verschluesselungs trojaner olt scan vorhanden
Hallo,
ich habe einen pc mit dem verschluesselungs trojaner.
waere super wenn mir einer helfen koennte
hier der olt scan output
danke im vorraus fuer die Hilfe
tyran Zitat:
OTL logfile created on: 5/24/2012 5:02:39 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.25 Gb Total Space | 386.00 Gb Free Space | 84.98% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2012/05/10 00:56:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/09 00:44:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 00:44:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/26 00:49:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 02:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 02:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/26 01:46:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/24 14:48:25 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/08/25 21:57:04 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/02/18 08:26:44 | 001,047,368 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/18 08:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (cpuz134)
DRV - [2012/05/09 00:44:31 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 00:44:31 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/01 02:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 02:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 02:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 02:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/24 14:21:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/25 23:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/25 23:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/25 21:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 14:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/10/14 02:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/22 21:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 21:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fa._Kathan_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
IE - HKU\Fa._Kathan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
IE - HKU\Fa._Kathan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 00:49:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 01:53:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/10 03:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/22 08:21:29 | 000,000,000 | ---D | M]
[2012/01/30 01:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/26 00:49:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/30 04:51:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/22 01:34:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/22 01:34:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/22 01:34:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/22 01:34:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/22 01:34:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/22 01:34:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\Fa._Kathan_ON_C..\Run: [B030F408] C:\Users\...\AppData\Roaming\Atvjezfnm\91034155B030F40816EE.exe ( passato tanto tempo)
O4 - HKU\Fa._Kathan_ON_C..\Run: [packqd] C:\Users\...\AppData\Roaming\packqd.exe ()
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/05/24 07:05:51 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Atvjezfnm
[2012/05/24 07:05:21 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\Akte
[2012/05/23 03:50:52 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\{1D411B5E-7FE6-485D-9B45-7C722FA4D374}
[2012/05/10 07:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/10 07:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/10 07:38:25 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/05/10 07:38:25 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/05/10 00:56:56 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/05/09 00:50:03 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/09 00:50:03 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/09 00:50:03 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/09 00:49:10 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/04/30 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Preislisten 06.03.2012
[2012/04/30 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2012/04/26 00:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 00:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
========== Files - Modified Within 30 Days ==========
[2012/05/24 09:47:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/24 09:34:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/24 09:18:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 09:18:14 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 09:10:49 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 02:12:41 | 000,023,552 | ---- | M] () -- C:\Users\...\Documents\QJAqnosDeldfxsNOrgE
[2012/05/18 00:59:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/17 02:21:50 | 000,410,096 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/16 12:29:46 | 000,703,696 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/16 12:29:46 | 000,664,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/16 12:29:46 | 000,148,644 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/16 12:29:46 | 000,124,938 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/16 12:23:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/16 02:01:07 | 000,030,208 | ---- | M] () -- C:\Users\...\Documents\ONLofdQJDeVdyA
[2012/05/10 07:38:07 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/05/10 07:38:07 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/05/10 03:19:54 | 000,001,975 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/05/10 03:19:54 | 000,001,963 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/05/10 03:19:54 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/05/10 00:56:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/05/10 00:56:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/05/09 00:44:31 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/09 00:44:31 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/02 14:09:38 | 000,015,149 | ---- | M] () -- C:\Users\...\Desktop\LgNvQVUtGaXDenEyAuv
[2012/04/30 14:01:34 | 000,001,919 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein Traktor Preisliste 3-2012.lnk
[2012/04/30 14:01:34 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Mein Traktor Preisliste 3-2012.lnk
========== Files Created - No Company Name ==========
[2012/05/10 03:19:54 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/05/10 00:56:59 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 14:01:34 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein Traktor Preisliste 3-2012.lnk
[2012/04/30 14:01:34 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Mein Traktor Preisliste 3-2012.lnk
[2011/08/26 04:10:32 | 000,000,078 | ---- | C] () -- C:\windows\ricdb.ini
[2011/08/24 05:19:03 | 000,007,671 | ---- | C] () -- C:\windows\hpdj6122.ini
[2011/08/24 02:56:31 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/06/24 01:07:05 | 000,252,928 | ---- | C] () -- C:\windows\System32\DShowRdpFilter.dll
[2011/06/24 01:06:24 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/03/02 13:09:08 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/01/21 10:43:05 | 000,000,242 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/01/21 10:43:05 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/01/21 10:42:06 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll
[2011/01/21 10:42:06 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/01/21 10:42:06 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2010/11/24 15:05:44 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2010/11/24 15:05:44 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2010/11/24 15:04:44 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/11/24 15:04:44 | 000,000,065 | ---- | C] () -- C:\windows\System32\BD8460N.DAT
[2010/11/24 15:04:37 | 000,045,056 | ---- | C] () -- C:\windows\System32\PTRCGER.DLL
[2010/11/24 15:04:28 | 000,045,056 | ---- | C] () -- C:\windows\System32\BRTCPCON.DLL
[2010/11/24 15:04:25 | 000,000,114 | ---- | C] () -- C:\windows\System32\BRLMW03A.INI
[2010/11/24 14:21:42 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/10/14 03:10:03 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/10/14 03:05:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/20 01:24:22 | 000,002,857 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2010/09/20 01:24:21 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2010/09/20 01:24:21 | 000,219,348 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/09/20 01:24:21 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/09/30 06:31:01 | 000,703,696 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/30 06:31:01 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/30 06:31:01 | 000,148,644 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/30 06:31:01 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,410,096 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,664,242 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,124,938 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 19:11:09 | 000,197,121 | ---- | C] () -- C:\Users\...\AppData\Roaming\packqd.exe
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2000/05/04 10:21:22 | 000,129,024 | R--- | C] () -- C:\windows\System32\ZipDll.dll
[2000/05/04 10:21:22 | 000,115,200 | R--- | C] () -- C:\windows\System32\UnzDll.dll
[1998/08/23 14:36:00 | 000,063,488 | ---- | C] () -- C:\windows\System32\eztw32.dll
[1601/02/13 04:28:18 | 000,000,017 | ---- | C] () -- C:\Users\...\AppData\Local\AypTslUVGsrOQvjq
========== LOP Check ==========
[2012/05/24 07:05:51 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Atvjezfnm
[2012/05/24 07:17:10 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DAEMON Tools Lite
[2011/08/24 05:19:45 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\InterTrust
[2010/11/24 15:23:39 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\KeePass
[2012/05/22 13:44:37 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\SoftGrid Client
[2012/05/24 07:17:14 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TeamViewer
[2010/11/24 14:25:04 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Thunderbird
[2012/01/31 07:14:03 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TP
[2011/11/02 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\TuneUp Software
[2010/11/24 14:01:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/11/24 14:20:28 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/11/24 14:01:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/11/24 14:01:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/05/24 07:16:54 | 000,000,000 | ---D | M] -- C:\ProgramData\hds
[2011/08/26 04:10:31 | 000,000,000 | ---D | M] -- C:\ProgramData\RICOH
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/11/24 14:01:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/11/24 14:48:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/02/01 05:32:04 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2010/11/24 14:01:45 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/11/24 14:47:48 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/04/02 00:52:47 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
| |
