| |
| |||||||
Log-Analyse und Auswertung: AKM TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.10.2012, 17:24
| #1 |
| |  AKM Trojaner Liebes Trojaner Board Team! Mein Sohn wollte gestern Minecraft Mods herunterladen. Ueber ein Youtube-Video wurde er auf eine falsche Minecraft-Seite geleitet und hat dort den AKM-Trojaner heruntergeladen. Ich habe eure wirklich tolle Beschreibung befolgt und den OTLPE-Scanner laufen lassen. Habe versucht die OTL.Txt anzuhaengen, was aber aufgrund der Dateigroesse nicht funktionierte. Bin nicht sicher ob ich es jetzt richtig mache, wenn ich euch den Code ins Posting einkopiere. Wenn nicht bitte sagt mir wie ihr es gerne haettet. OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/3/2012 4:50:08 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 2000 6139 [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.84 Mb Free Space | 75.85% Space Free | Partition Type: NTFS
Drive H: | 931.41 Gb Total Space | 748.93 Gb Free Space | 80.41% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/07/06 21:50:54 | 000,203,264 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 10:30:38 | 000,031,272 | ---- | M] () [On_Demand] -- H:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012/09/21 13:48:47 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/14 11:27:16 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/01 19:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 18:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/03 09:07:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- H:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- H:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/15 08:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto] -- H:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/08/24 08:38:06 | 000,068,136 | ---- | M] () [Auto] -- H:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 10:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/10 22:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- H:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/02 09:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 04:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/24 18:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- H:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/02/15 05:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/06 22:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/06 21:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 05:56:38 | 000,021,544 | ---- | M] () [Kernel | System] -- H:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 05:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/22 04:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand] -- H:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/01/26 23:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/07 14:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/12/07 14:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/12 10:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2012/10/02 13:34:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- H:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/06/02 03:57:50 | 000,030,528 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 11:57:04 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto] -- H:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Klaus_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\Klaus_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Klaus_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\Klaus_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE - HKU\Klaus_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Klaus_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "SearchAmong"
FF - prefs.js..keyword.URL: "hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query="
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchamong.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_278.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 16:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/01/10 16:11:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Klaus\AppData\Roaming\Mozilla\Extensions
[2012/01/15 04:50:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\abukd2pj.default\extensions
[2012/01/15 04:50:25 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\abukd2pj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/01 12:54:33 | 000,006,435 | ---- | M] () -- H:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\abukd2pj.default\searchplugins\SearchAmong.xml
[2012/02/05 04:47:13 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/05 04:47:13 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/21 03:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 01:08:50 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 01:02:40 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 01:08:50 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 01:08:50 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 01:08:50 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 01:08:50 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Klaus_ON_H\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Klaus_ON_H\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] H:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] H:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] H:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Klaus_ON_H..\Run: [OscarEditor] H:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe ()
O4 - HKU\Klaus_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O4 - Startup: H:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - H:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Klaus_ON_H\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4704c8e4-fc5c-11e1-8609-1c6f654e38b7}\Shell - "" = AutoRun
O33 - MountPoints2\{4704c8e4-fc5c-11e1-8609-1c6f654e38b7}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{a67b41ff-fca0-11e1-81a9-1c6f654e38b7}\Shell - "" = AutoRun
O33 - MountPoints2\{a67b41ff-fca0-11e1-81a9-1c6f654e38b7}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{c9756b13-e1d2-11e0-8feb-1c6f654e38b7}\Shell - "" = AutoRun
O33 - MountPoints2\{c9756b13-e1d2-11e0-8feb-1c6f654e38b7}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{dc18849d-36a6-11e0-8070-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc18849d-36a6-11e0-8070-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
========== Files/Folders - Created Within 30 Days ==========
[2012/10/01 15:07:13 | 000,000,000 | ---D | C] -- H:\Users\Klaus\Desktop\saves
[2012/10/01 14:14:09 | 000,000,000 | ---D | C] -- H:\Users\Klaus\AppData\Roaming\.Nitrous
[2012/10/01 14:12:54 | 000,000,000 | ---D | C] -- H:\Users\Klaus\Desktop\Sonic Ether's Unbelievable Shaders v08 (Windows)
[2012/10/01 14:03:56 | 000,000,000 | ---D | C] -- H:\Users\Klaus\AppData\Roaming\WinRAR
[2012/10/01 14:03:56 | 000,000,000 | ---D | C] -- H:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/10/01 14:03:56 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/10/01 14:03:44 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\WinRAR
[2012/10/01 12:54:02 | 000,442,048 | ---- | C] (W3i, LLC) -- H:\Users\Klaus\AppData\Roaming\vioer.exe
[2012/10/01 12:53:59 | 000,525,312 | ---- | C] (BrowserSetter) -- H:\Users\Klaus\AppData\Roaming\bsetter-adfly.exe
[2012/10/01 12:53:59 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
[2012/10/01 12:53:58 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\VIO Player
[2012/10/01 12:53:31 | 006,312,677 | ---- | C] (VIO ) -- H:\Users\Klaus\AppData\Roaming\vio_clean.exe
[2012/10/01 12:53:27 | 000,419,554 | ---- | C] (SearchAmong ) -- H:\Users\Klaus\AppData\Roaming\satoolbar.exe
[2012/09/29 05:44:14 | 000,000,000 | ---D | C] -- H:\Users\Klaus\AppData\Roaming\dvdcss
[2012/09/26 06:57:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\OxpsConverter.exe
[2012/09/22 04:17:40 | 000,735,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/09/22 04:17:39 | 000,627,712 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/09/22 04:17:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/09/22 04:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/09/22 04:17:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/09/22 04:17:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/09/22 04:17:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/09/22 04:17:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/09/12 02:07:13 | 000,135,168 | ---- | C] (ZTE Corporation) -- H:\Windows\System32\drivers\ZTEusbnet.sys
[2012/09/12 02:07:13 | 000,121,344 | ---- | C] (ZTE Incorporated) -- H:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/09/12 02:07:13 | 000,121,344 | ---- | C] (ZTE Incorporated) -- H:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/09/12 02:07:13 | 000,121,344 | ---- | C] (ZTE Incorporated) -- H:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/09/12 02:07:13 | 000,011,776 | ---- | C] (MBB Incorporated) -- H:\Windows\System32\drivers\massfilter.sys
[2012/09/12 02:07:10 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbnet.sys
[2012/09/12 02:07:10 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys
[2012/09/12 02:07:10 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbdev.sys
[2012/09/12 02:07:10 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys
[2012/09/12 02:07:00 | 000,000,000 | -H-D | C] -- H:\ProgramData\{E20C9620-7DFA-4C75-8F3B-02E4B3F4D981}
[2012/09/12 02:06:58 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\A1 Dashboard
[2012/09/12 02:06:58 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1
[2012/09/11 15:49:11 | 000,574,464 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll
[2012/09/11 15:49:11 | 000,490,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\d3d10level9.dll
[2012/09/11 15:49:11 | 000,376,688 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\netio.sys
[2012/09/11 15:49:11 | 000,288,624 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/11 15:48:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\RNDISMP.sys
[2 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/10/02 13:34:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- H:\Windows\gdrv.sys
[2012/10/02 13:34:44 | 000,001,104 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/02 13:34:35 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2012/10/02 13:34:31 | 3219,300,352 | -HS- | M] () -- H:\hiberfil.sys
[2012/10/02 12:48:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/02 12:45:00 | 000,001,108 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 12:32:08 | 000,000,687 | ---- | M] () -- H:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/10/02 12:32:07 | 000,503,516 | ---- | M] () -- H:\Users\Klaus\AppData\Roaming\1.exe
[2012/10/02 12:31:55 | 000,015,024 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 12:31:55 | 000,015,024 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 12:24:50 | 002,397,256 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/10/01 14:03:56 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/10/01 12:54:04 | 000,442,048 | ---- | M] (W3i, LLC) -- H:\Users\Klaus\AppData\Roaming\vioer.exe
[2012/10/01 12:54:01 | 000,525,312 | ---- | M] (BrowserSetter) -- H:\Users\Klaus\AppData\Roaming\bsetter-adfly.exe
[2012/10/01 12:53:59 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
[2012/10/01 12:53:57 | 006,312,677 | ---- | M] (VIO ) -- H:\Users\Klaus\AppData\Roaming\vio_clean.exe
[2012/10/01 12:53:29 | 000,419,554 | ---- | M] (SearchAmong ) -- H:\Users\Klaus\AppData\Roaming\satoolbar.exe
[2012/09/26 17:46:45 | 000,002,370 | ---- | M] () -- H:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/21 13:48:47 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 13:48:47 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/12 02:07:53 | 000,001,016 | ---- | M] () -- H:\Users\Public\Desktop\A1 Dashboard.lnk
[2012/09/12 02:07:53 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\A1
[2 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/10/02 12:32:08 | 000,000,687 | ---- | C] () -- H:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/10/02 12:31:56 | 000,503,516 | ---- | C] () -- H:\Users\Klaus\AppData\Roaming\1.exe
[2012/09/12 02:06:59 | 000,001,016 | ---- | C] () -- H:\Users\Public\Desktop\A1 Dashboard.lnk
[2012/06/07 05:31:22 | 000,004,096 | -H-- | C] () -- H:\Users\Klaus\AppData\Local\keyfile3.drm
[2012/02/12 10:11:47 | 000,032,256 | ---- | C] () -- H:\Windows\SysWow64\AVSredirect.dll
[2011/12/11 06:45:25 | 000,039,095 | ---- | C] () -- H:\Windows\iccsigs.dat
[2011/12/11 06:45:23 | 000,112,688 | ---- | C] () -- H:\Windows\SysWow64\shw32.dll
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/07/03 09:13:41 | 002,463,976 | ---- | C] () -- H:\Windows\SysWow64\NPSWF32.dll
[2011/07/03 03:27:19 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/10 21:23:44 | 000,015,873 | ---- | C] () -- H:\Windows\SysWow64\Inetde.dll
[2011/06/09 16:16:14 | 000,000,025 | ---- | C] () -- H:\Windows\CDE DX7400DEFGIPS.ini
[2011/06/09 16:00:22 | 000,030,528 | ---- | C] () -- H:\Windows\GVTDrv64.sys
[2011/06/09 15:59:50 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2011/06/09 15:57:49 | 000,002,857 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/09 15:38:35 | 000,000,010 | ---- | C] () -- H:\Windows\GSetup.ini
[2011/06/09 15:21:06 | 000,007,605 | ---- | C] () -- H:\Users\Klaus\AppData\Local\Resmon.ResmonCfg
[2011/03/21 15:32:04 | 000,000,400 | ---- | C] () -- H:\Windows\ODBC.INI
[2010/06/08 09:19:24 | 000,692,224 | ---- | C] () -- H:\Windows\SysWow64\libeay32.dll
[2010/06/08 09:19:24 | 000,151,552 | ---- | C] () -- H:\Windows\SysWow64\ssleay32.dll
[2010/04/20 10:31:43 | 000,936,832 | ---- | C] () -- H:\Windows\SysWow64\M2ElevatedCalls.dll
[2009/08/27 03:04:12 | 000,207,400 | R--- | C] () -- H:\Windows\GSetup.exe
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- H:\Windows\SysWow64\OUTLPERF.INI
========== LOP Check ==========
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/02/05 04:47:52 | 000,000,000 | ---D | M] -- H:\ProgramData\Ask
[2012/02/12 10:05:17 | 000,000,000 | ---D | M] -- H:\ProgramData\Babylon
[2012/06/12 13:35:02 | 000,000,000 | ---D | M] -- H:\ProgramData\Battle.net
[2011/11/26 09:25:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Codemasters
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/01/05 08:52:30 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2011/07/03 03:47:50 | 000,000,000 | ---D | M] -- H:\ProgramData\EPSON
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2011/03/21 15:20:55 | 000,000,000 | ---D | M] -- H:\ProgramData\m2backup
[2011/03/21 15:23:09 | 000,000,000 | ---D | M] -- H:\ProgramData\m2portal
[2012/09/12 02:07:57 | 000,000,000 | ---D | M] -- H:\ProgramData\mquadr.at
[2012/01/05 08:55:24 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/03/21 15:19:43 | 000,000,000 | -H-D | M] -- H:\ProgramData\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32}
[2011/03/21 14:05:05 | 000,000,000 | -H-D | M] -- H:\ProgramData\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960}
[2011/03/21 14:05:01 | 000,000,000 | -H-D | M] -- H:\ProgramData\{392ECEAB-FD15-485B-8C44-C2C591EDECB5}
[2011/07/11 03:04:43 | 000,000,000 | ---D | M] -- H:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/03/21 15:19:51 | 000,000,000 | -H-D | M] -- H:\ProgramData\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7}
[2012/09/12 02:07:47 | 000,000,000 | -H-D | M] -- H:\ProgramData\{E20C9620-7DFA-4C75-8F3B-02E4B3F4D981}
[2011/10/31 08:05:58 | 000,027,090 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/01/02 22:05:53 | 000,000,000 | -HSD | M] -- H:\$Recycle.Bin
[2011/06/09 15:05:38 | 000,000,000 | ---D | M] -- H:\bc01a9a8d14bfdab24678f6273
[2012/08/23 11:36:24 | 000,000,000 | ---D | M] -- H:\Claudia
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\Documents and Settings
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen
[2012/07/28 02:15:10 | 000,000,000 | ---D | M] -- H:\Downloads
[2011/09/14 01:45:45 | 000,000,000 | ---D | M] -- H:\Kleine historische Städte in Österreich -*Home-Dateien
[2011/12/25 04:18:55 | 000,000,000 | ---D | M] -- H:\MRecord
[2011/03/21 15:29:07 | 000,000,000 | RH-D | M] -- H:\MSOCache
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- H:\PerfLogs
[2012/04/13 22:30:56 | 000,000,000 | R--D | M] -- H:\Program Files
[2012/10/01 14:03:44 | 000,000,000 | R--D | M] -- H:\Program Files (x86)
[2012/09/12 02:07:00 | 000,000,000 | -H-D | M] -- H:\ProgramData
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\Programme
[2011/02/12 09:23:14 | 000,000,000 | -HSD | M] -- H:\Recovery
[2012/10/01 20:38:18 | 000,000,000 | -HSD | M] -- H:\System Volume Information
[2011/02/12 09:23:19 | 000,000,000 | R--D | M] -- H:\Users
[2012/08/18 21:41:08 | 000,000,000 | ---D | M] -- H:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
[\code] Bitte um weiter Anweisungen wie ich dieses ueble Ding wieder los werde und noch zwei Fragen. 1) Muss ich nach der Entfernung des Trojaners formatieren? 2) Wenn ich formatieren muss, kann ich Daten retten ohne Gefahr zu laufen den Trojaner mitzunehmen? VIELEN DANK fuer eure Hilfe! lg Klaus Liebes Trojaner-Board-Team! Habe leider zu spaet gesehen, dass ich auch noch den Defogger laufen lassen soll. Hab dies nun durchgefuehrt und Defogger ist mit einer Fehlermeldung stehen geblieben. Hier das Log. [Code] defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:35 on 03/10/2012 (%username%) Checking for autostart values... HKCU\~\Run values retrieved. Unable to open HKLM\~\Run key (2) HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- [\code] lg Klaus |
| Themen zu AKM Trojaner |
| adobe, antivir, autorun, avira, bonjour, browser, desktop, firefox, flash player, format, intranet, logfile, malware.packer.gen, nicht sicher, plug-in, pup.chromepasswordtool, pup.wirelessnetworktool, realtek, registry, rundll, security, server, software, trojan.agent.ai, trojaner, trojaner board, usb 3.0 |
Baum-Darstellung