Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner (flirt-fever)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.06.2012, 13:00   #1
Rafau2012
 
Windows Verschlüsselungs Trojaner (flirt-fever) - Standard

Windows Verschlüsselungs Trojaner (flirt-fever)



Email:
wir mussten leider feststellen, dass unsere Mahnung Nr.: 4302897286 für den Mitglied Rafau2 immer noch nicht gebucht wurde. Dies bedeutet einen rechtskräftigen Schuldner-Verzug Ihrerseits. Nach deutschen Recht könnten wir die offenen Kosten bereits jetzt durch Gericht anmelden. Wir geben Ihnen trotzdem noch eine letzte Chance, Ihre Verpflichtung zu erfüllen, indem Sie unverzüglich die ausstehende Summe in Höhe von 631.00 EURO an uns überweisen.

Die Dienste und die Rechnung können Sie im Zusatzordner sehen.

Bitte berücksichtigen Sie, der Schuldner ist zum Ersatz des Verzögerungsschadens verpflichtet, er schuldet also Schadensersatz, § 280 Abs. 2, § 286 BGB.



Habe daraufhin mit markusg@trojaner-board.de> gemailt!
Habe das als Antwort bekommen:

Code:
ATTFilter
hxxp://oldtimer.geekstogo.com/OTLPENet.exe
und brenne es mit ISOBurner auf eine CD.
hxxp://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die 
OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu
booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann
wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for
scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn
er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die 

Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten. • Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert[/CODE]


Habe OTL im abgesicherten Modus ausgeführt, text eingegeben und das kam bei raus:


OTL.txt

Code:
ATTFilter
OTL logfile created on: 09.06.2012 15:54:55 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Rafa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 13,96 Gb Available Physical Memory | 87,70% Memory free
31,83 Gb Paging File | 30,08 Gb Available in Paging File | 94,52% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,50 Gb Total Space | 283,17 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 429,73 Gb Free Space | 92,26% Space Free | Partition Type: NTFS
 
Computer Name: RAFA-PC | User Name: Rafa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.09 15:04:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rafa\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012.05.23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012.05.23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012.05.23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Rafa\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.09.05 16:30:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2011.03.20 15:33:22 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.23 15:46:04 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.09.15 20:02:25 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.31 17:27:41 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2011.08.31 13:56:30 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.08.30 21:28:19 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.21 11:58:52 | 000,065,632 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011.04.21 03:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.04.13 11:43:14 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.10 05:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.04.08 13:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.02.14 19:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011.02.08 07:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 07:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207010.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.09.18 02:25:00 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1027.sys -- (RDID1027)
DRV:64bit: - [2009.07.27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.26 16:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (SynUSB64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.10.15 01:10:08 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.08.31 16:07:08 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111028.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011.08.30 22:02:18 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111030.005\EX64.SYS -- (NAVEX15)
DRV - [2011.08.30 22:02:18 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.08.30 22:02:18 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.08.30 22:02:18 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111030.005\ENG64.SYS -- (NAVENG)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.16 10:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = astroburn-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 18 46 76 4D 67 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5F970FDE-702B-4ef9-920C-5F2848A5AF26}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=e0570149000000000000002522cc2a9b
IE - HKCU\..\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: "URL" = hxxp://www.astroburn-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{9172F343-7F68-473B-8AEA-AFC8570828EA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80196&lng=de
IE - HKCU\..\SearchScopes\{EEA641B9-2D87-4495-9D27-E875BA867C8E}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rafa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rafa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.27 16:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_8_3 [2012.06.09 14:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.23 13:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2011.09.19 13:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.10.04 02:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.23 13:34:29 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Linkury Smartbar (Enabled)
CHR - default_search_provider: search_url = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rafa\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rafa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\Rafa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [E0570149] C:\Users\Rafa\AppData\Roaming\Iefhtyplqwr\389683FAE05701496316.exe (Nonprofit organization offering health, educational, and distance learning Internet broadcasting services)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [MediaSearch] C:\Users\Rafa\AppData\Local\MediaSearch\search.exe ()
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - Startup: C:\Users\Rafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rafa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rafa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04B2D580-6CAC-4C97-86ED-362C0F21F2A9}: DhcpNameServer = 83.169.186.225 83.169.186.161
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.09 15:04:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rafa\Desktop\OTL.exe
[2012.06.05 17:22:01 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\[www.RnB4U.in] 05.06.2012
[2012.06.05 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\Rafa\AppData\Roaming\Iefhtyplqwr
[2012.06.05 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Uness 115
[2012.06.05 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\UNES 110 BPM
[2012.06.04 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\[www.RnB4U.in] 04.06.2012
[2012.06.04 11:42:11 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\UNESS BEATZ
[2012.06.04 00:37:40 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\_www.RnB4U.in__03.06.2012_
[2012.06.03 13:10:57 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\pfrv3mthhar
[2012.06.02 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Ray Lavender - We Love (Prod By VDJRisow)
[2012.05.31 11:52:30 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Kris Allen - The Vision Of Love (Prod by VDJRISOW)
[2012.05.31 11:32:04 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Rihanna - Slap For Life (Prod By vDJRISOW)
[2012.05.28 21:46:08 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Only Remix 1.0
[2012.05.26 22:06:34 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\E. Mackey- TWERK (Prod By VDJRisow)
[2012.05.26 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Tyga ft Gudda Gudda - Money  Liquor (Prod by VDJRISOW)
[2012.05.26 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Timbaland ft. Dev - Break Ya Back (Prod By VDJRISOW)
[2012.05.26 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.05.26 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.05.26 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.05.26 00:15:36 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Chrystian - Get it In (Remix prod By vDJRISOW)
[2012.05.24 15:07:18 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Jennifer Lopez Ft.Pitbull - dance again (Prod by vDJRISOW)
[2012.05.24 14:30:30 | 000,000,000 | ---D | C] -- C:\Users\Rafa\AppData\Roaming\Adobe Mini Bridge CS5
[2012.05.23 13:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.05.14 17:30:27 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\Flo Rida Ft.Sia - Wild One (Prod By VDJRISOW)
[2012.05.12 16:35:49 | 000,000,000 | ---D | C] -- C:\Users\Rafa\Desktop\vst
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.09 15:04:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rafa\Desktop\OTL.exe
[2012.06.09 15:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.09 15:01:01 | 4226,220,030 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 14:58:46 | 000,000,005 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2012.06.09 14:58:40 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2012.06.09 02:51:42 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.09 02:51:42 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.09 02:51:42 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.09 02:51:42 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.09 02:51:42 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 21:13:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 21:13:54 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 21:09:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-680937111-310360728-3594482816-1000UA.job
[2012.06.05 01:31:59 | 000,063,987 | ---- | M] () -- C:\Users\Rafa\Desktop\Unes4.cpr
[2012.06.04 22:09:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-680937111-310360728-3594482816-1000Core.job
[2012.06.04 01:08:18 | 000,768,319 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB 120 BPM For UNESS-01.bak
[2012.06.03 00:20:48 | 000,064,269 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB 120 BPM For UNESS.cpr
[2012.06.02 21:42:21 | 089,681,280 | ---- | M] () -- C:\Users\Rafa\Desktop\bobby v - Ausgang - Stereo Out.wav
[2012.06.02 15:26:43 | 009,275,632 | ---- | M] () -- C:\Users\Rafa\Desktop\bobbyvfeatrkelly-words-inst.mp3
[2012.06.01 21:20:57 | 006,918,754 | ---- | M] () -- C:\Users\Rafa\Desktop\Leftside - Want Ya Fingaz (Official Remix with Lil John (Prod by vDjRisow) - Ausgang - Stereo Out.mp3
[2012.06.01 19:56:09 | 005,352,118 | ---- | M] () -- C:\Users\Rafa\Desktop\Adele - Set Fire To the Rain (DJ Hillz E Mix).mp3
[2012.06.01 19:56:07 | 008,013,449 | ---- | M] () -- C:\Users\Rafa\Desktop\Pitbull ft. Papayo - Echa Palla (Manos Pa Arriba).mp3
[2012.06.01 19:56:05 | 006,346,871 | ---- | M] () -- C:\Users\Rafa\Desktop\DJ Frank E ft. Sean Paul ft. DJ Buddha & Leftside - Want Your Body.mp3
[2012.05.31 00:07:36 | 006,754,680 | ---- | M] () -- C:\Users\Rafa\Desktop\Joe Moses - ratchtes (prod by VDJRisow) - Ausgang - Stereo Out.mp3
[2012.05.30 23:22:04 | 002,264,303 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012.cpr
[2012.05.30 23:10:22 | 002,154,055 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012.bak
[2012.05.30 22:53:45 | 002,227,047 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-02.bak
[2012.05.30 22:21:16 | 002,138,775 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-03.bak
[2012.05.30 22:04:59 | 002,172,704 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-04.bak
[2012.05.30 21:49:58 | 002,171,883 | ---- | M] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-05.bak
[2012.05.29 20:07:18 | 007,979,292 | ---- | M] () -- C:\Users\Rafa\Desktop\Akon - Throw Dat - Ausgang - Stereo Out.mp3
[2012.05.29 00:23:51 | 002,242,458 | ---- | M] () -- C:\Users\Rafa\Desktop\test meiko.mp3
[2012.05.28 19:00:42 | 034,386,788 | ---- | M] () -- C:\Users\Rafa\Desktop\loosing Control FINAL MIX 5__ VOX ONLY (1).WAV
[2012.05.26 19:42:33 | 005,122,824 | ---- | M] () -- C:\Users\Rafa\Desktop\tyga.mp3
[2012.05.25 17:54:45 | 003,188,722 | ---- | M] () -- C:\Users\Rafa\Desktop\New Rnb.cpr
[2012.05.25 10:58:53 | 007,295,967 | ---- | M] () -- C:\Users\Rafa\Desktop\Justin Garner - Drummer.mp3
[2012.05.23 13:34:05 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.21 14:32:39 | 000,136,558 | ---- | M] () -- C:\Users\Rafa\Desktop\KV_RafaelRudnik_Audioproduzentin_RV.pdf
[2012.05.21 14:31:39 | 000,138,521 | ---- | M] () -- C:\Users\Rafa\Desktop\KV_RafaelRudnik_Tonmeisterin_RV.pdf
[2012.05.19 18:42:41 | 008,466,686 | ---- | M] () -- C:\Users\Rafa\Desktop\calvinharris-feelsoclose-instrumental.mp3
[2012.05.19 18:37:13 | 007,235,983 | ---- | M] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-dacap.mp3
[2012.05.19 18:37:11 | 008,135,632 | ---- | M] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-radio.mp3
[2012.05.19 18:37:11 | 007,212,994 | ---- | M] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-racap.mp3
[2012.05.19 18:37:09 | 008,134,586 | ---- | M] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-inst.mp3
[2012.05.19 18:31:40 | 008,859,895 | ---- | M] () -- C:\Users\Rafa\Desktop\diggysimmons-4letterword-instrumental.mp3
[2012.05.12 17:39:40 | 001,537,322 | ---- | M] () -- C:\Users\Rafa\Desktop\fresh.mp3
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320
 
========== Files Created - No Company Name ==========
 
[2012.06.05 16:28:47 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012.06.05 16:28:47 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012.06.05 16:28:47 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012.06.05 16:28:47 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012.06.05 16:28:46 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012.06.05 16:28:46 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012.06.05 01:31:59 | 000,063,987 | ---- | C] () -- C:\Users\Rafa\Desktop\Unes4.cpr
[2012.06.04 01:08:18 | 000,768,319 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB 120 BPM For UNESS-01.bak
[2012.06.03 00:20:48 | 000,064,269 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB 120 BPM For UNESS.cpr
[2012.06.02 17:22:27 | 089,681,280 | ---- | C] () -- C:\Users\Rafa\Desktop\bobby v - Ausgang - Stereo Out.wav
[2012.06.02 15:26:34 | 009,275,632 | ---- | C] () -- C:\Users\Rafa\Desktop\bobbyvfeatrkelly-words-inst.mp3
[2012.06.01 21:20:28 | 006,918,754 | ---- | C] () -- C:\Users\Rafa\Desktop\Leftside - Want Ya Fingaz (Official Remix with Lil John (Prod by vDjRisow) - Ausgang - Stereo Out.mp3
[2012.05.31 17:48:34 | 005,352,118 | ---- | C] () -- C:\Users\Rafa\Desktop\Adele - Set Fire To the Rain (DJ Hillz E Mix).mp3
[2012.05.31 00:07:25 | 006,754,680 | ---- | C] () -- C:\Users\Rafa\Desktop\Joe Moses - ratchtes (prod by VDJRisow) - Ausgang - Stereo Out.mp3
[2012.05.30 22:26:40 | 002,264,303 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012.cpr
[2012.05.30 21:49:58 | 002,227,047 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-02.bak
[2012.05.30 21:49:58 | 002,172,704 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-04.bak
[2012.05.30 21:49:58 | 002,171,883 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-05.bak
[2012.05.30 21:49:58 | 002,154,055 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012.bak
[2012.05.30 21:49:58 | 002,138,775 | ---- | C] () -- C:\Users\Rafa\Desktop\RNB Beat 30Mai 2012-03.bak
[2012.05.29 20:06:51 | 007,979,292 | ---- | C] () -- C:\Users\Rafa\Desktop\Akon - Throw Dat - Ausgang - Stereo Out.mp3
[2012.05.29 13:13:07 | 008,013,449 | ---- | C] () -- C:\Users\Rafa\Desktop\Pitbull ft. Papayo - Echa Palla (Manos Pa Arriba).mp3
[2012.05.29 00:23:50 | 002,242,458 | ---- | C] () -- C:\Users\Rafa\Desktop\test meiko.mp3
[2012.05.28 19:24:15 | 006,346,871 | ---- | C] () -- C:\Users\Rafa\Desktop\DJ Frank E ft. Sean Paul ft. DJ Buddha & Leftside - Want Your Body.mp3
[2012.05.28 19:00:01 | 034,386,788 | ---- | C] () -- C:\Users\Rafa\Desktop\loosing Control FINAL MIX 5__ VOX ONLY (1).WAV
[2012.05.26 19:42:31 | 005,122,824 | ---- | C] () -- C:\Users\Rafa\Desktop\tyga.mp3
[2012.05.25 11:55:46 | 003,188,722 | ---- | C] () -- C:\Users\Rafa\Desktop\New Rnb.cpr
[2012.05.25 10:58:48 | 007,295,967 | ---- | C] () -- C:\Users\Rafa\Desktop\Justin Garner - Drummer.mp3
[2012.05.21 14:32:39 | 000,136,558 | ---- | C] () -- C:\Users\Rafa\Desktop\KV_RafaelRudnik_Audioproduzentin_RV.pdf
[2012.05.21 14:31:38 | 000,138,521 | ---- | C] () -- C:\Users\Rafa\Desktop\KV_RafaelRudnik_Tonmeisterin_RV.pdf
[2012.05.19 18:41:50 | 008,466,686 | ---- | C] () -- C:\Users\Rafa\Desktop\calvinharris-feelsoclose-instrumental.mp3
[2012.05.19 18:36:35 | 007,235,983 | ---- | C] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-dacap.mp3
[2012.05.19 18:36:32 | 007,212,994 | ---- | C] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-racap.mp3
[2012.05.19 18:36:29 | 008,134,586 | ---- | C] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-inst.mp3
[2012.05.19 18:36:27 | 008,135,632 | ---- | C] () -- C:\Users\Rafa\Desktop\marksaint-pumpedpump-radio.mp3
[2012.05.19 18:30:46 | 008,859,895 | ---- | C] () -- C:\Users\Rafa\Desktop\diggysimmons-4letterword-instrumental.mp3
[2012.05.12 17:39:38 | 001,537,322 | ---- | C] () -- C:\Users\Rafa\Desktop\fresh.mp3
[2012.02.24 00:31:25 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012.02.05 17:37:40 | 000,520,267 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll
[2012.02.05 16:46:52 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2012.02.05 02:35:30 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012.02.05 00:56:22 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011.12.24 22:36:33 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
[2011.12.10 01:57:30 | 000,036,864 | ---- | C] () -- C:\Windows\Algouinstall.exe
[2011.11.03 23:51:42 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.10.29 23:15:37 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\WAVhsp32.dll
[2011.10.29 23:15:04 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011.10.29 23:07:49 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\FxGoWinFu.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\ssolekuy.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\ssoleht.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibtth.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibram.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibmmn.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibkh.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibjy.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibfg.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibeh.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\solegeh.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibff.dll
[2011.10.27 15:17:03 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibddf.dll
[2011.10.27 15:16:56 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe
[2011.10.27 15:16:56 | 000,036,021 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.15 08:09:36 | 000,000,122 | ---- | C] () -- C:\Windows\msmmdx9.ini
[2011.09.09 18:16:05 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2011.08.31 22:44:51 | 000,007,605 | ---- | C] () -- C:\Users\Rafa\AppData\Local\Resmon.ResmonCfg
[2011.08.30 21:23:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.30 21:23:54 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.30 21:23:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.30 21:23:54 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.30 21:23:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 11:43:14 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== LOP Check ==========
 
[2012.01.22 17:14:39 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Amazon
[2012.02.05 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Antares
[2011.09.28 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Ashampoo
[2012.02.02 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Audacity
[2012.02.05 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Audio Ease
[2011.09.05 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Babylon
[2011.11.27 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.30 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.15 20:04:27 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\DAEMON Tools Lite
[2012.01.08 02:49:32 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\DeviceVm
[2012.02.05 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\DVDVideoSoft
[2011.09.19 13:57:00 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.31 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Epson
[2012.06.05 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Iefhtyplqwr
[2012.01.04 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Image-Line
[2012.01.29 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\iZotope
[2012.02.05 20:04:10 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Lexicon PCM Native
[2011.09.04 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\MAGIX
[2012.02.05 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Mopis
[2012.05.26 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Mp3tag
[2011.11.05 13:58:36 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\NetMedia Providers
[2011.09.15 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\OpenCandy
[2011.08.31 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\OpenOffice.org
[2011.12.08 01:47:22 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Overloud
[2011.10.04 12:33:49 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\PACE Anti-Piracy
[2012.01.27 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\pdfforge
[2011.09.19 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\proDAD
[2011.09.05 14:43:56 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Publish Providers
[2011.09.20 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\rockbox.org
[2011.11.08 03:12:56 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\SIR
[2011.09.09 00:00:13 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Sony
[2011.10.04 12:34:19 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.04 22:27:08 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Steinberg
[2011.09.27 12:21:33 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\SynthMaker
[2011.09.13 13:48:15 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Tific
[2011.09.03 21:57:52 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\TuneAid
[2012.02.05 02:06:31 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\TuneUp Software
[2011.12.07 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\VST3 Presets
[2011.11.06 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Waves Audio
[2011.09.14 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\Waves Preferences
[2012.01.08 02:47:21 | 000,000,000 | ---D | M] -- C:\Users\Rafa\AppData\Roaming\WindSolutions
[2012.05.22 11:13:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.20 17:34:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.06.05 17:33:14 | 000,000,000 | ---D | M] -- C:\Audio
[2012.02.20 18:54:42 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.08.31 00:16:31 | 000,000,000 | ---D | M] -- C:\DeviceVM
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.30 19:00:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.05 17:33:14 | 000,000,000 | ---D | M] -- C:\Edits
[2012.06.05 17:33:15 | 000,000,000 | ---D | M] -- C:\Images
[2011.08.30 21:23:30 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.07 21:00:58 | 000,000,000 | ---D | M] -- C:\MoTemp
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.01 03:21:17 | 000,000,000 | ---D | M] -- C:\PFiles
[2012.06.05 17:33:15 | 000,000,000 | ---D | M] -- C:\Plug-Ins
[2012.05.06 20:45:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.26 11:35:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.29 01:11:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.30 19:00:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.30 19:00:46 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.02.05 23:31:46 | 000,000,000 | ---D | M] -- C:\Shared Data
[2012.02.05 22:40:14 | 000,000,000 | ---D | M] -- C:\Stylus RMX
[2012.06.06 11:56:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.05.23 13:33:16 | 000,000,000 | ---D | M] -- C:\Temp
[2011.10.08 14:24:43 | 000,000,000 | ---D | M] -- C:\Trilogy Data
[2011.08.30 21:12:19 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.09 14:58:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.04.07 21:00:58 | 000,000,159 | ---- | M] () -- C:\Users\Rafa\.imagineer_log.txt
[2012.02.24 00:37:14 | 001,757,330 | ---- | M] () -- C:\Users\Rafa\2012-02-23.mxv
[2012.02.24 00:37:14 | 000,000,000 | ---- | M] () -- C:\Users\Rafa\2012-02-23_mxv.H0
[2011.11.01 20:20:23 | 000,190,027 | ---- | M] () -- C:\Users\Rafa\DJ Webstar beat-02.bak
[2011.11.01 20:35:24 | 000,252,525 | ---- | M] () -- C:\Users\Rafa\DJ Webstar beat.bak
[2011.09.09 19:35:15 | 000,059,269 | ---- | M] () -- C:\Users\Rafa\Don Omar - Danza Kuduro-02.bak
[2011.09.09 19:50:15 | 000,583,199 | ---- | M] () -- C:\Users\Rafa\Don Omar - Danza Kuduro.bak
[2011.09.14 14:49:14 | 000,072,390 | ---- | M] () -- C:\Users\Rafa\e-40.bak
[2011.10.30 03:00:13 | 000,632,144 | ---- | M] () -- C:\Users\Rafa\Lights - Bander.bak
[2011.09.21 17:46:18 | 000,599,697 | ---- | M] () -- C:\Users\Rafa\lloyd Banks - Cech Me Out-02.bak
[2011.09.21 18:01:18 | 000,085,219 | ---- | M] () -- C:\Users\Rafa\lloyd Banks - Cech Me Out.bak
[2011.09.26 23:51:52 | 000,045,110 | ---- | M] () -- C:\Users\Rafa\mixtape-02.bak
[2011.09.27 00:06:52 | 000,045,214 | ---- | M] () -- C:\Users\Rafa\mixtape.bak
[2012.06.09 15:59:57 | 007,602,176 | -HS- | M] () -- C:\Users\Rafa\NTUSER.DAT
[2012.06.09 15:59:57 | 000,262,144 | -HS- | M] () -- C:\Users\Rafa\ntuser.dat.LOG1
[2011.08.30 19:00:50 | 000,000,000 | -HS- | M] () -- C:\Users\Rafa\ntuser.dat.LOG2
[2011.08.30 21:12:39 | 000,065,536 | -HS- | M] () -- C:\Users\Rafa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.08.30 21:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Rafa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.08.30 21:12:39 | 000,524,288 | -HS- | M] () -- C:\Users\Rafa\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.08.30 19:00:50 | 000,000,020 | -HS- | M] () -- C:\Users\Rafa\ntuser.ini
[2011.09.16 18:12:16 | 000,140,648 | ---- | M] () -- C:\Users\Rafa\Rihanna - California Bed King-02.bak
[2011.09.16 17:57:16 | 000,076,181 | ---- | M] () -- C:\Users\Rafa\Rihanna - California Bed King-03.bak
[2011.09.16 17:41:55 | 000,076,203 | ---- | M] () -- C:\Users\Rafa\Rihanna - California Bed King-04.bak
[2011.09.16 18:27:17 | 000,131,155 | ---- | M] () -- C:\Users\Rafa\Rihanna - California Bed King.bak
[2011.08.31 14:31:57 | 000,000,000 | ---- | M] () -- C:\Users\Rafa\Sti_Trace.log
[2010.11.21 05:24:24 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Users\Rafa\taskmgr.exe
[2011.10.09 18:05:00 | 000,064,069 | ---- | M] () -- C:\Users\Rafa\zweite versuch.bak
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1219 bytes -> C:\Users\Rafa\AppData\Local\8fqn0PiuYWM5PwH:x4aeB20PPn2olnnjA4

< End of report >
         
Was NUN?

Leute ihr seit das beste Board;

Ich habe den Anti malware durchscannen lassen! 6 infizierte dateien hat er mir angezeigt!

Zitat:
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Rafa :: RAFA-PC [Administrator]

Schutz: Deaktiviert

09.06.2012 16:11:09
mbam-log-2012-06-09 (16-14-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222277
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|E0570149 (Backdoor.Bot.LameNova) -> Daten: C:\Users\Rafa\AppData\Roaming\Iefhtyplqwr\389683FAE05701496316.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Rafa\AppData\Roaming\Iefhtyplqwr\389683FAE05701496316.exe (Backdoor.Bot.LameNova) -> Keine Aktion durchgeführt.
C:\Users\Rafa\AppData\Local\Temp\loop.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
Pc wurde Normal gestartet, und siehe da er fährt nicht mehr runter...ich glaube ich haben dieses Misstvieh gelöscht!

jetzt sehe ich zu das ich mir Kaspersky besorge und den PC absichere!

Alt 11.06.2012, 22:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner (flirt-fever) - Standard

Windows Verschlüsselungs Trojaner (flirt-fever)



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Windows Verschlüsselungs Trojaner (flirt-fever)
adobe, alternate, autorun, backdoor.bot.lamenova, bho, bonjour, computer, dateisystem, dealply, desktop, disabletaskmgr, downloader, email, error, euro, firefox, format, google, heuristiks/extra, heuristiks/shuriken, home, infizierte dateien, langs, linkury, logfile, mahnung, pdfforge toolbar, progressive, registry, rundll, searchscopes, security, smartbar, software, symantec, system, system neu, temp, trojaner, version=1.0, windows, öffnet



Ähnliche Themen: Windows Verschlüsselungs Trojaner (flirt-fever)


  1. Bilder nach Flirt-fever Trojaner wieder herstellen
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (3)
  2. Trojaner "flirt-fever" Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (4)
  3. windows ukash trojaner xp von Flirt-fever Mail
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (7)
  4. (2x) Flirt-Fever Trojaner/Virus hat PC verseucht
    Mülltonne - 14.06.2012 (1)
  5. System von Windows Verschlüsselungs Trojaner befallen nach Öffnung von Anhang in flirt-fever Mail
    Log-Analyse und Auswertung - 12.06.2012 (5)
  6. Verschlüsselungs Trojaner nach Mehrmaligen Mails von Flirt Fever
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Verschlüsselungs Trojaner über Flirt-Fever Mail
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  8. Windows Verschlüsselungs Trojaner (flirt-fever), ich brauche bitte eure Hilfe
    Log-Analyse und Auswertung - 09.06.2012 (5)
  9. verschlüsselungs Trojaner nach Spam Mail von Flirt Fever
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (2)
  10. Nun auch erwischt Trojaner durch Flirt Fever Mail :(
    Log-Analyse und Auswertung - 08.06.2012 (1)
  11. Trojaner über Flirt Fever
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  12. Flirt-Fever Trojaner-Befall
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. Ukash, verschlüsselungs trojaner nach flirt fever mail
    Log-Analyse und Auswertung - 05.06.2012 (1)
  14. (2x) verschlüsselungs Trojaner nach flirt fever mail
    Mülltonne - 05.06.2012 (1)
  15. Flirt Fever Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  16. Flirt Fever Trojaner einfach nur loswerden
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  17. Ukasch Trojaner bei Flirt - Fever Mail erfolgreich bekämpft
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema Windows Verschlüsselungs Trojaner (flirt-fever) - Email: wir mussten leider feststellen, dass unsere Mahnung Nr.: 4302897286 für den Mitglied Rafau2 immer noch nicht gebucht wurde. Dies bedeutet einen rechtskräftigen Schuldner-Verzug Ihrerseits. Nach deutschen Recht könnten wir - Windows Verschlüsselungs Trojaner (flirt-fever)...
Archiv
Du betrachtest: Windows Verschlüsselungs Trojaner (flirt-fever) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.