Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
AKM Virus - Screenlock

AKM Virus - Screenlock


Plagegeister aller Art und deren Bekämpfung: AKM Virus - Screenlock

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.06.2012, 18:45   #1
cpramhofer
 
AKM Virus - Screenlock - Standard

AKM Virus - Screenlock


Liebes Trojaner Board...

habe mir heute den AKM Virus eingefangen.
Aktuell läuft die (aktuelle) Avira Rescue Disc mit einem Scan....Funde bis jetzt Null.

habe mir bereits eine OTLPenet Disc gebrannt die ich dann ausführen werde.

OLT.txt folgt.

habe OTL mit der rescue disc von oldtimer durchgefuehrt.
mit dem abgesicherten modus *inkl netzwerktreiber* komme ich leider nicht in mein windows

Code:
ATTFilter
OTL logfile created on: 6/26/2012 10:40:21 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.12 Gb Total Space | 8.47 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 300.74 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
Drive I: | 219.96 Gb Total Space | 212.30 Gb Free Space | 96.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/06/26 12:32:37 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 11:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/01 11:43:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/28 13:11:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/14 10:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/05/27 13:27:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/17 20:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/07/01 11:43:30 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 11:43:30 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/21 04:03:30 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/05/10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/01/12 05:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/07/11 11:55:40 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/08/17 21:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 18:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/13 18:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005/11/25 12:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE D3 48 B7 46 D7 CA 01  [binary data]
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\christoph.pramhofer_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\christoph.pramhofer_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\christoph.pramhofer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 02 7C 0B 94 FE CC 01  [binary data]
IE - HKU\isabella.bertolas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christoph.pramhofer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christoph.pramhofer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/08/16 14:39:27 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TwonkyMediaContextMenuHandler) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O3 - HKLM\..\Toolbar: (NuSphere Debugger ToolBar) - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [QGetIEMenuExt]  File not found
O4 - HKLM..\Run: [QNAP_NASNetBak] C:\Program Files\QNAP\NetBak\NetBak.exe (QNAP Systems, Inc.)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [Hobbyist Software VLC Streamer] C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe (Hobbyist Software)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [Spotify] C:\Users\christoph.pramhofer\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\christoph.pramhofer_ON_C..\Run: [Spotify Web Helper] C:\Users\christoph.pramhofer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\christoph.pramhofer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Playlist - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: TwonkyBeam to - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} hxxp://10.0.0.10:8080/cgi-bin/QNAPG726.cab (G726 BE/LE Audio Decoder)
O16 - DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} hxxp://10.0.0.10:8080/cgi-bin/QNAPQ264.cab (H264 Based Transform Filter)
O16 - DPF: {603E0052-7B06-496B-A04B-192419174876} hxxp://10.0.0.10:8080/cgi-bin/QNAPQIVG.cab (MJPG Based Transform Filter)
O16 - DPF: {61E5C641-8F33-41A8-A95A-DAFA586052F2} hxxp://free.vivicom.de/Files/client/SHInstaller.cab (SHInstaller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} hxxp://10.0.0.10:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor)
O16 - DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} hxxp://10.0.0.10:8080/cgi-bin/QNAPQMP4.cab (QMPEG4 Based Transform Filter)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} hxxp://10.0.0.10:8080/cgi-bin/QNAPQVivoTek.cab (VivoTek AVDecoder)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe) - C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - C:\Users\christoph.pramhofer\AppData\Local\Temp\soap0_pack.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6bc64bb3-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc64bb3-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{6bc64bb8-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc64bb8-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{6bc64bbb-8d03-11df-bf20-0009dd5002d6}\Shell - "" = AutoRun
O33 - MountPoints2\{6bc64bbb-8d03-11df-bf20-0009dd5002d6}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{f5a6aaaa-af7d-11e0-a042-0009dd5002d6}\Shell - "" = AutoRun
O33 - MountPoints2\{f5a6aaaa-af7d-11e0-a042-0009dd5002d6}\Shell\AutoRun\command - "" = "Y:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fc7bec96-d9c6-11df-a47f-0009dd5002d6}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7bec96-d9c6-11df-a47f-0009dd5002d6}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/21 13:24:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 13:24:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 13:23:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 13:23:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 13:23:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 13:23:41 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 13:23:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/14 14:10:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 14:10:17 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 14:10:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/14 14:10:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 14:10:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 14:10:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 14:10:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/14 14:10:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 13:55:54 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/14 13:55:52 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/14 13:55:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/14 13:55:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/11 16:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/09 14:28:12 | 000,067,008 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0_x86.dll
[2012/06/09 14:28:12 | 000,035,776 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys
[2012/06/09 14:24:54 | 000,067,008 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2012/06/09 09:06:40 | 000,000,000 | ---D | C] -- C:\Users\christoph.pramhofer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012/06/09 09:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/03/02 16:30:29 | 001,719,336 | ---- | C] (Yugma,Inc. ) -- C:\ProgramData\YugmaSE-Uninstaller.exe
[2011/01/28 12:27:34 | 055,531,291 | -HS- | C] (UltraMixer Digitial Audio Solutions                         ) -- C:\Users\christoph.pramhofer\AppData\Roaming\setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/26 15:25:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 15:23:02 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 13:18:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3721063302-531977108-1383609599-1001UA.job
[2012/06/26 13:18:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3721063302-531977108-1383609599-1001Core.job
[2012/06/26 13:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 13:07:52 | 000,002,117 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\DJ ProMixer Free Home Edition 1.5 Setup.lnk
[2012/06/26 13:06:21 | 000,700,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/26 13:06:21 | 000,654,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/26 13:06:21 | 000,148,926 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/26 13:06:21 | 000,121,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/26 12:50:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 12:38:21 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 12:38:21 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 12:32:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/26 12:32:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/26 12:30:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 06:17:47 | 000,418,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 14:11:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/11 16:29:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012/06/11 16:24:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/09 09:16:59 | 000,001,004 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ Home FREE.lnk
[2012/06/09 09:08:37 | 000,000,183 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2012/06/09 09:06:41 | 000,000,999 | ---- | M] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ PRO Full.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 09:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 09:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012/06/26 13:07:52 | 000,002,117 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DJ ProMixer Free Home Edition 1.5 Setup.lnk
[2012/06/25 13:50:56 | 003,660,424 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DSC05233.JPG
[2012/06/25 13:50:37 | 003,111,208 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\DSC00706.JPG
[2012/06/09 09:16:59 | 000,001,004 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ Home FREE.lnk
[2012/06/09 09:08:36 | 000,000,183 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml
[2012/06/09 09:06:41 | 000,000,999 | ---- | C] () -- C:\Users\christoph.pramhofer\Desktop\VirtualDJ PRO Full.lnk
[2012/03/18 12:15:16 | 000,000,000 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\.cvspass
[2011/08/16 14:46:33 | 000,020,000 | -H-- | C] () -- C:\ProgramData\R49LW
[2011/08/15 08:57:55 | 000,466,528 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\mdbu.bin
[2011/06/26 10:38:16 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/06/26 10:37:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/11 13:22:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Distortion
[2011/05/11 13:22:20 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Digital Light
[2011/05/11 13:22:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/05/11 13:22:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Echo
[2011/05/11 13:11:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Piano
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Clav
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Dynamic Library
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Drums
[2011/05/11 13:06:01 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Drum Kits
[2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/05/11 13:06:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flowers
[2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2011/05/11 13:06:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters
[2011/05/07 02:23:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drums
[2011/05/07 02:23:59 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Distortion
[2011/05/07 02:23:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples
[2011/05/07 02:12:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Libraries
[2011/05/07 02:12:56 | 000,000,268 | RH-- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Keychains
[2011/05/07 02:12:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Standard
[2011/05/07 02:10:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/05/07 02:01:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2011/04/26 14:53:01 | 000,000,600 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Local\PUTTY.RND
[2011/03/31 23:15:52 | 000,188,665 | -HS- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\jvsupc_2.exe.vir
[2011/03/22 14:19:39 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/14 14:45:09 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011/01/07 09:26:32 | 000,000,215 | ---- | C] () -- C:\Windows\NNVRVCLI.INI
[2010/11/09 21:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/09/26 03:22:51 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010/09/25 10:52:57 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2010/09/09 12:52:55 | 000,038,443 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/09/09 12:52:53 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/29 14:04:13 | 000,139,816 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/29 15:09:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/02 03:46:23 | 000,008,192 | ---- | C] () -- C:\Users\christoph.pramhofer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 13:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 04:47:43 | 000,700,130 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,148,926 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,418,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,654,842 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,121,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 13:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2011/08/18 14:13:55 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\.purple
[2010/08/10 13:05:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\3DataManager
[2012/03/04 10:00:52 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\BitTorrent
[2012/04/25 15:59:24 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Canneverbe Limited
[2011/08/20 13:17:07 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Canon
[2012/03/17 06:01:58 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/01 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011/07/16 08:24:17 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoft
[2011/03/17 12:10:21 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/19 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\FileZilla
[2010/09/09 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\GHISLER
[2012/03/17 14:16:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\gtk-2.0
[2010/05/16 10:49:25 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\HeidiSQL
[2011/03/17 08:08:46 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Hobbyist Software
[2010/12/08 10:07:09 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\ICAClient
[2010/09/06 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\ImgBurn
[2011/05/11 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\IrfanView
[2011/08/21 09:17:24 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\jAlbum
[2011/08/20 10:46:56 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Lasersoft Imaging
[2010/09/06 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NetBak
[2011/01/09 10:05:23 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NewsLeecher
[2011/10/17 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Nikon
[2012/03/18 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\NuSphere
[2010/04/08 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Scooter Software
[2011/04/26 14:28:16 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Seas0nPass
[2011/04/03 04:53:15 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Software4u
[2012/06/26 13:15:21 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Spotify
[2011/02/20 05:33:13 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TagScanner
[2011/01/23 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TeamViewer
[2011/02/14 14:10:28 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\TwonkyMedia
[2012/01/08 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\UltraMixer
[2011/03/27 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\Usenet.nl
[2011/02/12 03:11:59 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\uTorrent
[2011/01/09 06:11:51 | 000,000,000 | ---D | M] -- C:\Users\christoph.pramhofer\AppData\Roaming\WindSolutions
[2011/08/07 10:55:06 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\Canon
[2011/01/12 09:01:51 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\ICAClient
[2011/08/10 07:21:17 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\JAlbum
[2010/09/11 02:26:42 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\NetBak
[2011/09/11 04:07:15 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\TagScanner
[2011/03/02 03:12:22 | 000,000,000 | ---D | M] -- C:\Users\isabella.bertolas\AppData\Roaming\TwonkyMedia
[2010/09/25 05:14:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\.nusphere
[2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/10/21 11:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2012/04/25 15:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2012/03/26 12:54:14 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2012/06/14 13:44:37 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2011/07/22 11:57:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011/07/22 11:58:06 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/05/11 13:22:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/08/15 08:39:44 | 000,000,000 | ---D | M] -- C:\ProgramData\HappyFoto-Designer
[2010/05/16 10:49:21 | 000,000,000 | ---D | M] -- C:\ProgramData\HeidiSQL
[2010/08/28 02:12:47 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
[2011/05/11 13:22:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012/03/18 12:16:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PHP
[2012/03/17 06:54:19 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/15 13:30:17 | 000,000,000 | ---D | M] -- C:\ProgramData\twonkymedia
[2011/05/11 13:22:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2010/04/08 13:31:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/01/09 06:11:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2010/06/13 04:05:42 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/18 12:17:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\{67AB9237-55B9-46D5-A72F-EACBA312AF4D}
[2012/03/05 13:21:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
neu ausgeführt...alle logs folgen

nun die logs

GMER kann ich leider nicht starten da ich die fehlermeldung
the system can not find the file specified

Alt 29.06.2012, 21:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AKM Virus - Screenlock - Standard

AKM Virus - Screenlock


Ist das ein Rechner, der in einem Uni-Netz schon mal war? Oder ist das ein Büro-PC?
__________________

__________________
Antwort

Themen zu AKM Virus - Screenlock
akm virus, aktuelle, ausführen, avira, avira rescue, bereits, canon, conduit, google earth, heute, langs, libusb0.sys, otlpe, otlpenet, plug-in, rescue, soap0_pack.exe, spotify web helper, troja, trojaner, version=1.0, virus, visual studio, winload toolbar


« Entschlüsseln von Dateien die nicht "locked" im Namen haben | Stil und Fehler in Trojaner-mails »


Ähnliche Themen: AKM Virus - Screenlock


  1. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  2. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AKM Virus - Screenlock - Liebes Trojaner Board... habe mir heute den AKM Virus eingefangen. Aktuell läuft die (aktuelle) Avira Rescue Disc mit einem Scan....Funde bis jetzt Null. habe mir bereits eine OTLPenet Disc gebrannt - AKM Virus - Screenlock...
Archiv
Du betrachtest: AKM Virus - Screenlock auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54