bundespolizei ukash onlinepolice trojaner otl.log im thema

Peschi · 11.07.2012, 16:41

Hallo board,
erstmal schonmal danke und gott sei dank gibt es euch!!

Ich hab leider nicht viel ahnung deswegen hoffe ich ihr könnt mir helfen.
ich habe otlpe über meinen pc laufen lassen und das ist dabei rausgekommen:

Code:

ATTFilter

OTL logfile created on: 7/11/2012 9:10:27 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 54.30 Gb Free Space | 5.83% Space Free | Partition Type: NTFS
Drive E: | 3.90 Gb Total Space | 3.90 Gb Free Space | 99.91% Space Free | Partition Type: FAT32
Drive F: | 195.31 Gb Total Space | 21.83 Gb Free Space | 11.18% Space Free | Partition Type: NTFS
Drive G: | 736.10 Gb Total Space | 22.61 Gb Free Space | 3.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/06 20:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/23 12:24:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- F:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 08:44:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 09:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/27 10:15:34 | 000,075,136 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/16 08:12:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- F:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 18:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/01 21:24:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 09:31:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/13 10:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto] -- F:\Program Files (x86)\Sitecom\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2006/12/19 05:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- F:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/24 17:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 17:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/07/01 21:24:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- F:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/01 21:24:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- F:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/01/12 22:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- F:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/18 01:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/09/29 05:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 05:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/02/12 12:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/11/26 11:55:22 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2009/11/18 14:44:44 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- F:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/16 16:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009/10/07 03:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 03:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/06 20:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 20:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/11 07:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 07:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 07:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 07:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/07/10 06:10:10 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/22 14:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/06/22 14:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/09/17 09:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Entech64.sys -- (ENTECH64)
DRV - [2010/03/11 03:47:01 | 000,019,952 | ---- | M] () [Kernel | On_Demand] -- F:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/10/07 09:54:10 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- F:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\User_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\User_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 203.232.208.116:8080
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: F:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.118.0: F:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: F:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 08:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/25 18:25:33 | 000,000,000 | ---D | M]
 
[2012/01/03 12:20:52 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/24 20:53:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/19 08:44:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 08:44:14 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/19 08:44:14 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 08:44:14 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/23 07:33:01 | 000,002,046 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/06/19 08:44:14 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 08:44:14 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 08:44:14 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] F:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] F:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] F:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivX Download Manager]  File not found
O4 - HKLM..\Run: [HKLM]  File not found
O4 - HKLM..\Run: [LanguageShortcut] F:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech G35] F:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NBKeyScan] F:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [shxqbzywmyvmmbe] F:\ProgramData\shxqbzyw.exe ()
O4 - HKLM..\Run: [TkBellExe] F:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\User_ON_F..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\User_ON_F..\Run: [HKCU]  File not found
O4 - HKU\User_ON_F..\Run: [ICQ]  File not found
O4 - HKU\User_ON_F..\Run: [Logitech Vid] F:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\User_ON_F..\Run: [shxqbzywmyvmmbe] F:\ProgramData\shxqbzyw.exe ()
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\file\sc2betakeygen.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\User_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\file\sc2betakeygen.exe
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - State: "startup" - 0
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/11 12:39:59 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/07/11 08:21:26 | 000,000,000 | ---D | C] -- F:\ProgramData\dktcldhbltotsge
[2012/06/28 19:14:06 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\dvdcss
[2012/06/24 07:28:19 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Local\Funcom
[2012/06/24 07:28:14 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/23 15:21:20 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Local\Macromedia
[2012/06/21 06:10:04 | 002,622,464 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wucltux.dll
[2012/06/21 06:10:04 | 000,057,880 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuauclt.exe
[2012/06/21 06:10:04 | 000,044,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wups2.dll
[2012/06/21 06:09:47 | 000,701,976 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuapi.dll
[2012/06/21 06:09:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wudriver.dll
[2012/06/21 06:09:47 | 000,038,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wups.dll
[2012/06/21 06:09:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuwebv.dll
[2012/06/21 06:09:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\wuapp.exe
[2012/06/18 10:09:26 | 000,000,000 | ---D | C] -- F:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 10:09:26 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 10:09:25 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\X3 map by Scorp
[2012/06/18 10:08:59 | 000,000,000 | ---D | C] -- F:\Users\User\Desktop\X3_map_Setup_TCE
[2012/06/18 06:15:17 | 000,000,000 | ---D | C] -- F:\Users\User\Documents\Egosoft
[2012/06/17 17:36:57 | 001,942,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\D3DCompiler_39.dll
[2012/06/17 17:36:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\d3dx10_39.dll
[2012/06/17 17:36:56 | 004,992,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\D3DX9_39.dll
[2012/06/17 15:06:47 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
[2012/06/14 09:03:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtmled.dll
[2012/06/14 09:03:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\mshtmled.dll
[2012/06/14 09:03:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\url.dll
[2012/06/14 09:03:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\url.dll
[2012/06/14 09:03:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2012/06/14 09:03:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2012/06/14 09:03:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieUnatt.exe
[2012/06/14 09:03:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 09:03:50 | 002,311,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2012/06/14 09:03:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\inetcpl.cpl
[2012/06/14 09:03:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 09:03:49 | 001,800,192 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2012/06/14 09:03:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2012/06/14 09:03:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2012/06/14 06:06:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpcorekmts.dll
[2012/06/14 06:06:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdpwsx.dll
[2012/06/14 06:06:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\rdrmemptylst.exe
[2012/06/14 06:06:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ntoskrnl.exe
[2012/06/14 06:06:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 06:06:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 06:06:26 | 003,216,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msi.dll
[2012/06/14 06:06:25 | 002,342,400 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msi.dll
[2012/06/14 06:06:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\crypt32.dll
[2012/06/14 06:06:22 | 000,140,288 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cryptnet.dll
[3 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/11 12:41:24 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012/07/11 12:39:23 | 3214,532,608 | -HS- | M] () -- F:\hiberfil.sys
[2012/07/11 09:26:45 | 000,015,648 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 09:26:45 | 000,015,648 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 09:24:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 08:21:27 | 000,000,051 | ---- | M] () -- F:\ProgramData\jatjmdastdayiqs
[2012/07/11 08:21:23 | 000,065,536 | ---- | M] () -- F:\ProgramData\shxqbzyw.exe
[2012/07/08 07:57:01 | 001,041,711 | ---- | M] () -- F:\Users\User\Desktop\Zyzz Bible.pdf
[2012/07/03 21:56:09 | 000,000,720 | ---- | M] () -- F:\Users\User\Desktop\StarCraft II.lnk
[2012/06/28 19:32:55 | 000,000,069 | ---- | M] () -- F:\Windows\NeroDigital.ini
[2012/06/28 19:03:17 | 000,707,300 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2012/06/28 19:03:17 | 000,660,918 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2012/06/28 19:03:17 | 000,152,892 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2012/06/28 19:03:17 | 000,125,108 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2012/06/24 07:28:14 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/24 07:25:58 | 010,480,160 | ---- | M] (Funcom                                                      ) -- F:\Users\User\Desktop\Setup.exe
[2012/06/23 12:24:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 12:24:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/18 10:09:30 | 000,001,054 | ---- | M] () -- F:\Users\User\Desktop\X3 map by Scorp.lnk
[2012/06/18 10:09:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\X3 map by Scorp
[2012/06/18 09:14:42 | 001,460,143 | ---- | M] () -- F:\Users\User\Desktop\X3_map_Setup_TCE.zip
[2012/06/17 15:06:02 | 009,451,173 | ---- | M] () -- F:\Users\User\Desktop\X3TC_Manual_DE.pdf
[2012/06/14 11:38:41 | 000,291,400 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[3 F:\Windows\*.tmp files -> F:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/11 08:21:27 | 000,065,536 | ---- | C] () -- F:\ProgramData\shxqbzyw.exe
[2012/07/11 08:21:23 | 000,000,051 | ---- | C] () -- F:\ProgramData\jatjmdastdayiqs
[2012/07/08 07:56:52 | 001,041,711 | ---- | C] () -- F:\Users\User\Desktop\Zyzz Bible.pdf
[2012/07/03 21:56:09 | 000,000,720 | ---- | C] () -- F:\Users\User\Desktop\StarCraft II.lnk
[2012/06/18 10:09:30 | 000,001,054 | ---- | C] () -- F:\Users\User\Desktop\X3 map by Scorp.lnk
[2012/06/18 09:14:21 | 001,460,143 | ---- | C] () -- F:\Users\User\Desktop\X3_map_Setup_TCE.zip
[2012/06/17 15:04:08 | 009,451,173 | ---- | C] () -- F:\Users\User\Desktop\X3TC_Manual_DE.pdf
[2012/02/09 11:18:40 | 000,004,096 | ---- | C] () -- F:\Windows\SysWow64\drivers\rt2870.bin
[2012/02/09 11:18:38 | 000,013,931 | ---- | C] () -- F:\Windows\SysWow64\RaCoInst.dat
[2012/02/09 11:18:22 | 000,025,088 | ---- | C] () -- F:\Windows\SysWow64\RAEXTUI.dll
[2011/11/17 15:39:46 | 000,000,092 | ---- | C] () -- F:\Users\User\AppData\Local\fusioncache.dat
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- F:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- F:\Windows\SysWow64\xlive.dll.cat
[2011/06/09 07:59:08 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2010/12/22 17:54:34 | 000,000,262 | ---- | C] () -- F:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/10/22 10:21:24 | 002,427,248 | ---- | C] () -- F:\Windows\SysWow64\pbsvc_heroes.exe
[2010/05/01 13:49:01 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/03/15 17:31:38 | 001,619,106 | ---- | C] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/01 14:01:43 | 000,000,307 | ---- | C] () -- F:\Windows\game.ini
[2009/11/17 15:06:32 | 000,000,069 | ---- | C] () -- F:\Windows\NeroDigital.ini
[2009/11/13 14:14:11 | 000,000,048 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2009/11/13 13:32:48 | 000,280,904 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrB.exe
[2009/11/13 13:32:45 | 000,669,184 | ---- | C] () -- F:\Windows\SysWow64\pbsvc.exe
[2009/11/13 13:32:45 | 000,075,136 | ---- | C] () -- F:\Windows\SysWow64\PnkBstrA.exe
[2009/11/02 16:14:22 | 000,000,026 | ---- | C] () -- F:\Windows\Irremote.ini
[2009/11/02 15:47:53 | 000,000,010 | ---- | C] () -- F:\Windows\GSetup.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- F:\Windows\GSetup.exe
[2006/07/20 23:37:35 | 000,031,661 | -H-- | C] () -- F:\Users\User\AppData\Roaming\logs.dat
 
========== LOP Check ==========
 
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/04/21 08:14:13 | 000,000,000 | ---D | M] -- F:\ProgramData\Battle.net
[2009/12/03 19:31:57 | 000,000,000 | ---D | M] -- F:\ProgramData\BioWare
[2009/11/18 15:14:22 | 000,000,000 | ---D | M] -- F:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2012/07/11 08:21:27 | 000,000,000 | ---D | M] -- F:\ProgramData\dktcldhbltotsge
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/10/26 05:48:40 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Core
[2012/05/22 13:41:16 | 000,000,000 | ---D | M] -- F:\ProgramData\EA Logs
[2011/10/26 05:48:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Electronic Arts
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2009/11/12 06:50:39 | 000,000,000 | ---D | M] -- F:\ProgramData\Futuremark
[2011/10/26 05:45:23 | 000,000,000 | ---D | M] -- F:\ProgramData\Origin
[2012/07/10 20:24:23 | 000,000,000 | ---D | M] -- F:\ProgramData\PMB Files
[2012/02/09 11:18:49 | 000,000,000 | ---D | M] -- F:\ProgramData\Ralink
[2012/02/09 12:21:56 | 000,000,000 | ---D | M] -- F:\ProgramData\Sitecom Driver
[2011/11/19 02:25:33 | 000,000,000 | ---D | M] -- F:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2009/11/18 02:47:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Ubisoft
[2009/11/18 14:27:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Vodafone
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2009/12/02 17:16:33 | 000,000,000 | -H-D | M] -- F:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2012/06/15 07:53:23 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/11/02 15:38:15 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2011/10/19 15:15:11 | 000,000,000 | ---D | M] -- F:\Games
[2011/04/22 13:34:51 | 000,000,000 | ---D | M] -- F:\NVIDIA
[2012/04/16 13:08:59 | 000,000,000 | R--D | M] -- F:\Program Files
[2012/06/18 10:09:25 | 000,000,000 | R--D | M] -- F:\Program Files (x86)
[2012/07/11 08:21:28 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2009/11/02 15:38:01 | 000,000,000 | -HSD | M] -- F:\Programme
[2009/11/02 15:38:02 | 000,000,000 | -HSD | M] -- F:\Recovery
[2012/07/08 13:00:56 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2011/04/22 13:37:52 | 000,000,000 | R--D | M] -- F:\Users
[2012/02/10 07:11:06 | 000,000,000 | ---D | M] -- F:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

was kann / muss ich jetzt tun, würde mich über eine antwort freuen.
weiterhin habe ich grade festgestellt das meine shell in der regristry trotzdem explorer.exe ist
das foto sieht so wie hier aus http://www.trojaner-board.de/116052-...-gesperrt.html
weiterhin lasse ich grade Malwarebytes laufen. (quickscan)

hier die malwarebytes quickscan log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.09.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
User :: RECHNER [Administrator]

Schutz: Deaktiviert

11.07.2012 22:22:16
mbam-log-2012-07-11 (22-38-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239660
Laufzeit: 3 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\User\Desktop\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Roaming\logs.dat (Bifrose.Trace) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\User\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\User\0.8768296038513202.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)

nach dem neustarten im normalenmodus war kurz der explorer zu sehen im gegensatz zu sonst... aber nach 5 sekunden war wieder der trojaner bildschirm da.

mal gucken was ein vollscan ausmacht, log folgt.

markusg · 11.07.2012, 20:05

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\User_ON_F..\Run: [shxqbzywmyvmmbe] F:\ProgramData\shxqbzyw.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\User_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\file\sc2betakeygen.exe
[2012/07/11 08:21:26 | 000,000,000 | ---D | C] -- F:\ProgramData\dktcldhbltotsge
[2012/07/11 08:21:23 | 000,065,536 | ---- | M] () -- F:\ProgramData\shxqbzyw.exe
:Files
C:\Windows\file
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Peschi · 11.07.2012, 21:33

soooo, wenn dann hab ich dir bzw euch zu danken

alsooo upload hat geklappt, normales windows geht und symbole waren gleich da, jetzt mal ne frage... im otl soll ich bei load remote user profiles ja drücken, da hab ich aber ne wahl von vielleicht 5 usern und ich hab immer localservice genommen da das standart mäßig ausgewählt war. hoffe das passt so.

und wärst du vielleicht noch so nett bevor das hier vorbei ist mir zu sagen wie ich so einen trojanerbefall vorbeugen kann?

dankeschön

markusg · 11.07.2012, 22:09

hatt nicht geklappt mit dem hochladen
www.file-upload.net dort hochladen link als private nachicht an mich

Peschi · 11.07.2012, 22:11

ab und zu zahlungsabwicklungen , wieso?

markusg · 12.07.2012, 21:24

hatte sich erledigt.
danke für die datei.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

bundespolizei ukash onlinepolice trojaner otl.log im thema

Plagegeister aller Art und deren Bekämpfung: bundespolizei ukash onlinepolice trojaner otl.log im thema