Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter

Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter


Plagegeister aller Art und deren Bekämpfung: Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.05.2013, 10:45   #1
Neved
 
Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter - Standard

Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter


Hy, hab das gleiche Problem wie einige andere hier auch! Hab auch schon mit OTLPENet.exe die ersten 2 logfile gemacht und wollte euch die mal zeigen wer mir dann weiter helfen kann denn bis jetzt is noch nix besser!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/30/2013 3:46:32 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 613.88 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive D: | 465.64 Gb Total Space | 217.23 Gb Free Space | 46.65% Space Free | Partition Type: FAT32
Drive E: | 3.74 Gb Total Space | 2.88 Gb Free Space | 77.05% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/17 14:11:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 16:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/04 11:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/19 09:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 06:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/05/08 14:29:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 14:29:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/01 03:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 03:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/23 13:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/05/20 05:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/03/01 16:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 05:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/20 15:12:31 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013/02/20 15:12:31 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/08 14:29:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 14:29:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/08 12:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/12/09 07:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/15 06:48:07 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011/10/01 03:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 03:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 03:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 03:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/20 18:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/07/13 08:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/07/13 08:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2010/11/29 22:11:06 | 000,056,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/01 07:01:52 | 000,062,080 | ---- | M] (Etron Technology Inc) [Kernel | Auto] -- C:\Windows\System32\Drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2010/11/01 07:01:50 | 000,038,144 | ---- | M] (Etron Technology Inc) [Kernel | Auto] -- C:\Windows\System32\Drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2009/11/23 11:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 11:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\Philipp_ON_C\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=270912_7a_3912_1&babsrc=HP_ss&mntrId=3615a4b200000000000050e5495594f3
IE - HKU\Philipp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Philipp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Philipp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Philipp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5C 63 A9 F2 B7 CC 01 [binary data]
IE - HKU\Philipp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Philipp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM: C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Philipp\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
 
[2012/09/29 11:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Philipp_ON_C..\Run: [ctfmon.exe] C:\ProgramData\h26zf.dat (Корпорация Майкрософт2)
O4 - HKU\Philipp_ON_C..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\Philipp_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Philipp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_C\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_C\..Trusted Domains: sony.com ([]* in )
O15:64bit: - Philipp_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Philipp_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Philipp_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Philipp_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - UpdatusUser_ON_C\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - UpdatusUser_ON_C\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - UpdatusUser_ON_C\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - UpdatusUser_ON_C\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Philipp_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Philipp_ON_C Winlogon: Shell - (C:\Users\Philipp\AppData\Roaming\skype.dat) - C:\Users\Philipp\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | RH-D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4da9f6ac-a71d-11e1-b2c8-50e5495594f3}\Shell - "" = AutoRun
O33 - MountPoints2\{4da9f6ac-a71d-11e1-b2c8-50e5495594f3}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/29 23:15:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/16 10:30:53 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 10:30:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/16 10:30:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/16 10:30:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 10:30:52 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/05/16 10:30:52 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/16 10:30:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/16 10:30:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/16 10:30:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 10:30:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/16 10:30:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/16 10:30:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/16 10:30:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/16 10:30:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/16 10:30:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/16 10:30:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 10:30:50 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/05/16 10:28:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/16 10:28:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/16 10:27:48 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/16 10:27:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2013/05/16 10:27:47 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/16 10:27:47 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/16 10:27:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/10 03:04:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\video
[2013/05/10 03:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2013/05/10 03:00:56 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2013/05/10 03:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter
[2013/05/10 02:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter
[2013/05/10 02:53:36 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\DSite
[2013/05/10 02:50:03 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Skype
[2013/05/10 02:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/10 02:47:37 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{2A84375E-6C71-4370-B8EF-29D2450351DA}
[2013/05/08 07:15:29 | 000,143,360 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\lzdwia.dat
[2013/05/08 07:15:29 | 000,143,360 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\h26zf.dat
[2013/05/08 06:57:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{9E115237-A4CA-43E4-854A-4317466C53D2}
[2013/05/06 07:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/05/06 07:09:57 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv64.dll
[2013/05/06 07:09:57 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/05/06 07:09:57 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/05/06 07:09:57 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/05/06 07:09:57 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/05/06 07:09:57 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/05/06 07:09:57 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/05/06 07:09:57 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/05/06 07:09:57 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/05/06 07:09:57 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/05/06 07:09:57 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/05/06 07:09:57 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/05/06 07:09:57 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco6431422.dll
[2013/05/06 07:09:57 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco6431422.dll
[2013/05/06 07:09:57 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/05/06 07:09:57 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinitx.dll
[2013/05/06 07:09:57 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/05/06 07:09:57 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda64v.sys
[2013/05/06 07:09:57 | 000,031,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap64.dll
[2013/05/06 06:54:59 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\{2AF66330-284F-4DBC-BBA9-7C21FE90504C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/29 18:28:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2013/05/29 17:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/29 17:32:44 | 000,020,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 17:32:44 | 000,020,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 17:31:56 | 000,000,004 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\skype.ini
[2013/05/29 17:29:39 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/29 11:03:20 | 000,708,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/29 11:03:20 | 000,661,754 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/29 11:03:20 | 000,153,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/29 11:03:20 | 000,125,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/28 10:14:36 | 000,275,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/12 10:53:03 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/05/10 09:12:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job
[2013/05/10 09:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/10 03:00:57 | 000,001,169 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2013/05/10 03:00:57 | 000,001,145 | ---- | M] () -- C:\Users\Philipp\Desktop\Free Video Converter.lnk
[2013/05/10 02:54:41 | 000,000,000 | ---- | M] () -- C:\end
[2013/05/10 02:49:59 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 07:24:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\fz62h.pad
[2013/05/08 07:15:32 | 095,023,320 | ---- | M] () -- C:\ProgramData\aiwdzl.pad
[2013/05/08 07:15:32 | 000,000,151 | ---- | M] () -- C:\ProgramData\fz62h.reg
[2013/05/08 07:15:32 | 000,000,055 | ---- | M] () -- C:\ProgramData\fz62h.bat
[2013/05/08 07:15:29 | 000,143,360 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\lzdwia.dat
[2013/05/08 07:15:29 | 000,143,360 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\h26zf.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/28 10:15:46 | 000,000,004 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\skype.ini
[2013/05/10 03:01:36 | 000,001,201 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk
[2013/05/10 03:00:57 | 000,001,169 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2013/05/10 03:00:57 | 000,001,145 | ---- | C] () -- C:\Users\Philipp\Desktop\Free Video Converter.lnk
[2013/05/10 02:53:36 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/05/10 02:53:34 | 000,000,000 | ---- | C] () -- C:\end
[2013/05/10 02:49:59 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/08 07:15:32 | 000,000,151 | ---- | C] () -- C:\ProgramData\fz62h.reg
[2013/05/08 07:15:32 | 000,000,055 | ---- | C] () -- C:\ProgramData\fz62h.bat
[2013/05/08 07:15:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\fz62h.pad
[2013/05/08 07:15:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\aiwdzl.pad
[2012/11/18 05:34:53 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat
[2012/05/26 07:52:22 | 000,040,023 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\UserTile.png
[2012/05/17 14:25:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/01/30 09:49:12 | 000,004,608 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 05:58:15 | 000,098,304 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\skype.dat
[2011/11/10 08:00:40 | 001,622,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/09/29 12:11:19 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\4Free
[2012/09/29 11:58:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon
[2013/05/10 02:53:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DSite
[2013/04/19 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoft
[2012/10/07 03:32:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/07/22 09:39:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Firstload
[2013/05/10 03:01:59 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FreeVideoConverter
[2012/09/29 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\MOVAVI
[2012/11/14 03:14:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenCandy
[2012/10/15 15:54:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\SoftGrid Client
[2012/05/26 07:48:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sony
[2012/06/24 08:59:38 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Temp
[2012/03/08 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TP
[2012/04/27 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client
[2012/10/07 03:33:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012/09/29 11:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/08/29 11:35:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2012/10/07 03:33:10 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2013/02/21 04:25:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2013/02/21 04:26:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/11/24 15:23:02 | 000,000,000 | ---D | M] -- C:\ProgramData\HappyCloud
[2011/12/15 07:45:51 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2012/07/17 10:21:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PrintProjects
[2012/07/10 11:13:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/01/30 09:42:19 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2012/10/07 03:33:15 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/11/18 05:30:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Turbine
[2012/03/09 13:46:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2012/07/17 10:21:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Visan
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/11 14:46:10 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/12/12 05:44:12 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/10/07 03:33:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/05/12 10:53:03 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\DSite.job
[2013/05/10 09:12:00 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\PrintProjects Communicator.job
[2012/12/19 11:16:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/04/11 14:46:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/12/08 05:51:23 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/07/27 14:55:46 | 000,000,000 | ---D | M] -- C:\Crash
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012/06/19 14:35:55 | 000,000,000 | ---D | M] -- C:\Games
[2011/12/08 05:59:17 | 000,000,000 | ---D | M] -- C:\Intel
[2012/09/14 03:49:25 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/03/30 12:06:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/05/12 10:37:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/05/12 10:37:55 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2011/12/11 06:45:28 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/05/29 23:15:32 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013/05/29 11:04:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/09/14 03:52:12 | 000,000,000 | ---D | M] -- C:\temp
[2012/07/12 14:44:40 | 000,000,000 | ---D | M] -- C:\THE_WALKING_DEAD_DVD_1 [C-XC M T-199 S-1 A-DE Q-125]
[2011/12/11 06:48:59 | 000,000,000 | R--D | M] -- C:\Users
[2013/05/29 18:28:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS >
[2011/05/20 03:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\Drivers\iastor\iaStor.sys
[2011/05/20 03:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\OemDrv\iaStor.sys
[2011/05/20 03:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\System32\drivers\iaStor.sys
[2011/05/20 03:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
[2011/05/20 03:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_b8d31a7001998667\iaStor.sys
 
< MD5 for: IASTORV.SYS >
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL >
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\System32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL >
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\System32\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\System32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
< End of report >
--- --- ---
 

Themen zu Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
adobe, antivir, avira, bho, bingbar, bonjour, converter, defender, desktop, downloader, error, explorer, firefox, flash player, format, helper, home, launch, logfile, mp3, object, plug-in, problem, realtek, registry, rundll, scan, software


« GVU Trojaner hat Laptop erwischt | GVU Trojaner - PC gesperrt - Windows XP »


Ähnliche Themen: Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter


  1. Windows XP: GVU Sperrbildschirm, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.05.2014 (17)
  2. Windows7/64 fährt im abgesicherten Modus sofort wieder runter, Sicherheitscenter bleibt abgehdreht & Netzwerkadapter finden kein Netzwerk
    Log-Analyse und Auswertung - 23.04.2014 (8)
  3. Interpol-Sperrbildschirm, Win XP, kein abgesicherter Modus klappt - dauernder Neustart
    Log-Analyse und Auswertung - 02.03.2014 (5)
  4. Sperrbildschirm Bundespolizei - kein abgesicherter Modus möglich!
    Log-Analyse und Auswertung - 11.01.2014 (15)
  5. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  6. GVU und Bundeskriminalamt Trojaner,PC fährt im abgesicherten modus sofort wieder runter
    Log-Analyse und Auswertung - 09.12.2013 (12)
  7. Win7 SP1 64Bit hängt nach Anmeldung / Fährt im abgesicherten Modus sofort runter
    Log-Analyse und Auswertung - 05.12.2013 (3)
  8. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  9. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  10. Trojaner "urheberrecht Verletzung usw." Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (16)
  11. Trojaner, Abgesicherter Modus fährt sofort wieder runter
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (40)
  12. GVU Trojaner - Abgesicherter Modus fährt direkt runter
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (20)
  13. GVU Trojaner - Abgesicherter Modus fährt runter
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (14)
  14. Polizeivirus, Sperrbildschirm, kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  15. Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 16.05.2013 (20)
  16. Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  17. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter - Hy, hab das gleiche Problem wie einige andere hier auch! Hab auch schon mit OTLPENet.exe die ersten 2 logfile gemacht und wollte euch die mal zeigen wer mir dann weiter - Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter...
Archiv
Du betrachtest: Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131