Pc gesperrt.Zahle 100 Euro.Was nun?

Jack9183 · 05.01.2013, 22:40

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [Administrator]

05.01.2013 19:23:18
mbam-log-2013-01-05 (19-23-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 907499
Laufzeit: 3 Stunde(n), 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\hulumuluch\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Program Files (x86)\DVDFab 6\dbghelp.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Users\Alex\Desktop\Desktopverknüpfungen\GTA4\Grand Theft Auto IV v1.0.7.0 + 12 Trainer.exe (HackTool.GamesCheat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 06.01.2013, 18:02

hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Jack9183 · 09.01.2013, 18:31

Markus den CCCleander bekomme ich bei mir nicht installiert.Er meldet mir immer einen Error!Virusprogramme sind abgeschaltet!

markusg · 09.01.2013, 18:34

Gehts vllt ein wenig genauer, ich sitze ja nicht vor dem pc, also musst du schon die Fehlermeldung posten.

Jack9183 · 11.01.2013, 15:05

habs hinbekommen Markus.Anbei die Liste.Allerdings hatte ich heute wieder das Problem.Nach wie vor wenn ich den Rechner starte wird mit der Bildschirm gesperrt mit der Zahlungsaufforderung.

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.01.2013 6,00MB 11.5.502.146 notwendig
Adobe Reader XI - Deutsch Adobe Systems Incorporated 19.10.2012 128MB 11.0.00 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 30.12.2012 11.6.8.638 notwendig
aerosoft's - German Airports 2-Cologne-Bonn X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 2-Hannover X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 3 - Bremen X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - German Airports 3 - Hamburg X aerosoft 24.12.2012 1.00 notwendig
aerosoft's - Mallorca X for FSX aerosoft 24.12.2012 1.00 notwendig
aerosoft's - Nice Cote dAzur X aerosoft 24.12.2012 1.00 notwendig
ALDI Bestellsoftware 4.12.2 ORWO Net 11.12.2012 4.12.2 unnötig
Assassin's Creed (R) III Ubisoft 26.11.2012 1.01 unnötig
Avira Free Antivirus Avira 11.12.2012 122MB 13.0.0.2890 notwendig
Battlefield 3™ Electronic Arts 19.10.2012 1.4.0.0 notwendig
Battlelog Web Plugins EA Digital Illusions CE AB 21.11.2012 2.1.2 notwendig
BitTorrent 29.12.2012 7.0.0 notwendig
BittorrentBar_DE Toolbar BittorrentBar_DE 29.12.2012 6.9.0.16 unnötig
Briefe drucken 1 19.10.2012 notwendig
Brother MFL-Pro Suite DCP-195C Brother Industries, Ltd. 19.10.2012 1.0.1.0 notwendig
CCleaner Piriform 19.12.2012 3.26 unnötig
Citybus Simulator Munich aerosoft 07.12.2012 1.20 unnötig
DAEMON Tools Toolbar DT Soft Ltd 05.11.2012 1.1.2.0185 notwendig
Dieselpreisupdater inkl. Modverwaltung Version 3.0.2.0 ST Development 10.11.2012 45,4MB 3.0.2.0 notwendig
ESN Sonar ESN Social Software AB 06.11.2012 0.70.4 unbekannt
ETS2 Dieselpreisupdater Version 2.2.0.0 ST Development 01.11.2012 1,10MB 2.2.0.0 notwendig
Euro Truck Simulator 2 SCS Software 19.10.2012 1,59GB 1.1.1 notwendig
Firebird 2.0.4.13130 (win32) Firebird Project 29.10.2012 2.0.4.13130 unnötig
Free Easy Burner V 5.1 Koyote soft 28.12.2012 8,30MB 5.1.0.0 unnötig
Free Studio version 5.7.6.1015 DVDVideoSoft Ltd. 01.11.2012 546MB 5.7.6.1015 notwendig
FSDreamTeam GSX 1.7.7 06.01.2013 218MB notwendig
FSFDT FSCopilot 23.12.2012 notwendig
FSFDT FSInn 23.12.2012 notwendig
Google Chrome Google Inc. 01.01.2013 23.0.1271.97 unnötig
Google Earth Plug-in Google 19.12.2012 80,7MB 7.0.2.8415 unnötig
Hitman Absolution 22.11.2012 unnötig
Java 7 Update 9 Oracle 10.11.2012 128MB 7.0.90 nötig denk ich
JDownloader 0.9 AppWork GmbH 26.10.2012 0.9 notwendig
Jeppesen Format Print Driver Jeppesen 04.01.2013 1.1.0.5 notwendig
Jeppesen Program and Data Installation Jeppesen 10.01.2013 1.0.0.0 notwendig
Jeppesen Weather Service Jeppesen 04.01.2013 2.4.1.1 notwendig
Landwirtschafts Simulator 2013 GIANTS Software 26.10.2012 282MB 1.0 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.10.2012 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.10.2012 2,93MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 23.10.2012 51,9MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 23.10.2012 10,6MB 4.0.30319 unbekannt
Microsoft Flight Simulator X Service Pack 2 Microsoft Game Studios 21.12.2012 617MB 10.0.61472.0 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 19.10.2012 12.0.4518.1014 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.12.2012 300KB 8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 07.12.2012 832KB 8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 07.12.2012 918KB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 07.12.2012 782KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23.10.2012 788KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 21.12.2012 240KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07.12.2012 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 24.12.2012 1,68MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.12.2012 598KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.10.2012 596KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.12.2012 232KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.12.2012 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2012 13,8MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2012 11,1MB 10.0.40219 unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 42,0MB 17.0.1 notwendig
Mozilla Maintenance Service Mozilla 05.12.2012 329KB 17.0.1 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2012 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.11.2012 1,33MB 4.20.9876.0 notwendig
MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 31.10.2012 1,23MB 4.20.9818.0 notwendig
MyPhoneExplorer F.J. Wechselberger 15.11.2012 1.8.4 notwendig
Nero 8 Nero AG 28.10.2012 1,71GB 8.3.312 notwendig
Nikon Message Center 2 Nikon 11.12.2012 9,42MB 2.1.0 notwendig
Nikon Movie Editor Nikon 11.12.2012 30,7MB 2.6.0 notwendig
novaPDF for SDK v7 (novaPDF 7.2 printer) Softland 04.01.2013 19,5MB notwendig
NVIDIA 3D Vision Controller-Treiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA 3D Vision Treiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA Grafiktreiber 310.90 NVIDIA Corporation 06.01.2013 310.90 notwendig
NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 06.01.2013 1.3.18.0 notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 06.01.2013 9.12.1031 notwendig
NVIDIA Update 1.11.3 NVIDIA Corporation 06.01.2013 1.11.3 notwendig
ObjectDock Free Stardock Corporation 19.10.2012 2.0 notwendig
Origin Electronic Arts, Inc. 19.10.2012 9.0.13.2142 unbekannt
Picture Control Utility x64 Nikon 11.12.2012 27,8MB 1.4.7 unbekannt
PMDG 737 8900 NGX PMDG Simulations, LLC. 21.12.2012 1.00.3118 notwendig
PMDG 747-400/400F for FSX Precision Manuals Development Group 24.12.2012 2.10.0040 notwendig
Protect Disc License Helper 1.0.125 (IE) Protect Disc 04.11.2012 1.0.125 unbekannt
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 04.11.2012 11.0.0.14 unbekannt
PunkBuster Services Even Balance, Inc. 25.11.2012 0.991 notwendig
QuteScoop QuteScoop 26.12.2012 69,9MB 2.1.10 notwendig
Rainlendar2 (remove only) 20.12.2012 notwendig
SAM Broadcaster (remove only) 29.10.2012 notwendig
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 09.11.2012 35,4MB 1.3.650.0 notwendig
SiSoftware Sandra Lite 2012.SP5c SiSoftware 23.10.2012 98,0MB 18.74.2012.10 unbekannt
Skype™ 6.0 Skype Technologies S.A. 28.11.2012 20,3MB 6.0.126 notwendig
Steam Valve Corporation 22.11.2012 35,4MB 1.0.0.0 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 30.10.2012 3.0.9.2 notwendig
TeamViewer 8 TeamViewer 04.01.2013 8.0.16642 notwendig
Trillian 23.10.2012 notwendig
Uplay Ubisoft 26.11.2012 2.0 unnötig
ViewNX 2 Nikon 11.12.2012 67,8MB 2.6.0 notwendig
VLC media player 2.0.4 VideoLAN 30.10.2012 2.0.4
Winamp Nullsoft, Inc 12.11.2012 5.63
Winamp Erkennungs-Plug-in Nullsoft, Inc 12.11.2012 75,0KB 1.0.0.1
WinRAR 19.10.2012
XAcars for Microsoft Flightsimulator XAcars Development Team 24.12.2012 8,61MB 2.5

markusg · 11.01.2013, 15:16

heißt das du hast dich erneut infiziert, denn du hast gepostet, du hast keine Probleme mehr.
nutzt du seiten wie kinox.to pornoseiten, illegales file sharing, dann finger weg davon, dann ists kein wunder, dass du dich erneut infiziert hst.
poste noch mal ein neues otl log wie am anfang.

Jack9183 · 11.01.2013, 15:22

Nichts von all dem was du genannt hast!Ziehe bei Usenext dateien runter aber da zahlt man ja für.
Okay poste ich dir gleich

markusg · 11.01.2013, 15:24

Trotzdem ist das angebot dort teilweise illegal, wenn du dort software mit keygens bekommst, filme laden kannst, die grad im Kino laufen etc, dass kann logsicher weise nicht legal sein, außerdem sind solche Quellen gefährlich, jeder kann da seinen Müll reinstellen.

Jack9183 · 11.01.2013, 15:26

Ah okay danke dir.Muss ich den OTL Schritt von Anfang an nochmal komplett durch führen?

markusg · 11.01.2013, 15:57

Das log erstellen, genau.

Jack9183 · 11.01.2013, 17:56

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/11/2013 3:50:01 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8082 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 618.95 Gb Free Space | 66.45% Space Free | Partition Type: NTFS
Drive D: | 736.20 Gb Total Space | 493.47 Gb Free Space | 67.03% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 135.73 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 5.85 Gb Free Space | 78.46% Space Free | Partition Type: FAT32
Drive H: | 195.31 Gb Total Space | 195.22 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/17 17:07:00 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 04:49:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/25 19:06:27 | 000,076,888 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/14 07:18:20 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/19 23:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/13 20:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/23 01:46:12 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/04/23 01:46:08 | 002,015,232 | ---- | M] (FirebirdSQL Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2006/12/19 03:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/29 08:36:24 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/24 05:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Alex_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E EE 64 51 54 EF CD 01  [binary data]
IE - HKU\Alex_ON_D\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - Reg Error: Key error. File not found
IE - HKU\Alex_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.140.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader:  File not found
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Alex\AppData\Roaming\ProtectDISC\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/17 17:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\ideskbrowser@haufe.de
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions
[2011/11/12 15:44:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2zh6uscq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/11 13:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions
[2012/09/27 03:39:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hcr05ihw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/17 17:06:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/17 17:07:00 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 04:56:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/04 22:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/04 22:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/04 22:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/10 12:49:34 | 000,000,828 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3:64bit: - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3 - HKU\Alex_ON_D\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} -  File not found
O4 - HKLM..\Run: [avgnt]  File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKU\Alex_ON_D..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\Alex_ON_D..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Alex_ON_D..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ()
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyManager.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Alex_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Alex_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Alex_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\UpdatusUser_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: BitTorrent - hkey= - key= - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "bootini" - 2
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 10:41:06 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/04/09 09:51:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/20 04:18:59 | 000,000,790 | ---- | M] () -- C:\Users\Alex\Desktop\CCleaner.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/10 05:16:54 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2012/06/25 19:06:25 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/06/08 17:16:12 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012/04/09 09:51:25 | 000,099,384 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\inst.exe
[2012/04/09 09:51:25 | 000,007,859 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2012/04/09 09:51:25 | 000,001,167 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2012/01/08 08:25:16 | 000,003,584 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 09:52:03 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MAS
[2011/10/14 09:42:27 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Licenses
[2011/10/14 09:42:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices
[2011/10/14 09:42:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\Licenses
[2011/10/14 09:42:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\Legacy
[2011/09/23 19:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Logs
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Light Machine
[2011/09/23 07:06:53 | 000,000,268 | RH-- | C] () -- C:\Users\Alex\AppData\Roaming\Libraries
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/09/23 07:06:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic
[2011/09/23 07:06:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Nature
[2011/09/11 05:45:09 | 000,001,982 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\logs.dat
[2011/08/25 15:46:17 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011/08/13 15:40:27 | 000,141,736 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/30 09:23:49 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/06/30 09:19:01 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/12 18:47:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/01/06 16:19:00 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2010/12/17 22:50:52 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2010/10/14 17:11:40 | 000,000,439 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.bin
[2010/10/14 17:07:13 | 000,000,043 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\TheHunterSettings_live.cfg
[2010/10/04 14:11:38 | 000,000,082 | ---- | C] () -- C:\Users\Alex\AppData\Local\X-Plane Installer.prf
[2010/10/04 05:22:35 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/09/26 04:31:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/09 15:29:23 | 001,648,546 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/01 15:55:13 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/26 14:09:25 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010/06/23 19:25:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/18 16:14:32 | 000,000,133 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\default.pls
[2010/06/08 11:31:45 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll
[2010/06/04 03:31:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/03 10:15:29 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/05/29 08:31:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/29 07:27:52 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 07:27:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 07:27:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 16:17:57 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/15 19:15:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/04/21 03:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
 
========== LOP Check ==========
 
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.mono
[2012/06/18 02:50:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\1&1
[2011/10/14 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AKVIS
[2012/08/13 13:15:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AnvSoft
[2010/09/15 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ArmA II Launcher
[2010/06/30 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\astragon Software GmbH
[2012/05/24 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Atari
[2012/05/13 06:34:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity
[2011/11/07 12:02:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BF3CC
[2012/08/10 08:27:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BitTorrent
[2010/10/04 15:44:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BlackBean
[2011/04/08 06:39:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bridge!
[2012/08/19 04:17:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Broad Intelligence
[2011/06/26 12:59:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BuddyW
[2010/11/12 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ChartViewer
[2010/05/29 08:45:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011/07/11 09:48:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Day 1 Studios
[2012/09/21 19:00:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/10/18 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DNA
[2012/09/29 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoft
[2012/08/19 04:25:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/09/20 03:33:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Freemium
[2011/10/13 01:42:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\gtk-2.0
[2011/06/19 10:46:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Gutscheinmieze
[2012/08/24 07:01:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Haufe Mediengruppe
[2010/07/24 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HU2011
[2012/05/27 19:32:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kalypso Media
[2010/07/15 12:01:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Laix
[2010/11/18 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2012/03/16 16:42:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\lennox
[2012/08/24 06:55:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lexware
[2011/09/29 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LimeWire
[2012/06/07 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Lockheed Martin
[2010/07/16 12:27:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Metaversum
[2012/08/13 12:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MOVAVI
[2012/06/23 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MyPhoneExplorer
[2010/07/28 02:34:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Need for Speed World
[2011/09/29 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nikon
[2011/05/29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2012/08/10 14:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Origin
[2010/12/07 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ProtectDISC
[2010/08/26 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Quest3D
[2010/12/12 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RapidCRC
[2010/05/29 09:21:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\RigNRoll_ger
[2010/08/26 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Roaming
[2010/09/04 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-rsync
[2010/11/17 11:50:40 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\six-updater
[2010/09/04 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spirited Machine
[2011/01/23 18:33:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sytexis Software
[2012/03/11 07:51:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TeamViewer
[2011/01/25 16:10:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Thunderbird
[2012/08/04 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client
[2011/11/13 02:19:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ts3overlay
[2012/08/14 08:32:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tunngle
[2012/06/25 18:59:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ubisoft
[2012/07/12 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity
[2012/06/07 11:07:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\VAT-Spy
[2012/06/07 11:18:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Virtuali
[2012/04/09 10:09:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Vso
[2010/12/28 13:49:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\wargaming.net
[2012/04/28 06:17:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\YoudaGames
[2012/07/20 19:21:18 | 000,000,000 | ---D | M] -- C:\ProgramData\.mono
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/12/18 07:15:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ClubSanDisk
[2011/09/21 17:59:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Codemasters
[2011/01/23 10:24:07 | 000,000,000 | ---D | M] -- C:\ProgramData\createpart
[2010/05/29 08:42:33 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2010/12/07 09:11:24 | 000,000,000 | ---D | M] -- C:\ProgramData\DATA BECKER Downloads
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/12 12:20:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2010/05/29 05:21:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/02/24 18:11:39 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/09/29 21:26:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2012/09/07 05:35:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Esellerate
[2011/01/23 10:17:09 | 000,000,000 | ---D | M] -- C:\ProgramData\explauncher
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012/08/24 06:52:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Haufe
[2010/10/14 15:35:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Hunter
[2012/04/28 06:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/01/23 10:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\launcher
[2012/08/24 06:55:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2011/09/23 19:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012/03/16 17:01:03 | 000,000,000 | ---D | M] -- C:\ProgramData\OMSI AM
[2012/09/22 17:01:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2011/10/21 20:22:32 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2011/12/03 18:33:56 | 000,000,000 | ---D | M] -- C:\ProgramData\ROCCAT
[2011/07/01 11:55:30 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2010/06/26 09:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\SEGA Corporation
[2011/09/30 10:51:48 | 000,000,000 | ---D | M] -- C:\ProgramData\sgs
[2011/08/14 05:23:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/10/16 17:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2012/08/29 14:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2012/10/18 10:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\twonkymedia
[2010/05/29 07:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2011/09/23 07:06:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2012/01/08 08:24:08 | 000,000,000 | ---D | M] -- C:\ProgramData\VideoConverter
[2012/06/07 11:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Virtuali
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/09 10:03:14 | 000,000,000 | ---D | M] -- C:\ProgramData\vsosdk
[2010/06/21 13:53:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/10/17 16:40:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001Core.job
[2012/10/18 07:40:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4073651736-2417090932-1084573536-1001UA.job
[2012/10/18 10:39:05 | 000,000,310 | -HS- | M] () -- C:\Windows\Tasks\fsiyim.job
[2012/09/19 10:42:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Code:Alles auswählenAufklappen  >
 
< %SYSTEMDRIVE%\*. >
[2012/11/15 10:09:59 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2010/09/04 16:42:31 | 000,000,000 | ---D | M] -- C:\.gem
[2011/10/15 11:53:18 | 000,000,000 | ---D | M] -- C:\Boot
[2012/12/23 18:06:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012/11/15 10:28:05 | 000,000,000 | ---D | M] -- C:\DOSBox-0.72
[2012/08/23 05:53:56 | 000,000,000 | ---D | M] -- C:\Games
[2010/05/21 07:56:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012/12/27 16:06:19 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2010/07/15 13:29:22 | 000,000,000 | ---D | M] -- C:\Lichterfelde
[2011/04/17 05:06:20 | 000,000,000 | ---D | M] -- C:\m-r-software
[2012/12/20 18:17:09 | 000,000,000 | ---D | M] -- C:\msdownld.tmp
[2010/06/13 04:13:46 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/05/05 05:17:16 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/10/01 14:38:55 | 000,000,000 | ---D | M] -- C:\Planer2
[2012/09/07 07:34:40 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/11/22 07:55:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/10/09 05:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/07/15 11:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData (x86)
[2010/05/28 16:17:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2010/10/02 04:33:17 | 000,000,000 | ---D | M] -- C:\Python26
[2010/05/28 16:17:57 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010/05/28 16:17:29 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/09/06 15:49:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/10/05 02:50:07 | 000,000,000 | ---D | M] -- C:\temp
[2010/06/03 10:29:45 | 000,000,000 | ---D | M] -- C:\TempDump
[2011/09/11 05:45:09 | 000,000,000 | ---D | M] -- C:\timer2tray
[2010/11/20 18:15:10 | 000,000,000 | ---D | M] -- C:\tmp
[2012/08/04 20:21:49 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2012/02/24 06:47:30 | 000,000,000 | R--D | M] -- C:\Users
[2012/10/16 21:01:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/02/18 03:03:10 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/10/26 01:46:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/02/18 03:03:10 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/10/26 01:46:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\OemDrv\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
[2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_093f326ff5f9285e\iaStor.sys
[2009/10/02 06:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\Drivers\iastor\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/02/18 03:03:10 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:0BB9B46A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:054B9966
< End of report >

--- --- ---

markusg · 11.01.2013, 19:44

hmm, hast du das Log erstellt wie oben? denn man sieht nur Dateien aus 2012
schaun wir mal obs so geht
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Jack9183 · 11.01.2013, 19:50

Ja habe alles so gemacht wie oben.Die CD gebrannt,Programm gestartet,die Textdateien eingetragen und scannen lassen.Nach 3 Stunden war er fertig und der Text der mir dann angezeigt wurde ist der oben den ich dir da gepostet habe.
Ps.Ich sitze an dem infizierten Rechner!

Also den Haken nicht raus nehmen dann im OTL sondern drin lassen?

markusg · 11.01.2013, 20:55

was meinst du mit, du sitzt am infiziertem pc, ich denk der kann nicht normal starten, oder arbeitest du von der cd oder wie?

Jack9183 · 11.01.2013, 21:32

Nein es ist ein Trick wie man die Sperrung umgehen kann aber das ist immer Glückssache obs geht oder nicht.Deswegen sitze ich jetzt gerade an dem Rechner der auch diesen Trojaner drauf hat!

11.01.2013, 15:16	#21
markusg /// Malware-holic	Pc gesperrt.Zahle 100 Euro.Was nun? heißt das du hast dich erneut infiziert, denn du hast gepostet, du hast keine Probleme mehr. nutzt du seiten wie kinox.to pornoseiten, illegales file sharing, dann finger weg davon, dann ists kein wunder, dass du dich erneut infiziert hst. poste noch mal ein neues otl log wie am anfang. __________________ --> Pc gesperrt.Zahle 100 Euro.Was nun?

11.01.2013, 15:57	#25
markusg /// Malware-holic	Pc gesperrt.Zahle 100 Euro.Was nun? Das log erstellen, genau. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Pc gesperrt.Zahle 100 Euro.Was nun?

Plagegeister aller Art und deren Bekämpfung: Pc gesperrt.Zahle 100 Euro.Was nun?