| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.02.2012, 17:14
| #1 |
 |  Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Wie der Titel sagt, hatte ich beim booten das Problem, das ein Fenster aufploppte mit der Meldung "Can not find dwlgina3.dll". Ich konnte sonst nichts machen, auch nicht den Taskmanager starten. Als ich den PC nochmals gestartet habe kam nach dem Login der Bildschirm des GEMA-Trojaners. Wie soll ich vorgehen? Ich habe OTLPENet auf eine CD gebrannt, jedoch konnte ich leider nicht von der CD booten. |
|
17.02.2012, 17:17
| #2 |
| /// Malware-holic   | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner hi,
__________________wieso nicht. versuchs nach der anleitung: download: ISO Burner Download - ISO Burner 2.5 isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
17.02.2012, 17:27
| #3 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Okay,
__________________hab das Problem entdeckt, hatte USB CDROM Boot priorität auf 1 und nicht die meines DVD-Rom Laufwerks. Jetzt habe ich von der CD gebootet und der Windows XP Startbildschirm kam auf, jedoch habe ich auf einmal einen Bluescreen gehabt: "A Problem has been detected and Windows has been shut down to prevent damage to your Computer..." |
|
17.02.2012, 17:28
| #4 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner hi, prüfe im bios ob Ahci oder ide modus gewählt ist, stelle dan jeweils das gegenteilige ein und versuche es erneut.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 18:18
| #5 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner So, danke erstmal das hat geholfen  Jetzt habe ich den Scan gestartet. Code:
ATTFilter OTL logfile created on: 2/17/2012 5:49:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 452.66 Gb Total Space | 40.27 Gb Free Space | 8.90% Space Free | Partition Type: NTFS
Drive E: | 3.64 Gb Total Space | 3.64 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/08 00:18:46 | 000,697,616 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/08 00:18:46 | 000,056,592 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/08 00:18:44 | 000,957,712 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2010/04/23 03:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 05:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- D:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/09 07:28:55 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/07 07:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/11/03 13:18:24 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/02 06:07:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 09:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/20 12:09:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2011/01/20 11:41:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/01/20 11:40:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/09/29 11:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/13 22:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/13 22:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- D:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 02:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/04/07 23:18:38 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto] -- D:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto] -- D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/07/02 06:07:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 06:07:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/24 18:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/10 01:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/04 10:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/16 10:29:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/06 02:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/02 02:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- D:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 02:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/08/10 03:38:50 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 03:38:50 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/08/10 03:38:40 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2010/08/10 03:38:40 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/07/29 20:35:08 | 001,588,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2010/04/19 03:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/23 06:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/21 04:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/02/10 02:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 01:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/02 05:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- D:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/16 09:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008/11/16 11:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/10/11 19:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/10/11 18:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2010/08/26 06:18:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/26 23:23:20] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/28 12:51:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/29 00:44:31] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2004/12/31 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\Michael_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.102.0: D:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: D:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 05:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/06 10:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 18:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/19 09:48:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 05:12:32 | 000,000,000 | ---D | M]
[2012/01/19 18:05:45 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/01/19 12:28:33 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\580bvisj.default\extensions
[2012/01/19 12:28:33 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\580bvisj.default\extensions\foxyproxy@eric.h.jung
[2012/01/19 18:05:35 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/12/21 02:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- D:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/12/21 00:08:50 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 00:02:40 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:08:50 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 00:08:50 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 00:08:50 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 00:08:50 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Michael_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] D:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] D:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] D:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] D:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] D:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CvhbsL1vQSVXtmN] D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O4 - HKLM..\Run: [EgisTecPMMUpdate] D:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] D:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Module Loader] D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RemoteControl10] D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SuiteTray] D:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Michael_ON_D..\Run: [CvhbsL1vQSVXtmN] D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O4 - HKU\Michael_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Michael_ON_D..\Run: [ICQ] D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Michael_ON_D..\Run: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\Michael_ON_D..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Michael_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Michael_ON_D..\Run: [VeohPlugin] D:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Michael_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15:64bit: - Michael_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Michael_ON_D Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: CTRegRun - hkey= - key= - D:\Windows\Ctregrun.exe (Creative Technology Ltd )
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - D:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/02/17 08:34:36 | 000,134,144 | ---- | C] (Корпорация Майкрософт) -- D:\Users\Michael\AppData\Roaming\dwlGina3.dll
[2012/02/16 12:03:19 | 000,417,792 | ---- | C] (jGpBGDOftC) -- D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe
[2012/02/10 09:27:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/10 09:27:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\LogMeIn Hamachi
[2012/01/30 09:39:23 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{E3B7C889-E301-4DA0-9C86-0835AD31ED16}
[2012/01/30 09:39:12 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{B0A49A30-3C19-4BC9-B9E2-7381AAF4EA53}
[2012/01/20 16:37:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/19 14:48:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2012/01/19 14:48:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\webio.dll
[2012/01/19 14:48:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\webio.dll
[2012/01/19 14:48:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2012/01/19 14:48:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2012/01/19 14:48:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2010/06/28 17:42:29 | 000,049,464 | ---- | C] ( ) -- D:\Windows\AutosetFrequency.exe
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- D:\Users\Michael\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- D:\Users\Michael\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\bass.dll
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/17 11:11:46 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/02/17 11:11:39 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 11:10:23 | 3113,254,912 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/17 08:51:26 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 08:51:26 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 08:34:36 | 000,134,144 | ---- | M] (Корпорация Майкрософт) -- D:\Users\Michael\AppData\Roaming\dwlGina3.dll
[2012/02/16 23:07:00 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 12:03:18 | 000,417,792 | ---- | M] (jGpBGDOftC) -- D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe
[2012/02/16 09:09:58 | 000,000,502 | -H-- | M] () -- D:\Windows\tasks\Norton Security Scan for Michael.job
[2012/02/10 13:32:19 | 000,000,313 | RH-- | M] () -- D:\Windows\ctfile.rfc
[2012/02/10 09:27:56 | 000,000,930 | ---- | M] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/02/10 09:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/01/31 13:30:07 | 000,708,018 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/01/31 13:30:07 | 000,661,596 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/01/31 13:30:07 | 000,153,320 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/01/31 13:30:07 | 000,125,528 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/01/22 12:14:04 | 000,015,404 | ---- | M] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 16:42:23 | 001,621,666 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/20 14:54:48 | 000,000,183 | ---- | M] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | M] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/06 11:42:06 | 000,000,930 | ---- | C] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/01/22 14:49:44 | 000,015,404 | ---- | C] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 14:54:48 | 000,000,183 | ---- | C] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | C] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
[2011/06/24 10:48:47 | 000,000,095 | ---- | C] () -- D:\Users\Michael\AppData\Local\fusioncache.dat
[2011/06/14 03:49:30 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/11 19:54:28 | 000,001,479 | ---- | C] () -- D:\Users\Michael\AppData\Local\RecConfig.xml
[2011/02/21 06:25:34 | 000,280,904 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/02/21 06:25:11 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/01/29 11:00:24 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2011/01/20 11:49:33 | 000,181,760 | ---- | C] () -- D:\Windows\SysWow64\APOMngr.DLL
[2011/01/20 11:49:33 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\CmdRtr.DLL
[2011/01/20 11:44:36 | 000,001,772 | ---- | C] () -- D:\ProgramData\cfSB1095.ini
[2011/01/04 10:10:56 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 10:10:56 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 10:10:56 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 10:10:56 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/08 13:35:15 | 000,004,608 | ---- | C] () -- D:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 15:27:34 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/10/15 13:51:07 | 000,118,073 | ---- | C] () -- D:\Windows\War3Unin.dat
[2010/09/30 09:26:20 | 000,000,064 | ---- | C] () -- D:\Windows\wininit.ini
[2010/09/22 05:04:38 | 000,188,799 | ---- | C] () -- D:\Windows\hpoins38.dat
[2010/09/22 04:28:44 | 001,621,666 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 11:34:47 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/06/28 17:42:29 | 000,632,056 | ---- | C] () -- D:\Windows\Image.dll
[2010/06/28 17:42:29 | 000,206,208 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/06/28 17:42:29 | 000,025,848 | ---- | C] () -- D:\Windows\USB_VIDEO_REG.exe
[2010/06/28 17:42:29 | 000,000,637 | ---- | C] () -- D:\Windows\AutoSetFrequency.ini
[2010/06/28 17:42:29 | 000,000,378 | ---- | C] () -- D:\Windows\PidList.ini
[2010/05/06 06:24:50 | 000,131,472 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2010/01/29 15:26:56 | 000,000,548 | ---- | C] () -- D:\Windows\hpomdl38.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- D:\Users\Michael\AppData\Local\lame_enc.dll
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- D:\Windows\SysWow64\DLLDEV32i.dll
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- D:\Users\Michael\AppData\Local\no23xwrapper.dll
[2005/04/06 10:27:14 | 000,237,568 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2005/04/06 10:24:40 | 001,216,512 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
========== LOP Check ==========
[2010/05/06 06:36:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/05/06 06:43:51 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2011/08/19 08:28:47 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2010/10/04 11:10:35 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2010/10/14 11:25:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2010/11/06 11:47:53 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/10/07 10:10:46 | 000,000,000 | ---D | M] -- D:\ProgramData\CMUV
[2010/10/16 10:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/10/27 13:10:18 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2010/06/28 17:33:23 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec IPS
[2011/11/03 11:53:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2010/05/06 06:32:36 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/03/16 19:45:03 | 000,000,000 | ---D | M] -- D:\ProgramData\MAGIX
[2010/05/06 06:31:18 | 000,000,000 | ---D | M] -- D:\ProgramData\OberonGameConsole
[2010/09/21 11:17:02 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2011/11/06 13:36:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2010/10/16 10:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2012/02/16 22:47:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/03/02 08:42:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Saitek
[2011/02/12 08:01:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2010/10/02 13:33:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/11/26 16:39:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/20 14:35:09 | 000,000,000 | ---D | M] -- D:\ProgramData\TrackMania
[2010/09/24 06:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/09/22 04:54:18 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/12/13 03:19:15 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/09/21 11:16:33 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011/01/02 00:06:06 | 000,000,000 | ---D | M] -- D:\AV_LOGS
[2010/06/28 17:33:32 | 000,000,000 | ---D | M] -- D:\book
[2012/02/10 09:27:59 | 000,000,000 | -H-D | M] -- D:\Config.Msi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011/10/31 06:51:05 | 000,000,000 | ---D | M] -- D:\Hotspot Shield
[2010/05/06 06:20:18 | 000,000,000 | ---D | M] -- D:\Intel
[2012/01/21 18:11:21 | 000,000,000 | ---D | M] -- D:\lol
[2011/08/22 21:25:24 | 000,000,000 | ---D | M] -- D:\Michael Persönlich
[2010/09/22 04:54:00 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2011/12/31 13:13:46 | 000,000,000 | ---D | M] -- D:\Musik von Mielkes
[2011/10/27 17:54:06 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2010/09/21 11:16:25 | 000,000,000 | -H-D | M] -- D:\OEM
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/11/10 16:45:14 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/02/10 09:27:55 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2011/11/06 13:37:17 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Programme
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011/10/27 11:08:45 | 000,000,000 | R--D | M] -- D:\Sandbox
[2012/01/16 13:52:02 | 000,000,000 | ---D | M] -- D:\Spiele
[2012/02/08 18:01:30 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011/01/09 14:41:14 | 000,000,000 | ---D | M] -- D:\Temp
[2010/09/21 11:14:52 | 000,000,000 | R--D | M] -- D:\Users
[2011/01/02 00:06:09 | 000,000,000 | ---D | M] -- D:\vcs5BGEffects
[2011/01/02 00:06:50 | 000,000,000 | ---D | M] -- D:\vcs5core
[2011/10/04 13:30:21 | 000,000,000 | ---D | M] -- D:\VWLUPO
[2012/02/10 13:32:19 | 000,000,000 | ---D | M] -- D:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\drivers\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_795c144097e6ce0c\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> D:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> D:\ProgramData\Temp:5D7E5A8F
< End of report >
|
|
17.02.2012, 18:33
| #6 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKLM..\Run: [CvhbsL1vQSVXtmN] D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O4 - HKU\Michael_ON_D..\Run: [CvhbsL1vQSVXtmN] D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
O20 - HKU\Michael_ON_D Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe (jGpBGDOftC)
[2012/02/17 08:34:36 | 000,134,144 | ---- | C] (Корпорация Майкрософт) -- D:\Users\Michael\AppData\Roaming\dwlGina3.dll
:Files
D:\Users\Michael\AppData\Roaming\y4w5uyh5.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 edit: bei dir evtl. auf d:
__________________ --> Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner |
|
17.02.2012, 18:59
| #7 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner So, die Datei wurde hochgeladen. Freue mich meinen Desktop mal wieder zu sehen Danke :P |
|
17.02.2012, 19:03
| #8 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner hi, danke dir für den upload. bitte surfe aber nur auf von mir benannten seiten, bis wir den pc sauber und die sicherheitslücken geschlossen haben. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 19:07
| #9 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Ich hab jetzt nur ein Problem. Ich habe keine Icons auf dem Dektop und aknn auch keinen Rechtsklick machen um auf Ansicht zu kommen. Was soll ich tun? |
|
17.02.2012, 19:10
| #10 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner gehts im abgesicherten modus mit netzwerk? bei pc neustart mit f8 zu erreichen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 19:17
| #11 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Nee, das hat leider auch nicht funktioniert. |
|
17.02.2012, 19:21
| #12 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner dann erstelle noch mal nen log über die otl cd bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 19:42
| #13 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Soll ich wenn ich OTLPE starte bei dem Fenster mit "automatically Load All Remaining Users" ein bestimmtes Profil auswählen oder auf LocalService lassen? |
|
17.02.2012, 19:53
| #14 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner so wie vorhin war ok.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 19:57
| #15 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Vorhin hatte ich esnämlich auf User "Michael" umgestellt jetzt lasse ich es gerade auf "LocalService" laufen. Möchtest du beide Logs haben? |
|
| Themen zu Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner |
| .dll, bildschirm, blackscreen, booten, dwlgina3.dll, fenster, gema-trojaner, gestartet, konnte, login, meldung, nichts, nochmals, not, otlpe, otlpenet, problem, starte, taskma, taskmanager, titel, vorgehen |
