| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bundespolizei ukash onlinepolice trojaner otl.log im themaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.07.2012, 16:41
| #1 |
| |  bundespolizei ukash onlinepolice trojaner otl.log im thema Hallo board, erstmal schonmal danke und gott sei dank gibt es euch!! Ich hab leider nicht viel ahnung deswegen hoffe ich ihr könnt mir helfen. ich habe otlpe über meinen pc laufen lassen und das ist dabei rausgekommen: Code:
ATTFilter OTL logfile created on: 7/11/2012 9:10:27 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 54.30 Gb Free Space | 5.83% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.90 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive F: | 195.31 Gb Total Space | 21.83 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive G: | 736.10 Gb Total Space | 22.61 Gb Free Space | 3.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/10/06 20:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/23 12:24:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- F:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 08:44:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 09:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/27 10:15:34 | 000,075,136 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/16 08:12:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- F:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 18:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/01 21:24:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 09:31:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/13 10:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto] -- F:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006/12/19 05:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- F:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/11/24 17:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 17:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/07/01 21:24:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/01 21:24:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/01/12 22:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- F:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/18 01:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/09/29 05:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 05:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/02/12 12:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/11/26 11:55:22 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2009/11/18 14:44:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- F:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/16 16:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009/10/07 03:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 03:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/06 20:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 20:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/11 07:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 07:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 07:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 07:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/07/10 06:10:10 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/22 14:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/06/22 14:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/09/17 09:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Entech64.sys -- (ENTECH64)
DRV - [2010/03/11 03:47:01 | 000,019,952 | ---- | M] () [Kernel | On_Demand] -- F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/10/07 09:54:10 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- F:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\User_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: F:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.118.0: F:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 08:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/25 18:25:33 | 000,000,000 | ---D | M]
[2012/01/03 12:20:52 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/24 20:53:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/19 08:44:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 08:44:14 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/19 08:44:14 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 08:44:14 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/23 07:33:01 | 000,002,046 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/06/19 08:44:14 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 08:44:14 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 08:44:14 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] F:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] F:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] F:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivX Download Manager] File not found
O4 - HKLM..\Run: [HKLM] File not found
O4 - HKLM..\Run: [LanguageShortcut] F:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech G35] F:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NBKeyScan] F:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [shxqbzywmyvmmbe] F:\ProgramData\shxqbzyw.exe ()
O4 - HKLM..\Run: [TkBellExe] F:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\User_ON_F..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\User_ON_F..\Run: [HKCU] File not found
O4 - HKU\User_ON_F..\Run: [ICQ] File not found
O4 - HKU\User_ON_F..\Run: [Logitech Vid] F:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\User_ON_F..\Run: [shxqbzywmyvmmbe] F:\ProgramData\shxqbzyw.exe ()
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\file\sc2betakeygen.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\User_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\file\sc2betakeygen.exe
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - State: "startup" - 0
========== Files/Folders - Created Within 30 Days ==========
[2012/07/11 12:39:59 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/07/11 08:21:26 | 000,000,000 | ---D | C] -- F:\ProgramData\dktcldhbltotsge
[2012/06/28 19:14:06 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\dvdcss
[2012/06/24 07:28:19 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Local\Funcom
[2012/06/24 07:28:14 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/23 15:21:20 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Local\Macromedia
[2012/06/21 06:10:04 | 002,622,464 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wucltux.dll
[2012/06/21 06:10:04 | 000,057,880 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuauclt.exe
[2012/06/21 06:10:04 | 000,044,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wups2.dll
[2012/06/21 06:09:47 | 000,701,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuapi.dll
[2012/06/21 06:09:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wudriver.dll
[2012/06/21 06:09:47 | 000,038,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wups.dll
[2012/06/21 06:09:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuwebv.dll
[2012/06/21 06:09:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuapp.exe
[2012/06/18 10:09:26 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 10:09:26 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 10:09:25 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\X3 map by Scorp
[2012/06/18 10:08:59 | 000,000,000 | ---D | C] -- F:\Users\User\Desktop\X3_map_Setup_TCE
[2012/06/18 06:15:17 | 000,000,000 | ---D | C] -- F:\Users\User\Documents\Egosoft
[2012/06/17 17:36:57 | 001,942,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\D3DCompiler_39.dll
[2012/06/17 17:36:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3dx10_39.dll
[2012/06/17 17:36:56 | 004,992,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\D3DX9_39.dll
[2012/06/17 15:06:47 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
[2012/06/14 09:03:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2012/06/14 09:03:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2012/06/14 09:03:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2012/06/14 09:03:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2012/06/14 09:03:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2012/06/14 09:03:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2012/06/14 09:03:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2012/06/14 09:03:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 09:03:50 | 002,311,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2012/06/14 09:03:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2012/06/14 09:03:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 09:03:49 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2012/06/14 09:03:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2012/06/14 09:03:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2012/06/14 06:06:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpcorekmts.dll
[2012/06/14 06:06:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpwsx.dll
[2012/06/14 06:06:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdrmemptylst.exe
[2012/06/14 06:06:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/06/14 06:06:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 06:06:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 06:06:26 | 003,216,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msi.dll
[2012/06/14 06:06:25 | 002,342,400 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msi.dll
[2012/06/14 06:06:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\crypt32.dll
[2012/06/14 06:06:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cryptnet.dll
[3 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/11 12:41:24 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/07/11 12:39:23 | 3214,532,608 | -HS- | M] () -- F:\hiberfil.sys
[2012/07/11 09:26:45 | 000,015,648 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 09:26:45 | 000,015,648 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 09:24:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 08:21:27 | 000,000,051 | ---- | M] () -- F:\ProgramData\jatjmdastdayiqs
[2012/07/11 08:21:23 | 000,065,536 | ---- | M] () -- F:\ProgramData\shxqbzyw.exe
[2012/07/08 07:57:01 | 001,041,711 | ---- | M] () -- F:\Users\User\Desktop\Zyzz Bible.pdf
[2012/07/03 21:56:09 | 000,000,720 | ---- | M] () -- F:\Users\User\Desktop\StarCraft II.lnk
[2012/06/28 19:32:55 | 000,000,069 | ---- | M] () -- F:\Windows\NeroDigital.ini
[2012/06/28 19:03:17 | 000,707,300 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/06/28 19:03:17 | 000,660,918 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/06/28 19:03:17 | 000,152,892 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/06/28 19:03:17 | 000,125,108 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/06/24 07:28:14 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/24 07:25:58 | 010,480,160 | ---- | M] (Funcom ) -- F:\Users\User\Desktop\Setup.exe
[2012/06/23 12:24:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 12:24:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/18 10:09:30 | 000,001,054 | ---- | M] () -- F:\Users\User\Desktop\X3 map by Scorp.lnk
[2012/06/18 10:09:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 09:14:42 | 001,460,143 | ---- | M] () -- F:\Users\User\Desktop\X3_map_Setup_TCE.zip
[2012/06/17 15:06:02 | 009,451,173 | ---- | M] () -- F:\Users\User\Desktop\X3TC_Manual_DE.pdf
[2012/06/14 11:38:41 | 000,291,400 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[3 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/11 08:21:27 | 000,065,536 | ---- | C] () -- F:\ProgramData\shxqbzyw.exe
[2012/07/11 08:21:23 | 000,000,051 | ---- | C] () -- F:\ProgramData\jatjmdastdayiqs
[2012/07/08 07:56:52 | 001,041,711 | ---- | C] () -- F:\Users\User\Desktop\Zyzz Bible.pdf
[2012/07/03 21:56:09 | 000,000,720 | ---- | C] () -- F:\Users\User\Desktop\StarCraft II.lnk
[2012/06/18 10:09:30 | 000,001,054 | ---- | C] () -- F:\Users\User\Desktop\X3 map by Scorp.lnk
[2012/06/18 09:14:21 | 001,460,143 | ---- | C] () -- F:\Users\User\Desktop\X3_map_Setup_TCE.zip
[2012/06/17 15:04:08 | 009,451,173 | ---- | C] () -- F:\Users\User\Desktop\X3TC_Manual_DE.pdf
[2012/02/09 11:18:40 | 000,004,096 | ---- | C] () -- F:\Windows\SysWow64\drivers\rt2870.bin
[2012/02/09 11:18:38 | 000,013,931 | ---- | C] () -- F:\Windows\SysWow64\RaCoInst.dat
[2012/02/09 11:18:22 | 000,025,088 | ---- | C] () -- F:\Windows\SysWow64\RAEXTUI.dll
[2011/11/17 15:39:46 | 000,000,092 | ---- | C] () -- F:\Users\User\AppData\Local\fusioncache.dat
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- F:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- F:\Windows\SysWow64\xlive.dll.cat
[2011/06/09 07:59:08 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/12/22 17:54:34 | 000,000,262 | ---- | C] () -- F:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/10/22 10:21:24 | 002,427,248 | ---- | C] () -- F:\Windows\SysWow64\pbsvc_heroes.exe
[2010/05/01 13:49:01 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/03/15 17:31:38 | 001,619,106 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/01 14:01:43 | 000,000,307 | ---- | C] () -- F:\Windows\game.ini
[2009/11/17 15:06:32 | 000,000,069 | ---- | C] () -- F:\Windows\NeroDigital.ini
[2009/11/13 14:14:11 | 000,000,048 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2009/11/13 13:32:48 | 000,280,904 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2009/11/13 13:32:45 | 000,669,184 | ---- | C] () -- F:\Windows\SysWow64\pbsvc.exe
[2009/11/13 13:32:45 | 000,075,136 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2009/11/02 16:14:22 | 000,000,026 | ---- | C] () -- F:\Windows\Irremote.ini
[2009/11/02 15:47:53 | 000,000,010 | ---- | C] () -- F:\Windows\GSetup.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- F:\Windows\GSetup.exe
[2006/07/20 23:37:35 | 000,031,661 | -H-- | C] () -- F:\Users\User\AppData\Roaming\logs.dat
========== LOP Check ==========
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/04/21 08:14:13 | 000,000,000 | ---D | M] -- F:\ProgramData\Battle.net
[2009/12/03 19:31:57 | 000,000,000 | ---D | M] -- F:\ProgramData\BioWare
[2009/11/18 15:14:22 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2012/07/11 08:21:27 | 000,000,000 | ---D | M] -- F:\ProgramData\dktcldhbltotsge
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/10/26 05:48:40 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Core
[2012/05/22 13:41:16 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Logs
[2011/10/26 05:48:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Electronic Arts
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2009/11/12 06:50:39 | 000,000,000 | ---D | M] -- F:\ProgramData\Futuremark
[2011/10/26 05:45:23 | 000,000,000 | ---D | M] -- F:\ProgramData\Origin
[2012/07/10 20:24:23 | 000,000,000 | ---D | M] -- F:\ProgramData\PMB Files
[2012/02/09 11:18:49 | 000,000,000 | ---D | M] -- F:\ProgramData\Ralink
[2012/02/09 12:21:56 | 000,000,000 | ---D | M] -- F:\ProgramData\Sitecom Driver
[2011/11/19 02:25:33 | 000,000,000 | ---D | M] -- F:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2009/11/18 02:47:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Ubisoft
[2009/11/18 14:27:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Vodafone
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2009/12/02 17:16:33 | 000,000,000 | -H-D | M] -- F:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2012/06/15 07:53:23 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009/11/02 15:38:15 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2011/10/19 15:15:11 | 000,000,000 | ---D | M] -- F:\Games
[2011/04/22 13:34:51 | 000,000,000 | ---D | M] -- F:\NVIDIA
[2012/04/16 13:08:59 | 000,000,000 | R--D | M] -- F:\Program Files
[2012/06/18 10:09:25 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2012/07/11 08:21:28 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\Programme
[2009/11/02 15:38:02 | 000,000,000 | -HSD | M] -- F:\Recovery
[2012/07/08 13:00:56 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2011/04/22 13:37:52 | 000,000,000 | R--D | M] -- F:\Users
[2012/02/10 07:11:06 | 000,000,000 | ---D | M] -- F:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
weiterhin habe ich grade festgestellt das meine shell in der regristry trotzdem explorer.exe ist das foto sieht so wie hier aus http://www.trojaner-board.de/116052-...-gesperrt.html weiterhin lasse ich grade Malwarebytes laufen. (quickscan) hier die malwarebytes quickscan log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.09.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 User :: RECHNER [Administrator] Schutz: Deaktiviert 11.07.2012 22:22:16 mbam-log-2012-07-11 (22-38-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239660 Laufzeit: 3 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\User\Desktop\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Roaming\logs.dat (Bifrose.Trace) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\User\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\User\0.8768296038513202.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) mal gucken was ein vollscan ausmacht, log folgt. Geändert von Peschi (11.07.2012 um 17:23 Uhr) Grund: update |
| Themen zu bundespolizei ukash onlinepolice trojaner otl.log im thema |
| adobe, antivir, avira, bho, defender, desktop, device driver, error, explorer, firefox, flash player, format, google, helper, heuristiks/extra, heuristiks/shuriken, home, launch, logfile, lws.exe, mozilla, nvidia, nvstor.sys, plug-in, realtek, rundll, scan, security, software, trojan.agent.ge, trojaner, ukash trojaner bundespolizei online police, usb, winlogon.exe |
Baum-Darstellung