22:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp [2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/08/15 08:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\HappyFoto-Designer [2010/05/16 10:49:21 | 000,000,000 | ---D | M] -- C:\ProgramData\HeidiSQL [2010/08/28 02:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon [2011/05/11 13:22:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon [2012/03/18 12:16:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PHP [2012/03/17 06:54:19 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/02/15 13:30:17 | 000,000,000 | ---D | M] -- C:\ProgramData\twonkymedia [2011/05/11 13:22:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15 [2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2011/01/09 06:11:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions [2010/06/13 04:05:42 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/03/18 12:17:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\{67AB9237-55B9-46D5-A72F-EACBA312AF4D} [2012/03/05 13:21:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > nun die logs GMER kann ich leider nicht starten da ich die fehlermeldung the system can not find the file specified |
29.06.2012, 21:01 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus - Screenlock Ist das ein Rechner, der in einem Uni-Netz schon mal war? Oder ist das ein Büro-PC?
__________________
__________________ |
Themen zu AKM Virus - Screenlock |
akm virus, aktuelle, ausführen, avira, avira rescue, bereits, canon, conduit, google earth, heute, langs, libusb0.sys, otlpe, otlpenet, plug-in, rescue, soap0_pack.exe, spotify web helper, troja, trojaner, version=1.0, virus, visual studio, winload toolbar |