Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner (https://www.trojaner-board.de/123117-bundespolizei-trojaner.html)

Snowmancb 30.08.2012 20:54
Bundespolizei Trojaner
 
Hallo,

Ich habe mir gestern einen Schädling eingefangen beim surfen.
Konnte auch keinen abgesicherten Modus mehr starten, immer ein weisses Vollbild. Also OTL Image gebootet und mit diesem Script

Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

einen Scan durchgeführt.

Das ist der Log

Code:
OTL logfile created on: 8/31/2012 6:42:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 101.60 Gb Free Space | 68.18% Space Free | Partition Type: FAT32
Drive I: | 595.95 Gb Total Space | 233.49 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/12/13 09:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/19 17:10:39 | 000,927,840 | ---- | M] () [Auto] -- I:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012/08/14 15:27:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 10:51:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- I:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/17 16:31:18 | 000,116,632 | ---- | M] () [Auto] -- I:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- I:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 15:31:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 15:31:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/29 20:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 07:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/02 10:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto] -- I:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/04 17:24:30 | 003,246,040 | ---- | M] (Acronis) [Auto] -- I:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/11/23 01:23:44 | 001,112,240 | ---- | M] (Acronis) [Auto] -- I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- I:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/19 17:10:40 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System] -- I:\Windows\System32\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/06/11 05:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 10:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 10:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/06/08 10:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/05/09 15:31:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/09 15:31:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/01/25 08:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/17 08:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/11/08 07:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/09/16 11:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/04 17:24:31 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand] -- I:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/03/04 17:24:28 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot] -- I:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/03/04 17:24:25 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot] -- I:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/03/04 17:24:19 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot] -- I:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/02 17:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- I:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 22:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 22:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 22:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/02/24 06:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- I:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009/12/28 05:39:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/25 05:13:04 | 000,314,016 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/25 05:13:04 | 000,043,680 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/07/10 08:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 05:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- I:\Windows\System32\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- I:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 00:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/01 17:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/29 12:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- I:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/10/13 15:14:04 | 000,226,320 | R--- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- I:\Windows\System32\drivers\ahcix64.sys -- (ahcix64)
DRV:64bit: - [2007/10/22 02:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto] -- I:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/10/22 02:55:45 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto] -- I:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand] -- I:\Windows\System32\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2005/09/23 17:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- I:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/03/18 14:15:52 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto] -- I:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2010/06/14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- I:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/10/17 12:52:43 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- I:\Windows\gdrv.sys -- (gdrv)
DRV - [2005/10/11 15:20:56 | 000,019,328 | ---- | M] (Insyde Software) [Kernel | On_Demand] -- I:\Users\cboenicke\AppData\Local\Temp\iscFB73tmp\iscflash.sys -- (iscFlash)
DRV - [2004/10/25 14:02:58 | 000,021,664 | ---- | M] (EnTech Taiwan) [Kernel | Disabled] -- I:\Windows\SysWOW64\drivers\Entech.sys -- (.nevplaute)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_271.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: I:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: I:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: I:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: I:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: I:\Program Files (x86)\Win7codecs\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: I:\Program Files (x86)\Win7codecs\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: I:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/08/19 17:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/17 16:48:03 | 000,000,000 | ---D | M]
 
[2012/01/08 11:52:47 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 10:51:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- I:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/25 21:32:09 | 000,001,392 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/19 17:10:37 | 000,003,751 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/25 21:32:09 | 000,002,252 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/25 21:32:09 | 000,001,153 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/25 21:32:09 | 000,006,805 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/25 21:32:09 | 000,001,178 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/25 21:32:09 | 000,001,105 | ---- | M] () -- I:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - I:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - I:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - I:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - I:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] I:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [3170 Scan2PC] I:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [amd_dc_opt] I:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LifeCam] I:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mumservice]  File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] I:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] I:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SAOB Monitor] I:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Smart File Advisor] I:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SysMetrix]  File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] I:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - I:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk - I:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe - (Panasonic Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^cboenicke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk - I:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - I:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/30 22:19:44 | 002,237,440 | R--- | C] (OldTimer Tools) -- I:\OTLPE.exe
[2012/08/30 22:19:44 | 000,000,000 | ---D | C] -- I:\_OTL
[2012/08/26 07:16:29 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/08/19 17:10:49 | 000,000,000 | ---D | C] -- I:\ProgramData\AVG Secure Search
[2012/08/19 17:10:40 | 000,031,080 | ---- | C] (AVG Technologies) -- I:\Windows\System32\drivers\avgtpx64.sys
[2012/08/19 17:10:38 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/19 17:10:38 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\AVG Secure Search
[2012/08/19 17:10:09 | 000,000,000 | -H-D | C] -- I:\ProgramData\Common Files
[2012/08/19 17:10:01 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012/08/19 17:10:00 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\pdfsam
[2012/08/19 09:06:12 | 000,000,000 | ---D | C] -- I:\ProgramData\Motorola
[2012/08/19 08:45:04 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2012/08/19 08:43:37 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola MMCP Drivers Installer
[2012/08/19 08:42:47 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Common Files\MSSoap
[2012/08/19 08:42:47 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Motorola Mobility
[2012/08/19 08:39:58 | 000,000,000 | ---D | C] -- I:\Program Files\Motorola Inc
[2012/08/15 16:24:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll
[2012/08/15 16:24:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll
[2012/08/15 16:24:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\url.dll
[2012/08/15 16:24:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\url.dll
[2012/08/15 16:24:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll
[2012/08/15 16:24:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll
[2012/08/15 16:24:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieUnatt.exe
[2012/08/15 16:24:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript9.dll
[2012/08/15 16:24:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\inetcpl.cpl
[2012/08/15 16:24:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 16:24:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 16:24:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript9.dll
[2012/08/15 16:24:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll
[2012/08/15 16:24:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll
[2012/08/15 16:19:30 | 000,000,000 | ---D | C] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/15 16:19:01 | 000,503,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\srcore.dll
[2012/08/15 16:18:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\win32spl.dll
[2012/08/15 16:18:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\win32spl.dll
[2012/08/15 16:18:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\splwow64.exe
[2012/08/15 16:18:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\netapi32.dll
[2012/08/15 16:18:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\browcli.dll
[2012/08/15 16:18:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\browcli.dll
[2012/08/15 16:18:43 | 000,956,928 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\localspl.dll
[2012/08/05 18:19:43 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\imagehlp.dll
[2012/08/05 18:19:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\imagehlp.dll
[2012/08/05 18:19:43 | 000,023,408 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\drivers\fs_rec.sys
[2012/08/05 18:19:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\wintrust.dll
[2012/08/05 18:19:42 | 000,172,544 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\wintrust.dll
[2012/08/05 18:10:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\DWrite.dll
[2012/08/05 18:10:10 | 001,077,248 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\DWrite.dll
[2012/08/05 18:10:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msxml3r.dll
[2012/08/05 18:10:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msxml3r.dll
[2012/08/05 18:09:21 | 001,462,272 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\crypt32.dll
[2012/08/05 18:09:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cryptnet.dll
[2012/08/05 18:07:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ncrypt.dll
[2012/08/05 18:07:06 | 000,219,136 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ncrypt.dll
[2012/08/05 18:06:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe
[2012/08/05 18:06:48 | 003,968,368 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntkrnlpa.exe
[2012/08/05 18:06:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntoskrnl.exe
[2012/08/05 18:06:39 | 000,805,376 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\cdosys.dll
[2012/08/05 18:06:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\cdosys.dll
[2012/08/05 18:06:32 | 003,216,384 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msi.dll
[2012/08/05 18:06:31 | 002,342,400 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msi.dll
[2012/08/05 18:06:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpcorekmts.dll
[2012/08/05 18:06:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdpwsx.dll
[2012/08/05 18:06:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\rdrmemptylst.exe
[2 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[2 I:\*.tmp files -> I:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/30 16:30:19 | 2140,454,911 | -HS- | M] () -- I:\hiberfil.sys
[2012/08/30 16:30:19 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2012/08/29 11:51:53 | 000,015,376 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 11:51:53 | 000,015,376 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 11:49:13 | 000,764,044 | ---- | M] () -- I:\Windows\System32\perfh007.dat
[2012/08/29 11:49:13 | 000,707,348 | ---- | M] () -- I:\Windows\System32\perfh009.dat
[2012/08/29 11:49:13 | 000,171,162 | ---- | M] () -- I:\Windows\System32\perfc007.dat
[2012/08/29 11:49:13 | 000,139,436 | ---- | M] () -- I:\Windows\System32\perfc009.dat
[2012/08/29 11:44:22 | 000,001,112 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 15:28:02 | 000,001,116 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 17:27:00 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 07:16:30 | 000,000,000 | R--D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/26 07:16:29 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/08/26 07:16:14 | 000,001,346 | ---- | M] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/08/19 17:10:40 | 000,031,080 | ---- | M] (AVG Technologies) -- I:\Windows\System32\drivers\avgtpx64.sys
[2012/08/19 17:10:01 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012/08/19 16:47:53 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/08/19 09:07:33 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/08/19 09:07:17 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/08/19 09:07:15 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/08/19 09:06:11 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/19 09:05:39 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/08/19 09:05:39 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/08/19 09:05:01 | 000,000,000 | -H-- | M] () -- I:\Windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012/08/19 08:45:10 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2012/08/19 08:43:37 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola MMCP Drivers Installer
[2012/08/16 06:46:22 | 000,535,144 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2012/08/15 16:19:30 | 000,000,000 | ---D | M] -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/14 15:27:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 15:27:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[2 I:\*.tmp files -> I:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/26 07:16:14 | 000,001,346 | ---- | C] () -- I:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/08/19 16:47:53 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012/08/19 09:07:33 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012/08/19 09:07:17 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012/08/19 09:07:15 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012/08/19 09:06:11 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/19 09:05:39 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/08/19 09:05:39 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/08/19 09:05:01 | 000,000,000 | -H-- | C] () -- I:\Windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012/02/29 07:26:56 | 000,416,064 | ---- | C] () -- I:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 09:03:40 | 000,045,056 | ---- | C] () -- I:\Windows\SysWow64\rtvcvfw32.dll
[2011/08/31 11:28:48 | 000,252,928 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/18 14:14:49 | 000,000,530 | ---- | C] () -- I:\Windows\eReg.dat
[2010/04/19 12:45:40 | 000,111,932 | ---- | C] () -- I:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/04/19 12:45:40 | 000,031,053 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern131.dat
[2010/04/19 12:45:40 | 000,027,417 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern121.dat
[2010/04/19 12:45:40 | 000,026,154 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern1.dat
[2010/04/19 12:45:40 | 000,024,903 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern3.dat
[2010/04/19 12:45:40 | 000,021,390 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern5.dat
[2010/04/19 12:45:40 | 000,020,148 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern2.dat
[2010/04/19 12:45:40 | 000,011,811 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern4.dat
[2010/04/19 12:45:40 | 000,004,943 | ---- | C] () -- I:\Windows\SysWow64\EPPICPattern6.dat
[2010/04/19 12:45:40 | 000,001,146 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/04/19 12:45:40 | 000,001,139 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/04/19 12:45:40 | 000,001,139 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/04/19 12:45:40 | 000,001,136 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/04/19 12:45:40 | 000,001,129 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/04/19 12:45:40 | 000,001,129 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/04/19 12:45:40 | 000,001,120 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/04/19 12:45:40 | 000,001,107 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/04/19 12:45:40 | 000,001,104 | ---- | C] () -- I:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/04/19 12:45:40 | 000,000,097 | ---- | C] () -- I:\Windows\SysWow64\PICSDK.ini
[2010/03/13 18:25:29 | 000,002,516 | -HS- | C] () -- I:\ProgramData\KGyGaAvL.sys
[2010/03/13 18:25:29 | 000,000,088 | RHS- | C] () -- I:\ProgramData\3DE1C37709.sys
[2010/03/10 01:03:42 | 000,120,200 | ---- | C] () -- I:\Windows\SysWow64\DLLDEV32i.dll
[2010/03/10 01:03:15 | 000,007,119 | ---- | C] () -- I:\Windows\mgxoschk.ini
[2010/03/10 00:25:49 | 000,000,238 | ---- | C] () -- I:\Windows\ULEAD32.INI
[2010/03/10 00:25:18 | 000,000,014 | ---- | C] () -- I:\Windows\dswplug.ini
[2010/02/20 23:48:22 | 000,085,504 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll
[2010/02/20 17:28:28 | 000,002,560 | ---- | C] () -- I:\Windows\_MSRSTRT.EXE
[2010/01/31 15:41:38 | 000,000,075 | ---- | C] () -- I:\ProgramData\nvUnsupRes.dat
[2009/12/23 14:15:43 | 000,479,232 | ---- | C] () -- I:\Windows\ssndii.exe
[2009/12/23 14:15:25 | 000,036,864 | ---- | C] () -- I:\Windows\SysWow64\SvcMan.exe
[2009/12/23 14:15:21 | 000,172,032 | ---- | C] () -- I:\Windows\SysWow64\SecSNMP.dll
[2009/12/23 13:59:38 | 000,110,592 | R--- | C] () -- I:\Windows\Wiainst.exe
[2009/10/27 19:52:30 | 000,000,056 | ---- | C] () -- I:\Windows\SysWow64\ezsidmv.dat
[2009/10/21 14:12:37 | 001,664,664 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/18 18:41:01 | 000,003,972 | ---- | C] () -- I:\Windows\SysWow64\drivers\PciBus.sys
[2009/10/17 09:18:40 | 000,000,010 | ---- | C] () -- I:\Windows\GSetup.ini
[2009/08/16 05:08:36 | 000,178,176 | ---- | C] () -- I:\Windows\SysWow64\unrar.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- I:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- I:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\SysWow64\mlang.dat
[2009/05/29 10:52:26 | 000,204,800 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 10:47:06 | 000,881,664 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll
[2007/10/25 12:26:10 | 000,005,632 | ---- | C] () -- I:\Windows\SysWow64\drivers\StarOpen.sys
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- I:\Windows\GSetup.exe
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- I:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2011/03/04 21:05:30 | 000,000,000 | ---D | M] -- I:\ProgramData\Acronis
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2012/08/19 17:10:50 | 000,000,000 | ---D | M] -- I:\ProgramData\AVG Secure Search
[2012/05/15 10:24:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Battle.net
[2012/08/19 17:10:09 | 000,000,000 | -H-D | M] -- I:\ProgramData\Common Files
[2009/12/28 05:38:44 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2010/02/18 16:00:34 | 000,000,000 | ---D | M] -- I:\ProgramData\DrTax
[2010/12/24 15:32:27 | 000,000,000 | ---D | M] -- I:\ProgramData\eMule
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2010/09/24 10:49:38 | 000,000,000 | ---D | M] -- I:\ProgramData\ifolor
[2010/03/23 13:10:02 | 000,000,000 | ---D | M] -- I:\ProgramData\MAGIX
[2012/08/19 09:06:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Motorola
[2009/11/21 15:33:11 | 000,000,000 | ---D | M] -- I:\ProgramData\NCH Swift Sound
[2010/04/19 13:30:14 | 000,000,000 | ---D | M] -- I:\ProgramData\Panasonic
[2011/01/02 06:03:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Pinnacle
[2011/01/02 06:03:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Pinnacle Studio Plus
[2010/03/11 17:33:39 | 000,000,000 | ---D | M] -- I:\ProgramData\Pinnacle Studio Ultimate Collection
[2011/11/22 08:21:20 | 000,000,000 | ---D | M] -- I:\ProgramData\Samsung
[2010/03/12 19:08:54 | 000,000,000 | ---D | M] -- I:\ProgramData\Shark007
[2010/02/13 14:41:44 | 000,000,000 | ---D | M] -- I:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/01/02 06:03:15 | 000,000,000 | ---D | M] -- I:\ProgramData\Studio 14
[2010/12/24 15:19:14 | 000,000,000 | ---D | M] -- I:\ProgramData\Tages
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2010/08/29 07:09:33 | 000,000,000 | ---D | M] -- I:\ProgramData\Ubisoft
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2010/03/12 19:10:53 | 000,000,000 | ---D | M] -- I:\ProgramData\Win7codecs
[2012/06/09 09:36:47 | 000,032,640 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/10/17 07:45:10 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2012/01/24 17:50:49 | 000,000,000 | ---D | M] -- I:\Battlefield 3
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2010/03/13 18:23:50 | 000,000,000 | ---D | M] -- I:\IExp0.tmp
[2010/03/13 18:23:52 | 000,000,000 | ---D | M] -- I:\IExp1.tmp
[2012/03/07 17:23:45 | 000,000,000 | ---D | M] -- I:\inetpub
[2009/10/18 07:43:05 | 000,000,000 | ---D | M] -- I:\Live! Cam
[2009/10/19 16:21:39 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2012/05/15 13:30:07 | 000,000,000 | ---D | M] -- I:\NVIDIA
[2009/10/18 08:52:10 | 000,000,000 | ---D | M] -- I:\OscarData
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2009/12/28 17:06:45 | 000,000,000 | ---D | M] -- I:\platodvdripper
[2012/08/19 08:39:58 | 000,000,000 | R--D | M] -- I:\Program Files
[2012/08/19 17:10:38 | 000,000,000 | R--D | M] -- I:\Program Files (x86)
[2012/08/19 17:10:49 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\Programme
[2010/11/22 15:55:54 | 000,000,000 | ---D | M] -- I:\Programs
[2009/10/17 07:44:58 | 000,000,000 | -HSD | M] -- I:\Recovery
[2012/08/26 09:01:34 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2012/08/29 11:44:17 | 000,000,000 | ---D | M] -- I:\Temp
[2012/05/19 05:27:25 | 000,000,000 | R--D | M] -- I:\Users
[2012/08/28 16:16:43 | 000,000,000 | ---D | M] -- I:\Windows
[2012/08/30 22:19:44 | 000,000,000 | ---D | M] -- I:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009/05/15 09:17:02 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=18312FA8B6AAEC330A2A9483A77FF650 -- I:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0 HD\HDWTools\EventLog.dll
[2009/07/17 02:15:14 | 000,043,008 | ---- | M] (Panasonic Corporation) MD5=3D64F1720C7B740CE7E3B9AA50F3633F -- I:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0 HD\Core\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- I:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- I:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- I:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Könnte mir jemand weiterhelfen - danke

Grüsse

t'john 31.08.2012 16:08
Fixen mit OTLpe


  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.



  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - I:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - I:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O4 - HKLM..\Run: [mumservice] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SysMetrix] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk - I:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe - (Panasonic Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^cboenicke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk - I:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - I:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - I:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - 2

[2010/03/13 18:25:29 | 000,002,516 | -HS- | C] () -- I:\ProgramData\KGyGaAvL.sys
[2010/03/13 18:25:29 | 000,000,088 | RHS- | C] () -- I:\ProgramData\3DE1C37709.sys


[2012/08/30 22:19:44 | 000,000,000 | ---D | C] -- I:\_OTL

[2012/08/29 11:44:17 | 000,000,000 | ---D | M] -- I:\Temp
 
[2009/12/23 14:15:43 | 000,479,232 | ---- | C] () -- I:\Windows\ssndii.exe

:Files
C:\Users\SYSTEM\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\SYSTEM\AppData\Local\Temp\*.exe
C:\Users\SYSTEM\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

t'john 18.10.2012 01:18
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132