| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner nicht vom Laptop entfernbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.05.2013, 18:06
| #1 |
 |  Trojaner nicht vom Laptop entfernbar Leider scheint auch mein Laptop von einem Trojaner befallen zu sein. Wenn ich den Laptop hinauffahre erscheint ein weisser Bildschirm und ich kann nichts mehr machen. Ich habe schon alle Anweisungen auf diesen Seiten genau befolgt (Oldtimer OTLPE Cd gebrannt , bin über die CD hochfahren und habe alle Schritte genau durchgeführt ) aber wenn ich jetzt hochfahre kommt wieder der weiße Bildschirm . Wenn ich über den gesicherten Modus hochfahren will fährt der Laptop von selbst wieder herunter . Kann mir jemand helfen ? Vielen Dank im Voraus . LG lakyluke |
|
27.05.2013, 18:07
| #2 |
| /// Malware-holic   |  Trojaner nicht vom Laptop entfernbar Hi,
__________________kommst du an nen pc mit brenner? download: http://filepony.de/download-isoburner/ isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
27.05.2013, 18:39
| #3 |
| | Trojaner nicht vom Laptop entfernbar Hallo ! Danke für die prompte Antwort. CD habe ich ja schon (habe ich mir gestern ausgeborgt ) heute schreibe ich mit meinem Pad . Nach Doppelklick auf diesenOTLPE schreibt der Laptop " No Windows installations found ". Was jetzt ? Danke und LG
__________________ |
|
27.05.2013, 18:40
| #4 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar Hi, mal nacheinander die Ordner aufklappen, bis du den Ordner Windows bzw Wind findest, da drauf klicken und dann scant er
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 18:52
| #5 |
| | Trojaner nicht vom Laptop entfernbar Hallo Markus ! Scan ist durch. Ich habe den Text aus OTL .txt nach Zustrom Scan kopiert . Leider gibt es hier keinen Zugriff auf den USB Stick . Was soll ich jetzt weiter machen? Danke ! |
|
27.05.2013, 18:53
| #6 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar text mal versuchen auf dem infiziertem Gerät zu speichern, Stick raus, neustart, Stick rein, dann sollts passen
__________________ --> Trojaner nicht vom Laptop entfernbar |
|
27.05.2013, 19:15
| #7 |
| |  Trojaner nicht vom Laptop entfernbar Konnte die File auf den USB- Stick kopieren , aber wenn ich den Laptop hochfahren will, ist wieder der Bildschirm weiß . ?.. |
|
27.05.2013, 19:36
| #8 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar Na, das war bisher ja auch nur ein Scan, jetzt brauch ich das Texfile
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 20:57
| #9 |
| | Trojaner nicht vom Laptop entfernbar Ich probiers nochmal - lässt sich anscheinend nicht hochladen. Sonst mach ichs morgen vom Arbeitsplatz aus. LG und gute Nacht! |
|
27.05.2013, 21:02
| #10 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar dann kopiers rein, evtl. aufteilen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 10:00
| #11 |
| |  Trojaner nicht vom Laptop entfernbar Hallo Markus! Ich möchte dir jetzt den Texfile vom USB-Stick aus senden, jedoch hat dieser eine Kapazität von 143 KB, daraus müsste ich jede Menge einzelner Word-Dateien machen, da nur 19 KB möglich sind ... Frage: geht das nicht einfacher? Danke + LG Lakyluke |
|
28.05.2013, 10:07
| #12 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar dann poste ihn hier, oder packe ihn oder teile in in 2 hälften.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 10:58
| #13 |
| | Trojaner nicht vom Laptop entfernbar OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/27/2013 11:00:54 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.87 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 450.44 Gb Total Space | 329.14 Gb Free Space | 73.07% Space Free | Partition Type: NTFS
Drive E: | 988.69 Mb Total Space | 988.69 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/02/19 08:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 08:53:32 | 000,218,760 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 08:51:54 | 000,241,456 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 16:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 07:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/08/18 17:40:12 | 000,796,192 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto] -- D:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/05/18 00:37:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/08 07:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/04 05:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 03:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 03:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 13:52:02 | 000,312,784 | ---- | M] () [Auto] -- D:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009/08/20 20:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/07 05:18:54 | 000,311,592 | ---- | M] () [Auto] -- D:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/06 01:21:04 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto] -- D:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/07/09 21:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/02/19 08:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 08:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 08:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 08:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 08:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 08:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 08:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/09/20 00:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/09/20 00:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/06/27 04:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012/06/27 04:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2012/06/27 04:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2012/06/27 04:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2012/04/20 10:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2011/10/01 03:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 03:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 03:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 03:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/02/02 12:27:01 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/10/30 01:34:10 | 000,029,184 | ---- | M] (Egistec) [Kernel | Auto] -- D:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/21 02:13:12 | 000,006,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009/07/21 02:13:10 | 000,025,088 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/20 07:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- D:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/14 12:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/05/01 14:13:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV - [2009/09/10 09:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\karinlaky_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.at/tb/ie_startpage
IE - HKU\karinlaky_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
IE - HKU\karinlaky_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\karinlaky_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: D:\Program Files\McAfee\MSC\npMcSnFFPl64.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: D:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: D:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10: D:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin: D:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: D:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/02/08 14:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/09 04:44:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/25 13:47:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/05/20 04:40:25 | 000,000,000 | ---D | M]
[2011/07/27 10:43:08 | 000,000,000 | ---D | M] (No name found) -- D:\Users\karinlaky\AppData\Roaming\Mozilla\Extensions
[2012/08/10 10:43:47 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/10 10:43:48 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) --
[2013/02/08 14:23:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- D:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/11/17 14:14:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/31 14:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/11/17 14:14:05 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/17 14:14:05 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/17 14:14:05 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/17 14:14:05 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/17 14:14:05 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/17 14:14:05 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120725195922.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - D:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - D:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - D:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - D:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120725195922.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - D:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - D:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - D:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - D:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\karinlaky_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\karinlaky_ON_D\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - D:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\karinlaky_ON_D\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - D:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] D:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] D:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] D:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [InstantAccess] D:\Program Files (x86)\TextBridge Pro 9.0\Bin\InstantAccess.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MailCheck IE Broker] D:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] D:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RegisterDropHandler] D:\Program Files (x86)\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - HKLM..\Run: [VitaKeyPdtWzd] D:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\karinlaky_ON_D..\Run: [] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\karinlaky_ON_D..\Run: [Device Detection] File not found
O4 - HKU\karinlaky_ON_D..\Run: [KiesAirMessage] File not found
O4 - HKU\karinlaky_ON_D..\Run: [KiesPreload] D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKLM..\RunServices: [RegisterDropHandler] D:\Program Files (x86)\TextBridge Pro 9.0\Bin\RegisterDropHandler.exe ()
O4 - Startup: D:\Users\karinlaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O4 - Startup: D:\Users\karinlaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ()
O4 - Startup: D:\Users\karinlaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk ()
O4 - Startup: D:\Users\karinlaky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reminder-ScanSoft Produkt Registrierung.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\karinlaky_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\karinlaky_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} file:///D:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.1)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - D:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - D:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\karinlaky_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\karinlaky_ON_D Winlogon: Shell - (C:\Users\karinlaky\AppData\Roaming\AltShell.dat) - D:\Users\karinlaky\AppData\Roaming\AltShell.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{27e04950-1048-11df-8ca0-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{27e04950-1048-11df-8ca0-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27e04953-1048-11df-8ca0-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{27e04953-1048-11df-8ca0-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{437506af-171f-11df-ba3b-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{437506af-171f-11df-ba3b-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{437506b4-171f-11df-ba3b-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{437506b4-171f-11df-ba3b-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{616f5b1a-38f9-11df-95e1-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{616f5b1a-38f9-11df-95e1-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{616f5b1c-38f9-11df-95e1-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{616f5b1c-38f9-11df-95e1-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cac3bf18-7c6f-11df-8178-f269e4a4aa22}\Shell - "" = AutoRun
O33 - MountPoints2\{cac3bf18-7c6f-11df-8178-f269e4a4aa22}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cac3bf1b-7c6f-11df-8178-f269e4a4aa22}\Shell - "" = AutoRun
O33 - MountPoints2\{cac3bf1b-7c6f-11df-8178-f269e4a4aa22}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6e80e46-1017-11df-a732-0026c61af248}\Shell - "" = AutoRun
O33 - MountPoints2\{e6e80e46-1017-11df-a732-0026c61af248}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/26 13:10:30 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/16 15:38:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/05/16 15:38:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/05/16 15:38:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/05/16 15:38:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/05/16 15:38:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/05/16 15:38:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/05/16 15:38:43 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/05/16 15:38:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/05/16 15:38:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/05/16 15:38:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/16 15:38:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 15:38:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/05/16 15:38:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/05/16 15:38:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/05/16 15:38:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/05/16 15:38:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/05/16 15:38:40 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/05/16 14:25:07 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/05/16 14:25:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/05/16 14:25:05 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/05/16 14:25:05 | 000,111,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/05/16 12:02:07 | 000,265,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/05/16 12:02:07 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2013/05/16 11:57:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
[2013/04/29 21:59:51 | 001,509,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/04/29 21:59:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/04/29 21:59:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/04/29 21:59:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/04/29 21:59:51 | 001,054,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/04/29 21:59:51 | 000,905,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/04/29 21:59:51 | 000,762,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/04/29 21:59:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/29 21:59:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/04/29 21:59:51 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/04/29 21:59:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/04/29 21:59:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/04/29 21:59:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/04/29 21:59:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/04/29 21:59:51 | 000,281,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/04/29 21:59:51 | 000,235,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/04/29 21:59:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/04/29 21:59:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/04/29 21:59:51 | 000,226,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/04/29 21:59:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/04/29 21:59:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/04/29 21:59:51 | 000,185,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/04/29 21:59:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/04/29 21:59:51 | 000,167,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/04/29 21:59:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/04/29 21:59:51 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/04/29 21:59:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/04/29 21:59:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/04/29 21:59:51 | 000,144,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/04/29 21:59:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/04/29 21:59:51 | 000,137,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/04/29 21:59:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/04/29 21:59:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/04/29 21:59:51 | 000,125,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/04/29 21:59:51 | 000,117,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/04/29 21:59:51 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/04/29 21:59:51 | 000,102,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/04/29 21:59:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/04/29 21:59:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/04/29 21:59:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/04/29 21:59:51 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/04/29 21:59:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/04/29 21:59:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/29 21:59:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/04/29 21:59:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/04/29 21:59:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/04/29 21:59:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/04/29 21:59:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/04/29 21:59:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/04/29 21:59:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/04/29 21:59:51 | 000,027,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/04/29 21:59:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/04/29 21:59:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/04/29 21:59:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/04/29 21:59:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/04/29 21:59:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/04/29 21:59:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/04/29 21:58:49 | 003,928,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/04/29 21:58:49 | 003,419,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2013/04/29 21:58:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/04/29 21:58:49 | 002,565,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/04/29 21:58:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msmpeg2vdec.dll
[2013/04/29 21:58:49 | 001,988,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2013/04/29 21:58:49 | 001,887,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/04/29 21:58:49 | 001,682,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/04/29 21:58:49 | 001,643,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/04/29 21:58:49 | 001,504,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d11.dll
[2013/04/29 21:58:49 | 001,424,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecs.dll
[2013/04/29 21:58:49 | 001,247,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2013/04/29 21:58:49 | 001,238,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/04/29 21:58:49 | 001,158,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2013/04/29 21:58:49 | 001,080,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10.dll
[2013/04/29 21:58:49 | 000,648,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/04/29 21:58:49 | 000,604,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10level9.dll
[2013/04/29 21:58:49 | 000,522,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/04/29 21:58:49 | 000,465,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/04/29 21:58:49 | 000,417,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMPhoto.dll
[2013/04/29 21:58:49 | 000,364,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2013/04/29 21:58:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/04/29 21:58:49 | 000,333,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/04/29 21:58:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/04/29 21:58:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxgi.dll
[2013/04/29 21:58:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2013/04/29 21:58:49 | 000,245,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/04/29 21:58:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/04/29 21:58:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10core.dll
[2013/04/29 21:58:49 | 000,207,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WindowsCodecsExt.dll
[2013/04/29 21:58:49 | 000,194,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/04/29 21:58:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\UIAnimation.dll
[2013/04/29 21:58:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2013/04/29 21:58:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/29 21:58:49 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/29 21:58:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/29 21:58:49 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2009/08/22 04:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- D:\ProgramData\FullRemove.exe
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/27 14:37:46 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/05/27 14:37:40 | 000,196,608 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2013/05/27 14:37:32 | 000,000,004 | ---- | M] () -- D:\Users\karinlaky\AppData\Roaming\AltShell.ini
[2013/05/27 14:37:03 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 14:35:42 | 3217,235,968 | -HS- | M] () -- D:\hiberfil.sys
[2013/05/26 13:12:18 | 000,017,600 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 13:12:18 | 000,017,600 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 13:10:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/26 13:00:12 | 000,000,352 | ---- | M] () -- D:\Windows\tasks\Acer Registration Data Sending.job
[2013/05/26 12:36:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/26 01:23:00 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 01:12:19 | 000,654,852 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/05/26 01:12:19 | 000,616,694 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/05/26 01:12:19 | 000,130,434 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/05/26 01:12:19 | 000,106,816 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/05/18 00:37:02 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 00:37:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/17 20:26:39 | 000,435,760 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/04/29 21:59:51 | 001,509,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/04/29 21:59:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/04/29 21:59:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/04/29 21:59:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/04/29 21:59:51 | 001,054,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/04/29 21:59:51 | 000,905,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/04/29 21:59:51 | 000,762,368 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/04/29 21:59:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/29 21:59:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/04/29 21:59:51 | 000,599,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/04/29 21:59:51 | 000,452,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/04/29 21:59:51 | 000,441,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/04/29 21:59:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/04/29 21:59:51 | 000,357,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/04/29 21:59:51 | 000,281,600 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/04/29 21:59:51 | 000,235,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/04/29 21:59:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/04/29 21:59:51 | 000,226,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/04/29 21:59:51 | 000,226,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/04/29 21:59:51 | 000,216,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/04/29 21:59:51 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/04/29 21:59:51 | 000,185,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/04/29 21:59:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/04/29 21:59:51 | 000,167,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/04/29 21:59:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/04/29 21:59:51 | 000,158,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/04/29 21:59:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/04/29 21:59:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/04/29 21:59:51 | 000,144,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/04/29 21:59:51 | 000,138,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/04/29 21:59:51 | 000,137,216 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/04/29 21:59:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/04/29 21:59:51 | 000,135,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/04/29 21:59:51 | 000,125,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/04/29 21:59:51 | 000,117,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/04/29 21:59:51 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/04/29 21:59:51 | 000,102,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/04/29 21:59:51 | 000,097,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/04/29 21:59:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/04/29 21:59:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/04/29 21:59:51 | 000,081,408 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/04/29 21:59:51 | 000,079,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/04/29 21:59:51 | 000,073,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/29 21:59:51 | 000,069,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/04/29 21:59:51 | 000,062,976 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/04/29 21:59:51 | 000,061,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/04/29 21:59:51 | 000,057,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/04/29 21:59:51 | 000,051,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/04/29 21:59:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/04/29 21:59:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/04/29 21:59:51 | 000,038,400 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/04/29 21:59:51 | 000,027,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/04/29 21:59:51 | 000,025,185 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/04/29 21:59:51 | 000,025,185 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2013/04/29 21:59:51 | 000,023,040 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/04/29 21:59:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/04/29 21:59:51 | 000,012,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/04/29 21:59:51 | 000,011,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/04/29 21:59:50 | 000,077,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/04/29 21:58:49 | 003,928,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d2d1.dll
[2013/04/29 21:58:49 | 003,419,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d2d1.dll
[2013/04/29 21:58:49 | 002,776,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msmpeg2vdec.dll
[2013/04/29 21:58:49 | 002,565,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10warp.dll
[2013/04/29 21:58:49 | 002,284,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msmpeg2vdec.dll
[2013/04/29 21:58:49 | 001,988,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10warp.dll
[2013/04/29 21:58:49 | 001,887,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll
[2013/04/29 21:58:49 | 001,682,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsPrint.dll
[2013/04/29 21:58:49 | 001,643,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DWrite.dll
[2013/04/29 21:58:49 | 001,504,768 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d11.dll
[2013/04/29 21:58:49 | 001,424,384 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecs.dll
[2013/04/29 21:58:49 | 001,247,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\DWrite.dll
[2013/04/29 21:58:49 | 001,238,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10.dll
[2013/04/29 21:58:49 | 001,158,144 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsPrint.dll
[2013/04/29 21:58:49 | 001,080,832 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10.dll
[2013/04/29 21:58:49 | 000,648,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10level9.dll
[2013/04/29 21:58:49 | 000,604,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10level9.dll
[2013/04/29 21:58:49 | 000,522,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\XpsGdiConverter.dll
[2013/04/29 21:58:49 | 000,465,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WMPhoto.dll
[2013/04/29 21:58:49 | 000,417,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\WMPhoto.dll
[2013/04/29 21:58:49 | 000,364,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\XpsGdiConverter.dll
[2013/04/29 21:58:49 | 000,363,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxgi.dll
[2013/04/29 21:58:49 | 000,333,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1core.dll
[2013/04/29 21:58:49 | 000,296,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10core.dll
[2013/04/29 21:58:49 | 000,293,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxgi.dll
[2013/04/29 21:58:49 | 000,249,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1core.dll
[2013/04/29 21:58:49 | 000,245,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecsExt.dll
[2013/04/29 21:58:49 | 000,221,184 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\UIAnimation.dll
[2013/04/29 21:58:49 | 000,220,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10core.dll
[2013/04/29 21:58:49 | 000,207,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\WindowsCodecsExt.dll
[2013/04/29 21:58:49 | 000,194,560 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\d3d10_1.dll
[2013/04/29 21:58:49 | 000,187,392 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\UIAnimation.dll
[2013/04/29 21:58:49 | 000,161,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\d3d10_1.dll
[2013/04/29 21:58:49 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/29 21:58:49 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/29 21:58:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/04/29 21:58:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/04/29 21:58:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/26 01:29:52 | 000,000,004 | ---- | C] () -- D:\Users\karinlaky\AppData\Roaming\AltShell.ini
[2013/04/29 21:59:51 | 000,025,185 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/04/29 21:59:51 | 000,025,185 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2012/12/18 05:06:10 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2012/12/18 05:06:06 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 05:06:06 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 05:06:06 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 05:06:06 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/15 13:34:25 | 000,031,232 | ---- | C] () -- D:\Users\karinlaky\AppData\Roaming\AltShell.dat
[2011/07/27 10:42:53 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2011/07/04 12:29:54 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/12 12:26:31 | 001,527,912 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/21 03:20:46 | 000,000,246 | ---- | C] () -- D:\Windows\PhEdit.INI
[2010/08/20 12:26:28 | 000,111,932 | ---- | C] () -- D:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/08/20 12:26:28 | 000,031,053 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern131.dat
[2010/08/20 12:26:28 | 000,027,417 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern121.dat
[2010/08/20 12:26:28 | 000,026,154 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern1.dat
[2010/08/20 12:26:28 | 000,024,903 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern3.dat
[2010/08/20 12:26:28 | 000,021,390 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern5.dat
[2010/08/20 12:26:28 | 000,020,148 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern2.dat
[2010/08/20 12:26:28 | 000,011,811 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern4.dat
[2010/08/20 12:26:28 | 000,004,943 | ---- | C] () -- D:\Windows\SysWow64\EPPICPattern6.dat
[2010/08/20 12:26:28 | 000,001,146 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/08/20 12:26:28 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/08/20 12:26:28 | 000,001,139 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/08/20 12:26:28 | 000,001,136 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/08/20 12:26:28 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/08/20 12:26:28 | 000,001,129 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/08/20 12:26:28 | 000,001,120 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/08/20 12:26:28 | 000,001,107 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/08/20 12:26:28 | 000,001,104 | ---- | C] () -- D:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/08/20 12:26:28 | 000,000,097 | ---- | C] () -- D:\Windows\SysWow64\PICSDK.ini
[2010/03/16 12:48:39 | 000,000,179 | ---- | C] () -- D:\Windows\maxlink.ini
[2010/03/16 12:48:29 | 000,012,126 | ---- | C] () -- D:\Windows\SysWow64\Pixpcz.dll
[2010/03/16 12:48:29 | 000,011,934 | ---- | C] () -- D:\Windows\SysWow64\Pixpnr.dll
[2010/03/16 12:48:29 | 000,004,528 | ---- | C] () -- D:\Windows\SysWow64\Setbrows.exe
[2010/03/16 12:33:03 | 000,000,314 | ---- | C] () -- D:\Windows\ulead32.ini
[2009/10/30 09:52:07 | 000,001,916 | ---- | C] () -- D:\Windows\WPatchProgress.ini
[2009/10/30 01:50:23 | 000,000,033 | ---- | C] () -- D:\Windows\LaunApp.ini
[2009/10/30 01:33:55 | 000,626,688 | ---- | C] () -- D:\Windows\Image.dll
[2009/10/30 01:33:55 | 000,200,704 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2009/10/30 01:33:55 | 000,020,480 | ---- | C] () -- D:\Windows\USB_VIDEO_REG.exe
[2009/10/30 01:33:55 | 000,000,323 | ---- | C] () -- D:\Windows\PidList.ini
[2009/08/22 02:01:23 | 000,872,448 | ---- | C] () -- D:\Windows\iconv.dll
[2009/08/22 02:01:23 | 000,743,424 | ---- | C] () -- D:\Windows\libxml2.dll
[2009/08/22 02:01:21 | 000,000,193 | ---- | C] () -- D:\Windows\Prelaunch.ini
[2009/08/22 02:01:21 | 000,000,166 | ---- | C] () -- D:\Windows\WisLangCode.ini
[2009/08/22 02:01:21 | 000,000,147 | ---- | C] () -- D:\Windows\WisPriority.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- D:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- D:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2013/04/23 12:18:07 | 000,000,000 | ---D | M] -- D:\ProgramData\1&1 Mail & Media GmbH
[2011/06/04 08:03:59 | 000,000,000 | ---D | M] -- D:\ProgramData\1und1InternetExplorerAddon
[2009/08/22 01:41:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/02/02 11:15:29 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2009/08/22 04:56:16 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2011/06/04 08:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\DesktopIcons
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/02/02 11:15:29 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/03/16 13:09:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Driver Whiz
[2009/10/30 01:30:35 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec
[2009/08/22 06:30:37 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/02/02 11:15:29 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2009/10/30 01:41:48 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2010/08/20 12:31:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Panasonic
[2010/03/07 04:29:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2012/03/08 06:08:24 | 000,000,000 | ---D | M] -- D:\ProgramData\PictureMover
[2012/12/30 07:18:54 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/02/02 11:15:29 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/10/30 01:36:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/04/23 12:18:17 | 000,000,000 | ---D | M] -- D:\ProgramData\UUdb
[2011/04/18 08:51:53 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2010/02/02 11:15:29 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/05/26 13:00:12 | 000,000,352 | ---- | M] () -- D:\Windows\Tasks\Acer Registration Data Sending.job
[2013/05/24 07:03:25 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
28.05.2013, 11:04
| #14 |
| /// Malware-holic | Trojaner nicht vom Laptop entfernbar Hi, auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\karinlaky_ON_D Winlogon: Shell - (C:\Users\karinlaky\AppData\Roaming\AltShell.dat) - D:\Users\karinlaky\AppData\Roaming\AltShell.dat ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.05.2013, 17:55
| #15 |
| | Trojaner nicht vom Laptop entfernbar Hallo Markus ! Alles funktioniert bis zum letzten Punkt: nach dem einfügen des Textes lässt sich der Runfix Button nicht mehr drücken . Warum? LG Lakyluke |
|
| Themen zu Trojaner nicht vom Laptop entfernbar |
| befallen, befolgt, bildschirm, durchgeführt, entfernbar, erschein, erscheint, gen, herunter, hochfahren, kommt wieder, laptop, modus, nichts, oldtimer, otlpe, schei, schritte, seite, seiten, troja, trojaner, von selbst, weisser, weisser bildschirm, weiße |
