Bundestrojaner

haudegen · 22.03.2012, 13:32

Gruesse,

ich hab mir gestern den Bundestrojaner eingefangen.
Explorer gesperrt und es wird nur noch dieses Bild mit der Aufforderung zur Ueberweisung angezeigt.

Hier der Log von OTL.
Wird noch etwas benoetigt?

mfg haudegen

Code:

ATTFilter

OTL logfile created on: 3/22/2012 3:16:31 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 330.71 Gb Free Space | 35.51% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 35.11 Gb Free Space | 3.77% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/02/14 23:13:00 | 000,235,520 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/17 09:53:33 | 000,076,888 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/18 11:02:00 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto] -- D:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 11:01:52 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto] -- D:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 10:04:52 | 011,839,488 | ---- | M] () [On_Demand] -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/01/18 08:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto] -- D:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/29 17:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto] -- D:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/07/21 06:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/14 23:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/02/14 23:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 22:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/18 11:02:28 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 10:59:48 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 08:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 08:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/12/23 13:49:35 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/23 10:48:27 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/12 08:47:39 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011/10/12 08:47:39 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/29 17:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/10 11:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/08 09:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/28 13:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/26 13:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/07/21 06:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/21 06:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/19 05:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/03/18 08:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 08:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 11:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 11:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 09:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 09:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/08/23 07:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 20:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/10/11 05:40:00 | 000,027,648 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV:64bit: - [2006/12/26 08:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/03/28 19:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011/08/18 14:43:50 | 000,027,808 | ---- | M] () [Kernel | On_Demand] -- D:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2008/07/26 17:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand] -- D:\Users\Jensen\Desktop\OC\RealTemp_370\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2006/12/26 08:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Jensen_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C F1 06 50 75 9A CC 01  [binary data]
IE - HKU\Jensen_ON_D\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Reg Error: Key error. File not found
IE - HKU\Jensen_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: D:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.110.0: D:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.116.0: D:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.96.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Jensen\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/25 15:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 08:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 10:01:31 | 000,000,000 | ---D | M]
 
[2011/08/24 09:05:16 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Extensions
[2012/03/15 15:27:51 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions
[2012/03/15 15:27:51 | 000,000,000 | ---D | M] (Flagfox) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/12/24 07:34:19 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/16 04:05:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\DeviceDetection@logitech.com
[2011/08/30 17:16:00 | 000,000,000 | ---D | M] (Facemoods) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\ffxtlbr@Facemoods.com
[2012/03/08 14:53:24 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- D:\Users\Jensen\AppData\Roaming\Mozilla\Firefox\Profiles\rx8byvto.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2012/01/06 18:20:13 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\USERS\JENSEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RX8BYVTO.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2012/03/17 08:23:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 17:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/11/04 23:38:54 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/04 23:32:18 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:38:54 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/30 17:16:01 | 000,002,048 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/04 23:38:54 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 23:38:54 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 23:38:54 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/02/21 17:51:27 | 000,001,162 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 flashfxp.com 
O1 - Hosts: 127.0.0.1 flashfxp.org 
O1 - Hosts: 127.0.0.1 flashfxp.ws 
O1 - Hosts: 127.0.0.1 www.flashfxp.com 
O1 - Hosts: 127.0.0.1 www.flashfxp.org 
O1 - Hosts: 127.0.0.1 www.flashfxp.ws 
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net/verify.php 
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net 
O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com 
O1 - Hosts: 127.0.0.1 update.inicom.net 
O1 - Hosts: 127.0.0.1 update.flashfxp.com
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\Jensen_ON_D\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - D:\Program Files (x86)\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AutoShutdownManager]  File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] D:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\Jensen_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Jensen_ON_D..\Run: [LightScribe Control Panel]  File not found
O4 - HKU\Jensen_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe - Verknüpfung.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk ()
O4 - Startup: D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Jensen_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jensen_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{351e5517-d30b-11e0-a0aa-0022156a903d}\Shell - "" = AutoRun
O33 - MountPoints2\{351e5517-d30b-11e0-a0aa-0022156a903d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a9a25a27-f3f1-11e0-b2af-0022156a903d}\Shell - "" = AutoRun
O33 - MountPoints2\{a9a25a27-f3f1-11e0-b2af-0022156a903d}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - D:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/20 11:22:02 | 000,000,000 | ---D | C] -- D:\Poker
[2012/03/14 22:03:46 | 005,559,152 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2012/03/14 22:03:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 22:03:46 | 003,913,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 13:53:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2012/03/14 13:53:35 | 001,077,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2012/03/14 04:40:21 | 000,000,000 | ---D | C] -- D:\ProgramData\ATI
[2012/03/14 04:35:19 | 000,000,000 | ---D | C] -- D:\ProgramData\AMD
[2012/03/14 04:35:18 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AMD AVT
[2012/03/14 04:35:17 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\AMD APP
[2012/03/14 04:35:06 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/14 04:31:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorekmts.dll
[2012/03/14 04:31:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpwsx.dll
[2012/03/14 04:31:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdrmemptylst.exe
[2012/03/14 04:31:20 | 001,112,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcorets.dll
[2012/03/14 04:31:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\rdpcore.dll
[2012/03/14 04:31:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\rdpcore.dll
[2012/03/12 17:26:32 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\Bücher
[2012/03/12 12:58:04 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\dvdcss
[2012/03/11 22:01:00 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\Wat
[2012/03/11 22:01:00 | 000,000,000 | ---D | C] -- D:\Windows\System32\Wat
[2012/03/10 02:42:29 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012/03/05 12:41:04 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\Natural Selection 2
[2012/03/04 08:48:40 | 000,063,088 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\vmx86.sys
[2012/03/04 08:48:12 | 000,354,416 | ---- | C] (VMware, Inc.) -- D:\Windows\SysWow64\vmnetdhcp.exe
[2012/03/04 08:48:11 | 000,433,264 | ---- | C] (VMware, Inc.) -- D:\Windows\SysWow64\vmnat.exe
[2012/03/04 08:48:10 | 000,030,320 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\vmnetuserif.sys
[2012/03/04 08:48:08 | 000,942,192 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\vnetlib64.dll
[2012/03/04 08:48:05 | 000,039,024 | ---- | C] (VMware, Inc.) -- D:\Windows\System32\drivers\hcmon.sys
[2012/03/04 08:47:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/03/04 08:47:35 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\VMware
[2012/03/04 08:47:30 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\VMware
[2012/03/04 08:42:20 | 000,000,000 | ---D | C] -- D:\Windows\XSxS
[2012/03/04 08:42:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Xenocode
[2012/03/04 08:39:28 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Documents\Virtual Machines
[2012/03/04 08:16:59 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\Shared Virtual Machines
[2012/03/02 13:34:46 | 000,000,000 | -H-D | C] -- D:\ProgramData\CanonBJ
[2012/02/25 11:07:21 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\oscam-svn6451-mips-freetz-webif-libusb-Distribution
[2012/02/25 11:05:03 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\oscam
[2012/02/24 17:48:17 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eufloria
[2012/02/24 10:30:56 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Local\MooExt
[2012/02/24 10:29:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Diablo III Beta
[2012/02/24 10:29:53 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/02/24 10:29:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Battle.net
[2012/02/24 06:09:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/24 06:09:47 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Android
[2012/02/23 08:04:55 | 000,000,000 | ---D | C] -- D:\eclipse3.7
[2012/02/23 06:47:43 | 000,000,000 | ---D | C] -- D:\Users\Jensen\AppData\Local\Eclipse
[2012/02/23 06:35:05 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Desktop\Java
[2012/02/23 06:33:08 | 000,000,000 | ---D | C] -- D:\Program Files\Oracle
[2012/02/23 06:32:35 | 000,750,488 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\npdeployJava1.dll
[2012/02/23 06:32:35 | 000,265,096 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/02/23 06:32:35 | 000,188,808 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/02/23 06:32:35 | 000,188,808 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/02/23 06:30:30 | 091,662,296 | ---- | C] (Oracle Corporation) -- D:\Users\Jensen\Desktop\jdk-7u3-windows-x64.exe
[2012/02/23 06:18:37 | 000,000,000 | ---D | C] -- D:\Users\Jensen\Documents\Paradox Interactive
[2012/02/23 06:11:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/22 04:56:15 | 3220,475,904 | -HS- | M] () -- D:\hiberfil.sys
[2012/03/21 21:08:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/03/21 20:43:50 | 000,012,608 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 20:43:50 | 000,012,608 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 20:40:36 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 20:38:23 | 000,001,059 | ---- | M] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk
[2012/03/21 20:28:01 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 11:49:20 | 000,660,382 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/03/21 11:49:20 | 000,621,658 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/03/21 11:49:20 | 000,132,280 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/03/21 11:49:20 | 000,108,504 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/03/20 11:22:06 | 000,000,721 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk
[2012/03/17 08:26:36 | 000,477,855 | ---- | M] () -- D:\Users\Jensen\Desktop\AudioCover.exe
[2012/03/16 16:47:04 | 000,277,662 | R--- | M] () -- D:\Users\Jensen\Documents\eDark Vlc.vlt
[2012/03/14 22:21:13 | 000,413,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/03/14 04:35:18 | 000,002,047 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 04:35:18 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/14 04:35:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/10 02:42:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
[2012/03/05 14:34:17 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/05 12:19:56 | 000,000,186 | ---- | M] () -- D:\Users\Jensen\Desktop\Natural Selection 2.url
[2012/03/04 08:47:51 | 001,535,084 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/04 08:47:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/03/04 08:17:25 | 000,001,024 | ---- | M] () -- D:\.rnd
[2012/03/02 14:38:23 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/02 14:38:23 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2012/03/02 14:38:03 | 000,282,864 | ---- | M] () -- D:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/27 12:18:05 | 000,001,001 | ---- | M] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 17:41:35 | 109,087,511 | ---- | M] () -- D:\Users\Jensen\Desktop\E2.07.rar
[2012/02/24 06:09:48 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
[2012/02/23 07:59:07 | 424,451,841 | ---- | M] () -- D:\Users\Jensen\Desktop\eclipse3-7webtools.zip
[2012/02/23 07:35:19 | 020,933,759 | ---- | M] () -- D:\Users\Jensen\Desktop\mdt-uml2tools-SDK-incubation-0.9.0.zip
[2012/02/23 07:28:41 | 016,953,179 | ---- | M] () -- D:\Users\Jensen\Desktop\mdt-uml2-SDK-3.2.1.zip
[2012/02/23 06:32:32 | 000,188,808 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/02/23 06:32:32 | 000,188,808 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/02/23 06:30:57 | 091,662,296 | ---- | M] (Oracle Corporation) -- D:\Users\Jensen\Desktop\jdk-7u3-windows-x64.exe
[2012/02/23 06:11:09 | 000,001,637 | ---- | M] () -- D:\Users\Public\Desktop\Crusader Kings II.lnk
[2012/02/23 06:11:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[2012/02/21 17:58:37 | 000,021,128 | ---- | M] () -- D:\Users\Jensen\Desktop\fxp.ftp
 
========== Files Created - No Company Name ==========
 
[2012/03/21 20:38:23 | 000,001,059 | ---- | C] () -- D:\Users\Jensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6671489980932395.exe.lnk
[2012/03/20 11:22:06 | 000,000,721 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poker 770.lnk
[2012/03/17 08:26:28 | 000,477,855 | ---- | C] () -- D:\Users\Jensen\Desktop\AudioCover.exe
[2012/03/16 16:47:13 | 000,277,662 | R--- | C] () -- D:\Users\Jensen\Documents\eDark Vlc.vlt
[2012/03/14 04:35:18 | 000,002,047 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/05 12:19:56 | 000,000,186 | ---- | C] () -- D:\Users\Jensen\Desktop\Natural Selection 2.url
[2012/02/24 17:23:37 | 109,087,511 | ---- | C] () -- D:\Users\Jensen\Desktop\E2.07.rar
[2012/02/23 07:55:04 | 424,451,841 | ---- | C] () -- D:\Users\Jensen\Desktop\eclipse3-7webtools.zip
[2012/02/23 07:35:13 | 020,933,759 | ---- | C] () -- D:\Users\Jensen\Desktop\mdt-uml2tools-SDK-incubation-0.9.0.zip
[2012/02/23 07:28:23 | 016,953,179 | ---- | C] () -- D:\Users\Jensen\Desktop\mdt-uml2-SDK-3.2.1.zip
[2012/02/23 06:11:09 | 000,001,637 | ---- | C] () -- D:\Users\Public\Desktop\Crusader Kings II.lnk
[2012/02/21 17:57:46 | 000,021,128 | ---- | C] () -- D:\Users\Jensen\Desktop\fxp.ftp
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat
[2012/02/14 17:05:16 | 000,054,784 | ---- | C] () -- D:\Windows\SysWow64\OVDecode.dll
[2012/02/09 04:52:00 | 000,000,000 | ---- | C] () -- D:\Windows\Bench32.INI
[2012/02/01 07:55:06 | 000,000,000 | ---- | C] () -- D:\Users\Jensen\AppData\Local\{706D02F1-D6DA-4473-A9E4-196E6B1B0764}
[2012/01/31 01:00:24 | 000,016,896 | ---- | C] () -- D:\Windows\SysWow64\kdbsdk32.dll
[2012/01/27 12:19:40 | 000,024,576 | ---- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2012/01/27 12:19:40 | 000,014,392 | ---- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2012/01/17 09:31:28 | 000,000,017 | ---- | C] () -- D:\Users\Jensen\AppData\Local\resmon.resmoncfg
[2011/12/30 09:28:14 | 000,000,113 | ---- | C] () -- D:\Windows\(null)toolkit.ini
[2011/12/02 12:45:52 | 000,282,864 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/12/02 12:45:45 | 000,076,888 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/11/01 06:34:18 | 000,139,432 | -H-- | C] () -- D:\Windows\SysWow64\mlfcache.dat
[2011/10/31 04:39:15 | 000,004,250 | ---- | C] () -- D:\Windows\Sandboxie.ini
[2011/10/25 16:21:34 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\OVDecoder.dll
[2011/10/08 17:15:37 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/09/20 09:18:29 | 001,535,084 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/14 03:08:25 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/09/09 12:58:09 | 000,002,394 | ---- | C] () -- D:\Users\Jensen\AppData\Roaming\default.rss
[2011/09/09 12:57:20 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini
[2011/09/03 06:52:20 | 000,000,039 | ---- | C] () -- D:\Windows\Irremote.ini
[2011/08/26 09:12:13 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/08/24 08:52:58 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012/03/14 04:35:19 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2012/02/24 10:29:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Battle.net
[2011/12/28 06:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2012/03/02 13:34:46 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/12/08 05:57:48 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2011/08/24 08:56:48 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/09/29 12:35:32 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/02/18 10:52:34 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2011/10/26 06:42:45 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2011/08/25 05:43:47 | 000,000,000 | ---D | M] -- D:\ProgramData\FlashFXP
[2011/09/29 12:10:25 | 000,000,000 | ---D | M] -- D:\ProgramData\FreeHideIP
[2011/10/14 15:54:36 | 000,000,000 | ---D | M] -- D:\ProgramData\IObit
[2011/10/27 13:25:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/03/05 19:08:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/10/15 13:15:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/03/15 12:38:52 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/09/14 03:07:40 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/08/31 08:53:19 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2012/01/25 08:02:53 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/09/14 03:07:39 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/01/27 03:36:51 | 000,000,000 | ---D | M] -- D:\AMD
[2011/08/24 09:29:06 | 000,000,000 | ---D | M] -- D:\ATI
[2011/08/24 08:56:48 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2012/03/22 13:26:24 | 000,000,000 | ---D | M] -- D:\Downloads
[2012/03/21 20:41:21 | 000,000,000 | R--D | M] -- D:\Dropbox
[2012/02/24 07:56:58 | 000,000,000 | ---D | M] -- D:\eclipse3.7
[2011/09/20 09:14:03 | 000,000,000 | ---D | M] -- D:\IDE
[2011/09/14 03:09:17 | 000,000,000 | ---D | M] -- D:\Intel
[2011/09/20 09:12:59 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2012/02/13 14:01:42 | 000,000,000 | ---D | M] -- D:\Musik
[2011/09/04 18:47:03 | 000,000,000 | ---D | M] -- D:\MyS2GApp
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2012/03/20 11:22:02 | 000,000,000 | ---D | M] -- D:\Poker
[2012/02/23 06:33:08 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/03/14 04:35:18 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2012/03/14 04:40:21 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\Programme
[2011/08/24 08:56:49 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011/10/31 04:57:45 | 000,000,000 | R--D | M] -- D:\Sandbox
[2012/03/10 02:42:28 | 000,000,000 | ---D | M] -- D:\spiele
[2012/03/20 04:58:10 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2012/03/20 20:15:02 | 000,000,000 | ---D | M] -- D:\torrent
[2011/08/24 08:56:58 | 000,000,000 | R--D | M] -- D:\Users
[2012/03/21 20:48:37 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Files - Unicode (All) ==========
[2011/11/17 06:30:35 | 000,000,650 | ---- | M] ()(D:\Users\Jensen\AppData\Local\PMB Fik?s) -- D:\Users\Jensen\AppData\Local\PMB Fik聥s
[2011/11/17 06:30:35 | 000,000,650 | ---- | C] ()(D:\Users\Jensen\AppData\Local\PMB Fik?s) -- D:\Users\Jensen\AppData\Local\PMB Fik聥s
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:5A868D37
< End of report >

cosinus · 24.03.2012, 19:24

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

haudegen · 24.03.2012, 20:44

Hi,

vielen Dank für die Antwort.
Ich habe mich etwas belesen und konnte den Trojaner selbst entfernen.
Problem hat sich somit erledigt.

mfg haudegen

cosinus · 25.03.2012, 14:25

Du hast mit Sicherheit auch auf Rookits geprüft? Auch den MBR gecheckt?

24.03.2012, 19:24	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

25.03.2012, 14:25	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundestrojaner Du hast mit Sicherheit auch auf Rookits geprüft? Auch den MBR gecheckt? __________________ Logfiles bitte immer in CODE-Tags posten

Bundestrojaner

Log-Analyse und Auswertung: Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Bundestrojaner

Ähnliche Themen: Bundestrojaner

24.03.2012, 20:44	#3
haudegen	Bundestrojaner Hi, vielen Dank für die Antwort. Ich habe mich etwas belesen und konnte den Trojaner selbst entfernen. Problem hat sich somit erledigt. mfg haudegen __________________