| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.02.2012, 20:43
| #16 |
 |  Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner So hier die neuen Logs: Hier mit LocalService als User: Code:
ATTFilter OTL logfile created on: 2/17/2012 7:54:13 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 452.66 Gb Total Space | 40.79 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
Drive E: | 3.64 Gb Total Space | 3.64 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/08 00:18:46 | 000,697,616 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/08 00:18:46 | 000,056,592 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/08 00:18:44 | 000,957,712 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2010/04/23 03:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 05:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- D:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/09 07:28:55 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/07 07:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/11/03 13:18:24 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/02 06:07:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 09:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/20 12:09:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2011/01/20 11:41:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/01/20 11:40:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/09/29 11:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/13 22:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/13 22:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- D:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 02:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/04/07 23:18:38 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto] -- D:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto] -- D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/07/02 06:07:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 06:07:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/24 18:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/10 01:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/04 10:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/16 10:29:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/06 02:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/02 02:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- D:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 02:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/08/10 03:38:50 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 03:38:50 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/08/10 03:38:40 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2010/08/10 03:38:40 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/07/29 20:35:08 | 001,588,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2010/04/19 03:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/23 06:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/21 04:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/02/10 02:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 01:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/02 05:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- D:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/16 09:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008/11/16 11:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/10/11 19:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/10/11 18:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2010/08/26 06:18:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/26 23:23:20] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/28 12:51:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/29 00:44:31] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2004/12/31 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\Michael_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.102.0: D:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: D:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 05:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/06 10:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 18:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/19 09:48:40 | 000,000,000 | ---D | M]
[2012/01/19 18:05:35 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- D:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/12/21 00:08:50 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 00:02:40 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:08:50 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 00:08:50 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 00:08:50 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 00:08:50 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Michael_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] D:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] D:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] D:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] D:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] D:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CvhbsL1vQSVXtmN] File not found
O4 - HKLM..\Run: [EgisTecPMMUpdate] D:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] D:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Module Loader] D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RemoteControl10] D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SuiteTray] D:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Michael_ON_D..\Run: [CvhbsL1vQSVXtmN] File not found
O4 - HKU\Michael_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Michael_ON_D..\Run: [ICQ] D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Michael_ON_D..\Run: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\Michael_ON_D..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Michael_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Michael_ON_D..\Run: [VeohPlugin] D:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Michael_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15:64bit: - Michael_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Michael_ON_D Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: CTRegRun - hkey= - key= - D:\Windows\Ctregrun.exe (Creative Technology Ltd )
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - D:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/02/17 18:42:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2012/02/17 18:42:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/02/17 13:06:47 | 004,406,994 | ---- | C] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2012/02/10 09:27:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/10 09:27:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\LogMeIn Hamachi
[2012/01/30 09:39:23 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{E3B7C889-E301-4DA0-9C86-0835AD31ED16}
[2012/01/30 09:39:12 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{B0A49A30-3C19-4BC9-B9E2-7381AAF4EA53}
[2012/01/20 16:37:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/19 14:48:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2012/01/19 14:48:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\webio.dll
[2012/01/19 14:48:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\webio.dll
[2012/01/19 14:48:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2012/01/19 14:48:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2012/01/19 14:48:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2010/06/28 17:42:29 | 000,049,464 | ---- | C] ( ) -- D:\Windows\AutosetFrequency.exe
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- D:\Users\Michael\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- D:\Users\Michael\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\bass.dll
========== Files - Modified Within 30 Days ==========
[2012/02/17 13:26:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/02/17 13:23:56 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 13:23:22 | 3113,254,912 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/17 13:07:01 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 13:06:56 | 004,406,994 | ---- | M] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2012/02/17 13:00:48 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:00:48 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 09:09:58 | 000,000,502 | -H-- | M] () -- D:\Windows\tasks\Norton Security Scan for Michael.job
[2012/02/10 13:32:19 | 000,000,313 | RH-- | M] () -- D:\Windows\ctfile.rfc
[2012/02/10 09:27:56 | 000,000,930 | ---- | M] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/02/10 09:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/01/31 13:30:07 | 000,708,018 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/01/31 13:30:07 | 000,661,596 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/01/31 13:30:07 | 000,153,320 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/01/31 13:30:07 | 000,125,528 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/01/22 12:14:04 | 000,015,404 | ---- | M] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 16:42:23 | 001,621,666 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/20 14:54:48 | 000,000,183 | ---- | M] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | M] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
========== Files Created - No Company Name ==========
[2012/02/06 11:42:06 | 000,000,930 | ---- | C] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/01/22 14:49:44 | 000,015,404 | ---- | C] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 14:54:48 | 000,000,183 | ---- | C] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | C] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
[2011/06/24 10:48:47 | 000,000,095 | ---- | C] () -- D:\Users\Michael\AppData\Local\fusioncache.dat
[2011/06/14 03:49:30 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/11 19:54:28 | 000,001,479 | ---- | C] () -- D:\Users\Michael\AppData\Local\RecConfig.xml
[2011/02/21 06:25:34 | 000,280,904 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/02/21 06:25:11 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/01/29 11:00:24 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2011/01/20 11:49:33 | 000,181,760 | ---- | C] () -- D:\Windows\SysWow64\APOMngr.DLL
[2011/01/20 11:49:33 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\CmdRtr.DLL
[2011/01/20 11:44:36 | 000,001,772 | ---- | C] () -- D:\ProgramData\cfSB1095.ini
[2011/01/04 10:10:56 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 10:10:56 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 10:10:56 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 10:10:56 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/08 13:35:15 | 000,004,608 | ---- | C] () -- D:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 15:27:34 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/10/15 13:51:07 | 000,118,073 | ---- | C] () -- D:\Windows\War3Unin.dat
[2010/09/30 09:26:20 | 000,000,064 | ---- | C] () -- D:\Windows\wininit.ini
[2010/09/22 05:04:38 | 000,188,799 | ---- | C] () -- D:\Windows\hpoins38.dat
[2010/09/22 04:28:44 | 001,621,666 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 11:34:47 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/06/28 17:42:29 | 000,632,056 | ---- | C] () -- D:\Windows\Image.dll
[2010/06/28 17:42:29 | 000,206,208 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/06/28 17:42:29 | 000,025,848 | ---- | C] () -- D:\Windows\USB_VIDEO_REG.exe
[2010/06/28 17:42:29 | 000,000,637 | ---- | C] () -- D:\Windows\AutoSetFrequency.ini
[2010/06/28 17:42:29 | 000,000,378 | ---- | C] () -- D:\Windows\PidList.ini
[2010/05/06 06:24:50 | 000,131,472 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2010/01/29 15:26:56 | 000,000,548 | ---- | C] () -- D:\Windows\hpomdl38.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- D:\Users\Michael\AppData\Local\lame_enc.dll
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- D:\Windows\SysWow64\DLLDEV32i.dll
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- D:\Users\Michael\AppData\Local\no23xwrapper.dll
[2005/04/06 10:27:14 | 000,237,568 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2005/04/06 10:24:40 | 001,216,512 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
========== LOP Check ==========
[2010/05/06 06:36:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/05/06 06:43:51 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2011/08/19 08:28:47 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2010/10/04 11:10:35 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2010/10/14 11:25:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2010/11/06 11:47:53 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/10/07 10:10:46 | 000,000,000 | ---D | M] -- D:\ProgramData\CMUV
[2010/10/16 10:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/10/27 13:10:18 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2010/06/28 17:33:23 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec IPS
[2011/11/03 11:53:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2010/05/06 06:32:36 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/03/16 19:45:03 | 000,000,000 | ---D | M] -- D:\ProgramData\MAGIX
[2010/05/06 06:31:18 | 000,000,000 | ---D | M] -- D:\ProgramData\OberonGameConsole
[2010/09/21 11:17:02 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2011/11/06 13:36:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2010/10/16 10:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2012/02/16 22:47:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/03/02 08:42:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Saitek
[2011/02/12 08:01:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2010/10/02 13:33:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/11/26 16:39:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/20 14:35:09 | 000,000,000 | ---D | M] -- D:\ProgramData\TrackMania
[2010/09/24 06:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/09/22 04:54:18 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/12/13 03:19:15 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/09/21 11:16:33 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011/01/02 00:06:06 | 000,000,000 | ---D | M] -- D:\AV_LOGS
[2010/06/28 17:33:32 | 000,000,000 | ---D | M] -- D:\book
[2012/02/10 09:27:59 | 000,000,000 | -H-D | M] -- D:\Config.Msi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011/10/31 06:51:05 | 000,000,000 | ---D | M] -- D:\Hotspot Shield
[2010/05/06 06:20:18 | 000,000,000 | ---D | M] -- D:\Intel
[2012/01/21 18:11:21 | 000,000,000 | ---D | M] -- D:\lol
[2011/08/22 21:25:24 | 000,000,000 | ---D | M] -- D:\Michael Persönlich
[2010/09/22 04:54:00 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2011/12/31 13:13:46 | 000,000,000 | ---D | M] -- D:\Musik von Mielkes
[2011/10/27 17:54:06 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2010/09/21 11:16:25 | 000,000,000 | -H-D | M] -- D:\OEM
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/11/10 16:45:14 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/02/10 09:27:55 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2011/11/06 13:37:17 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Programme
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011/10/27 11:08:45 | 000,000,000 | R--D | M] -- D:\Sandbox
[2012/01/16 13:52:02 | 000,000,000 | ---D | M] -- D:\Spiele
[2012/02/08 18:01:30 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011/01/09 14:41:14 | 000,000,000 | ---D | M] -- D:\Temp
[2010/09/21 11:14:52 | 000,000,000 | R--D | M] -- D:\Users
[2011/01/02 00:06:09 | 000,000,000 | ---D | M] -- D:\vcs5BGEffects
[2011/01/02 00:06:50 | 000,000,000 | ---D | M] -- D:\vcs5core
[2011/10/04 13:30:21 | 000,000,000 | ---D | M] -- D:\VWLUPO
[2012/02/17 18:42:54 | 000,000,000 | ---D | M] -- D:\Windows
[2012/02/17 12:56:28 | 000,000,000 | ---D | M] -- D:\_OTL
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\drivers\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_795c144097e6ce0c\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> D:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> D:\ProgramData\Temp:5D7E5A8F
< End of report >
|
|
17.02.2012, 20:44
| #17 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Hier mit Michael:
__________________Code:
ATTFilter OTL logfile created on: 2/17/2012 8:21:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.83 Mb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 452.66 Gb Total Space | 40.79 Gb Free Space | 9.01% Space Free | Partition Type: NTFS
Drive E: | 3.64 Gb Total Space | 3.64 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/08 00:18:46 | 000,697,616 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/08 00:18:46 | 000,056,592 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/08 00:18:44 | 000,957,712 | ---- | M] () [Auto] -- D:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2010/04/23 03:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 05:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- D:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/09 07:28:55 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/07 07:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/11/03 13:18:24 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/02 06:07:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 09:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/20 12:09:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2011/01/20 11:41:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/01/20 11:40:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/09/29 11:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- D:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/13 22:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/13 22:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand] -- D:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 02:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/04/07 23:18:38 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto] -- D:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto] -- D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/07/02 06:07:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 06:07:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/02 00:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 00:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 00:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/24 18:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/10 01:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/04 10:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- D:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/12/21 00:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 00:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/12/21 00:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/16 10:29:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/06 02:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/02 02:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- D:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 02:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/08/10 03:38:50 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 03:38:50 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/08/10 03:38:40 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2010/08/10 03:38:40 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/07/29 20:35:08 | 001,588,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2010/04/19 03:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/23 06:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/21 04:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/02/10 02:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 01:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/02 05:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- D:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- D:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/16 09:56:36 | 000,737,312 | ---- | M] (TechnoTrend GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64)
DRV:64bit: - [2008/11/16 11:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/10/11 19:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/10/11 18:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2010/08/26 06:18:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/26 23:23:20] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/28 12:51:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/29 00:44:31] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2004/12/31 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
IE - HKU\Michael_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\Michael_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: D:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.102.0: D:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: D:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: D:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 05:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/06 10:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 18:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/19 09:48:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/22 05:12:32 | 000,000,000 | ---D | M]
[2012/01/19 18:05:45 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/01/19 12:28:33 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\580bvisj.default\extensions
[2012/01/19 12:28:33 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\580bvisj.default\extensions\foxyproxy@eric.h.jung
[2012/01/19 18:05:35 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/12/21 02:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- D:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011/12/21 00:08:50 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 00:02:40 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:08:50 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 00:08:50 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 00:08:50 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 00:08:50 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - D:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\Michael_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] D:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] D:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [itype] D:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] D:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [ProfilerU] D:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] D:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CvhbsL1vQSVXtmN] File not found
O4 - HKLM..\Run: [EgisTecPMMUpdate] D:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] D:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Module Loader] D:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RemoteControl10] D:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SuiteTray] D:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Michael_ON_D..\Run: [CvhbsL1vQSVXtmN] File not found
O4 - HKU\Michael_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Michael_ON_D..\Run: [ICQ] D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Michael_ON_D..\Run: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\Michael_ON_D..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Michael_ON_D..\Run: [Pando Media Booster] D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Michael_ON_D..\Run: [VeohPlugin] D:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Michael_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15:64bit: - Michael_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Michael_ON_D Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - D:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: CTRegRun - hkey= - key= - D:\Windows\Ctregrun.exe (Creative Technology Ltd )
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - D:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - D:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/02/17 18:42:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2012/02/17 18:42:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/02/17 13:06:47 | 004,406,994 | ---- | C] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2012/02/10 09:27:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/10 09:27:55 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\LogMeIn Hamachi
[2012/01/30 09:39:23 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{E3B7C889-E301-4DA0-9C86-0835AD31ED16}
[2012/01/30 09:39:12 | 000,000,000 | ---D | C] -- D:\Users\Michael\AppData\Local\{B0A49A30-3C19-4BC9-B9E2-7381AAF4EA53}
[2012/01/20 16:37:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/01/19 14:48:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2012/01/19 14:48:01 | 000,395,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\webio.dll
[2012/01/19 14:48:01 | 000,314,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\webio.dll
[2012/01/19 14:48:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2012/01/19 14:48:01 | 000,029,184 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2012/01/19 14:48:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2010/06/28 17:42:29 | 000,049,464 | ---- | C] ( ) -- D:\Windows\AutosetFrequency.exe
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- D:\Users\Michael\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- D:\Users\Michael\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- D:\Users\Michael\AppData\Local\bass.dll
========== Files - Modified Within 30 Days ==========
[2012/02/17 13:26:45 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/02/17 13:23:56 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 13:23:22 | 3113,254,912 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/17 13:07:01 | 000,001,110 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 13:06:56 | 004,406,994 | ---- | M] (Swearware) -- D:\Users\Michael\Desktop\ComboFix.exe
[2012/02/17 13:00:48 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:00:48 | 000,009,696 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 09:09:58 | 000,000,502 | -H-- | M] () -- D:\Windows\tasks\Norton Security Scan for Michael.job
[2012/02/10 13:32:19 | 000,000,313 | RH-- | M] () -- D:\Windows\ctfile.rfc
[2012/02/10 09:27:56 | 000,000,930 | ---- | M] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/02/10 09:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/01/31 13:30:07 | 000,708,018 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/01/31 13:30:07 | 000,661,596 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/01/31 13:30:07 | 000,153,320 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/01/31 13:30:07 | 000,125,528 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/01/22 12:14:04 | 000,015,404 | ---- | M] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 16:42:23 | 001,621,666 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/20 14:54:48 | 000,000,183 | ---- | M] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | M] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
========== Files Created - No Company Name ==========
[2012/02/06 11:42:06 | 000,000,930 | ---- | C] () -- D:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/01/22 14:49:44 | 000,015,404 | ---- | C] () -- D:\Users\Michael\Desktop\Poster.odt
[2012/01/20 14:54:48 | 000,000,183 | ---- | C] () -- D:\Users\Michael\Desktop\Q.U.B.E..url
[2012/01/19 18:05:37 | 000,001,142 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 12:28:50 | 000,001,210 | ---- | C] () -- D:\Users\Michael\Desktop\Tcpview.exe - Verknüpfung.lnk
[2011/06/24 10:48:47 | 000,000,095 | ---- | C] () -- D:\Users\Michael\AppData\Local\fusioncache.dat
[2011/06/14 03:49:30 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/03/11 19:54:28 | 000,001,479 | ---- | C] () -- D:\Users\Michael\AppData\Local\RecConfig.xml
[2011/02/21 06:25:34 | 000,280,904 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/02/21 06:25:11 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/01/29 11:00:24 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2011/01/20 11:49:33 | 000,181,760 | ---- | C] () -- D:\Windows\SysWow64\APOMngr.DLL
[2011/01/20 11:49:33 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\CmdRtr.DLL
[2011/01/20 11:44:36 | 000,001,772 | ---- | C] () -- D:\ProgramData\cfSB1095.ini
[2011/01/04 10:10:56 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 10:10:56 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 10:10:56 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 10:10:56 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/08 13:35:15 | 000,004,608 | ---- | C] () -- D:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/02 15:27:34 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/10/15 13:51:07 | 000,118,073 | ---- | C] () -- D:\Windows\War3Unin.dat
[2010/09/30 09:26:20 | 000,000,064 | ---- | C] () -- D:\Windows\wininit.ini
[2010/09/22 05:04:38 | 000,188,799 | ---- | C] () -- D:\Windows\hpoins38.dat
[2010/09/22 04:28:44 | 001,621,666 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/21 11:34:47 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/06/28 17:42:29 | 000,632,056 | ---- | C] () -- D:\Windows\Image.dll
[2010/06/28 17:42:29 | 000,206,208 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/06/28 17:42:29 | 000,025,848 | ---- | C] () -- D:\Windows\USB_VIDEO_REG.exe
[2010/06/28 17:42:29 | 000,000,637 | ---- | C] () -- D:\Windows\AutoSetFrequency.ini
[2010/06/28 17:42:29 | 000,000,378 | ---- | C] () -- D:\Windows\PidList.ini
[2010/05/06 06:24:50 | 000,131,472 | ---- | C] () -- D:\ProgramData\FullRemove.exe
[2010/01/29 15:26:56 | 000,000,548 | ---- | C] () -- D:\Windows\hpomdl38.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- D:\Users\Michael\AppData\Local\lame_enc.dll
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- D:\Windows\SysWow64\DLLDEV32i.dll
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- D:\Users\Michael\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- D:\Users\Michael\AppData\Local\no23xwrapper.dll
[2005/04/06 10:27:14 | 000,237,568 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2005/04/06 10:24:40 | 001,216,512 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
========== LOP Check ==========
[2010/05/06 06:36:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/05/06 06:43:51 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2011/08/19 08:28:47 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2010/10/04 11:10:35 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2010/10/14 11:25:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2010/11/06 11:47:53 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/10/07 10:10:46 | 000,000,000 | ---D | M] -- D:\ProgramData\CMUV
[2010/10/16 10:27:56 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/10/27 13:10:18 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2010/06/28 17:33:23 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec IPS
[2011/11/03 11:53:59 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2010/05/06 06:32:36 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/03/16 19:45:03 | 000,000,000 | ---D | M] -- D:\ProgramData\MAGIX
[2010/05/06 06:31:18 | 000,000,000 | ---D | M] -- D:\ProgramData\OberonGameConsole
[2010/09/21 11:17:02 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2011/11/06 13:36:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2010/10/16 10:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2012/02/16 22:47:07 | 000,000,000 | ---D | M] -- D:\ProgramData\PMB Files
[2011/03/02 08:42:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Saitek
[2011/02/12 08:01:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2010/10/02 13:33:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/11/26 16:39:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/08/20 14:35:09 | 000,000,000 | ---D | M] -- D:\ProgramData\TrackMania
[2010/09/24 06:03:58 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualizedApplications
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2010/09/22 04:54:18 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/12/13 03:19:15 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010/09/21 11:16:33 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011/01/02 00:06:06 | 000,000,000 | ---D | M] -- D:\AV_LOGS
[2010/06/28 17:33:32 | 000,000,000 | ---D | M] -- D:\book
[2012/02/10 09:27:59 | 000,000,000 | -H-D | M] -- D:\Config.Msi
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011/10/31 06:51:05 | 000,000,000 | ---D | M] -- D:\Hotspot Shield
[2010/05/06 06:20:18 | 000,000,000 | ---D | M] -- D:\Intel
[2012/01/21 18:11:21 | 000,000,000 | ---D | M] -- D:\lol
[2011/08/22 21:25:24 | 000,000,000 | ---D | M] -- D:\Michael Persönlich
[2010/09/22 04:54:00 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2011/12/31 13:13:46 | 000,000,000 | ---D | M] -- D:\Musik von Mielkes
[2011/10/27 17:54:06 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2010/09/21 11:16:25 | 000,000,000 | -H-D | M] -- D:\OEM
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011/11/10 16:45:14 | 000,000,000 | R--D | M] -- D:\Program Files
[2012/02/10 09:27:55 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2011/11/06 13:37:17 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Programme
[2010/09/21 11:14:45 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011/10/27 11:08:45 | 000,000,000 | R--D | M] -- D:\Sandbox
[2012/01/16 13:52:02 | 000,000,000 | ---D | M] -- D:\Spiele
[2012/02/08 18:01:30 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011/01/09 14:41:14 | 000,000,000 | ---D | M] -- D:\Temp
[2010/09/21 11:14:52 | 000,000,000 | R--D | M] -- D:\Users
[2011/01/02 00:06:09 | 000,000,000 | ---D | M] -- D:\vcs5BGEffects
[2011/01/02 00:06:50 | 000,000,000 | ---D | M] -- D:\vcs5core
[2011/10/04 13:30:21 | 000,000,000 | ---D | M] -- D:\VWLUPO
[2012/02/17 18:42:54 | 000,000,000 | ---D | M] -- D:\Windows
[2012/02/17 12:56:28 | 000,000,000 | ---D | M] -- D:\_OTL
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 05:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 05:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\drivers\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010/04/12 20:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- D:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_795c144097e6ce0c\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> D:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 132 bytes -> D:\ProgramData\Temp:5D7E5A8F
< End of report >
 |
|
17.02.2012, 20:47
| #18 |
| /// Malware-holic   | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
__________________rein: Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Michael_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
O20 - HKU\Michael_ON_D Winlogon: Shell - (C:\Users\Michael\AppData\Roaming\y4w5uyh5.exe) - File not found
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ |
|
17.02.2012, 21:05
| #19 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Leider hat sich keine otl.txt geöffnet aber wenn du die in C: meinst dann ist das diesselbe wie im post #17 Jetzt konnte ich aber die Icons aktivieren. Soll ich jetzt mit ComboFix weiter machen? |
|
17.02.2012, 21:08
| #20 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner jepp so siehts aus :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 21:38
| #21 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Ich habe jetzt das Problem, das wenn ich eine .txt datei öffnen möchte er sagt: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde" Es passiert bei jeder Datei die Ich versuche auszuführen |
|
17.02.2012, 21:41
| #22 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner starte mal neu, dann gehts wieder.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2012, 21:48
| #23 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner So, hier der ComboFix Log: Code:
ATTFilter ComboFix 12-02-17.02 - Michael 17.02.2012 21:16:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2480 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Michael\AppData\Local\lame_enc.dll
c:\users\Michael\AppData\Local\no23xwrapper.dll
c:\users\Michael\AppData\Local\ogg.dll
c:\users\Michael\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Michael\AppData\Local\vorbis.dll
c:\users\Michael\AppData\Local\vorbisenc.dll
c:\users\Michael\AppData\Local\vorbisfile.dll
c:\users\Michael\cisco-vpnclient-win64-msi-5.0.07.0290-k9-FSUJ.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\User
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-17 bis 2012-02-17 ))))))))))))))))))))))))))))))
.
.
2012-02-17 23:42 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-02-17 23:42 . 2012-02-17 17:56 -------- d-----w- C:\_OTL
2012-02-17 20:23 . 2012-02-17 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-10 14:27 . 2012-02-10 14:27 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-01-20 21:37 . 2012-01-20 21:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-19 19:48 . 2011-11-17 06:49 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 20:08 . 2012-01-03 20:08 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-03 20:08 . 2011-06-07 11:35 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-15 21:10 . 2011-07-20 00:33 1248080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-24 04:52 . 2011-12-15 11:01 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-06 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 135664]
R3 ALSysIO;ALSysIO;c:\users\Michael\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-20 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-01-20 79360]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 135664]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/11/26 23:23];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 11:18 146928]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/29 00:44];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-04-28 17:51 146928]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 16:22]
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21 16:22]
.
2012-02-16 c:\windows\Tasks\Norton Security Scan for Michael.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-08 00:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-07-29 115712]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360910n205l04h4z1j5t4602q582
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\iycr6gkc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-CvhbsL1vQSVXtmN - c:\users\Michael\AppData\Roaming\y4w5uyh5.exe
Wow6432Node-HKLM-Run-CvhbsL1vQSVXtmN - c:\users\Michael\AppData\Roaming\y4w5uyh5.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-CraftBukkit - c:\users\Michael\Desktop\Mincraft Server 1.8.1\Uninstall.exe
AddRemove-DTV_1.0 - c:\windows\iun6002.exe
AddRemove-Fraps - c:\spiele\Neuer Ordner\Fraps\Fraps\uninstall.exe
AddRemove-Steam App 220 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 28020 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 380 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 400 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 420 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 42700 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 42710 - e:\spiele\Steam\steam.exe
AddRemove-Steam App 440 - e:\spiele\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4286016473-531458302-606178610-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4286016473-531458302-606178610-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-17 21:32:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-17 20:32
.
Vor Suchlauf: 21 Verzeichnis(se), 51.788.062.720 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 51.291.328.512 Bytes frei
.
- - End Of File - - A49847CA7A2ADEB6074698819E539171
|
|
18.02.2012, 01:16
| #24 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Ich habe mit Malwarebytes auch noch einen kompletten Scan gestartet. Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.17.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Michael :: MICHAELS-PC [Administrator] 17.02.2012 23:47:36 mbam-log-2012-02-18 (01-13-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 496200 Laufzeit: 1 Stunde(n), 25 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles\02172012_184249\D_Users\Michael\AppData\Roaming\dwlGina3.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\_OTL\MovedFiles\02172012_184249\D_Users\Michael\AppData\Roaming\y4w5uyh5.exe (Heuristics.Shuriken) -> Keine Aktion durchgeführt. (Ende) Wie soll ich mit ihnen weiter vorgehen? Geändert von moc (18.02.2012 um 01:28 Uhr) |
|
18.02.2012, 11:25
| #25 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, melden bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2012, 15:53
| #26 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Ist alles gemacht, war aber auch schon so eingestellt |
|
18.02.2012, 15:56
| #27 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner hast du also den internet explorer 9 jetzt auch instaliert? lade den CCleaner standard: CCleaner Download - CCleaner 3.15.1643 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2012, 16:31
| #28 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Bei manchen Sachen konnte ich nicht genau sagen ob ich sie wirklich benötige aber ich denke sie sollten nicht runter :P Genau so bei spielen... Man benötigt sie nicht, aber ich würd sie schon gerne behalten Code:
ATTFilter Acer Backup Manager NewTech Infosystems 05.05.2010 27,2MB 2.0.0.60 Acer Crystal Eye Webcam Suyin Optronics Corp 28.06.2010 5.2.11.2 Acer ePower Management Acer Incorporated 28.06.2010 5.00.3004 Acer eRecovery Management Acer Incorporated 05.05.2010 4.05.3011 Acer GameZone Console Oberon Media, Inc. 05.05.2010 6.1.0.2 Acer Registration Acer Incorporated 27.06.2010 1.03.3003 Acer ScreenSaver Acer Incorporated 27.06.2010 1.1.0412.2010 Acer Updater Acer Incorporated 05.05.2010 1.02.3001 Acrobat.com Adobe Systems Incorporated 05.05.2010 1,61MB 1.6.65 Adobe AIR Adobe Systems Inc. 05.05.2010 1.5.0.7220 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 31.10.2010 6,00MB 10.1.85.3 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 16.02.2012 6,00MB 11.1.102.62 Adobe Reader 9.4.4 MUI Adobe Systems Incorporated 07.06.2011 655MB 9.4.4 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 24.04.2011 11.5.9.620 Amazonia Oberon Media 27.06.2010 UNBEKANNT Apple Application Support Apple Inc. 09.11.2011 61,2MB 2.1.5 BENÖTIGT Apple Mobile Device Support Apple Inc. 09.11.2011 24,4MB 4.0.0.96 BENÖTIGT Apple Software Update Apple Inc. 03.09.2011 2,38MB 2.1.3.127 BENÖTIGT Audacity 1.2.6 26.10.2011 AV VoizGame 01.01.2011 UNBEKANNT Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 70,6MB 10.2.0.707 AVM FRITZ!Box Dokumentation AVM Berlin 14.10.2010 Battlefield 3™ Electronic Arts 02.11.2011 1.0.0.0 Battlelog Web Plugins EA Digital Illusions CE AB 05.11.2011 1.102.0 Bonjour Apple Inc. 09.11.2011 2,08MB 3.0.0.10 Broadcom Gigabit NetLink Controller Broadcom Corporation 05.05.2010 0,37MB 12.52.04 Cake Mania Oberon Media 27.06.2010 Call of Duty: Black Ops Treyarch 16.11.2010 Call of Duty: Black Ops - Multiplayer Treyarch 16.11.2010 Canon IJ Network Scan Utility 03.10.2010 Canon IJ Network Tool 03.10.2010 Canon MP Navigator EX 3.0 03.10.2010 Canon MP560 series Benutzerregistrierung 03.10.2010 Canon MP560 series MP Drivers 03.10.2010 Canon Utilities Easy-PhotoPrint EX 03.10.2010 Canon Utilities My Printer 03.10.2010 Canon Utilities Solution Menu 03.10.2010 CCleaner Piriform 17.02.2012 3.15 Chicken Invaders 2 Oberon Media 27.06.2010 Cisco Systems VPN Client 5.0.07.0290 20.10.2010 10,8MB Core Temp version 0.99.8 Arthur Liberman 19.02.2011 1,79MB 0.99.8 Counter-Strike: Source Valve 20.09.2010 4.597MB 1.0.0.0 CraftBukkit 02.01.2012 Creative Media Toolbox 6 Creative Technology Limited 19.01.2011 6.02 Creative Media Toolbox 6 (Shared Components) Creative Labs 19.01.2011 2.80.12 Creative Systeminformationen Creative Technology Limited 19.01.2011 1.10 Creative WaveStudio 7 Creative Technology Limited 19.01.2011 7.12 CyberLink PowerDVD 10 CyberLink Corp. 25.11.2010 242MB 10.0.2113 CyberLink PowerDVD 9 CyberLink Corp. 28.06.2010 167,9MB 9.0.2829.50 DAEMON Tools Toolbar DT Soft Ltd 15.10.2010 1.1.2.0185 Dairy Dash Oberon Media 27.06.2010 Dolby Digital Live Pack Creative Technology Limited 19.01.2011 3.01 Dream Day First Home Oberon Media 27.06.2010 DVB-T USB 2.0 05.05.2010 BENÖTIGT eBay Worldwide OEM 20.09.2010 100,00KB 2.1.0901 UNBEKANNT ESN Sonar ESN Social Software AB 05.11.2011 0.70.4 UNBEKANNT eSobi v2 esobi Inc. 05.05.2010 20,4MB 2.0.4.000274 Farm Frenzy 2 Oberon Media 27.06.2010 FL Studio 10 Image-Line 22.11.2011 Fraps (remove only) 06.06.2011 Galapago Oberon Media 27.06.2010 Google Toolbar for Internet Explorer Google Inc. 09.01.2012 7.2.2427.2330 Grand Prix 4 06.08.2011 Granny In Paradise Oberon Media 27.06.2010 GSAK 7.7.3.53 (Final) CWE computer services 14.09.2011 BENÖTIGT Half-Life 2 Valve 04.11.2010 Half-Life 2: Episode One Valve 04.11.2010 Half-Life 2: Episode Two Valve 04.11.2010 Heroes of Hellas Oberon Media 27.06.2010 HP Customer Participation Program 14.0 HP 21.09.2010 14.0 HP Imaging Device Functions 14.0 HP 21.09.2010 14.0 HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 HP 21.09.2010 14.0 HP Smart Web Printing 4.60 HP 21.09.2010 4.60 HP Solution Center 14.0 HP 21.09.2010 14.0 HP Update Hewlett-Packard 21.09.2010 2,97MB 5.002.002.002 Identity Card Acer Incorporated 27.06.2010 1.00.3003 IL Download Manager Image-Line 22.11.2011 Intel(R) Management Engine Components Intel Corporation 06.05.2010 6.0.0.1179 Intel(R) Rapid Storage Technology Intel Corporation 29.06.2010 9.6.2.1001 Intel(R) Turbo Boost Technology Driver Intel Corporation 29.06.2010 01.01.01.1007 iRemote BOJA Consulting 18.07.2011 14,0MB 2.10.0000 UNBEKANNT iTunes Apple Inc. 09.11.2011 169,5MB 10.5.0.142 Java(TM) 6 Update 25 (64-bit) Oracle 06.06.2011 91,4MB 6.0.250 Java(TM) 6 Update 26 Oracle 21.09.2010 97,0MB 6.0.260 Java(TM) 7 Update 2 (64-bit) Oracle 02.01.2012 93,6MB 7.0.20 JDownloader AppWork UG (haftungsbeschränkt) 15.10.2010 UNBEKANNT Kane & Lynch 2: Dog Days Demo IO Interactive 23.09.2010 Launch Manager Acer Inc. 27.06.2010 4.0.8 League of Legends Riot Games 28.09.2011 1.02.0000 LogMeIn Hamachi LogMeIn, Inc. 09.02.2012 2.1.0.159 MAGIX Foto Designer 7 MAGIX AG 16.03.2011 7.0.1.1 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 16.02.2012 17,4MB 1.60.1.1000 Microsoft .NET Framework 1.1 23.06.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.05.2011 38,8MB 4.0.30320 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.01.2012 2,94MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 19.01.2012 52,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 19.01.2012 10,7MB 4.0.30319 Microsoft IntelliType Pro 8.0 Microsoft 20.09.2010 34,9MB 8.0.225.0 Microsoft Office 2010 Microsoft Corporation 28.06.2010 6,31MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 21.09.2010 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 21.09.2010 14.0.4763.1000 Microsoft PowerPoint Viewer Microsoft Corporation 17.02.2012 196,2MB 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 17.02.2012 168,5MB 4.1.10111.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.06.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 08.10.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.09.2010 0,24MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.06.2011 2,38MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.10.2010 3,84MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 24.04.2011 0,57MB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 21.09.2010 0,20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 24.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.05.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 28.10.2011 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.10.2011 15,0MB 10.0.40219 Mirror's Edge DICE 22.04.2011 Mozilla Firefox 9.0.1 (x86 de) Mozilla 19.01.2012 38,4MB 9.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.09.2010 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.09.2010 1,39MB 4.20.9876.0 My Game Long Name Epic Games, Inc. 19.01.2012 MyWinLocker Suite Egis Technology Inc. 05.05.2010 2,20MB 3.1.210.0 Need for Speed™ Most Wanted 15.11.2010 No23 Recorder No23 10.03.2011 2,44MB 2.1.0.3 Norton Online Backup Symantec 05.05.2010 2,09MB 1.2.0.36 Norton Security Scan Symantec Corporation 07.11.2010 2.7.3.34 NTI Backup Now 5 NewTech Infosystems 05.05.2010 466MB 5.1.2.628 NTI Media Maker 8 NewTech Infosystems 05.05.2010 771MB 8.0.12.6630 NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 27.10.2011 285.62 NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 27.10.2011 1.2.24.0 NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 27.10.2011 9.11.0621 Opera 11.61 Opera Software ASA 24.01.2012 11.61.1250 Origin Electronic Arts, Inc. 22.12.2011 8.3.7.3619 OutlookAddInNet3Setup Samsung 07.01.2011 2,59MB 1.0.0 Paintball2 Alpha build 30 Digital Paint 05.02.2011 Alpha build 30 Pando Media Booster Pando Networks Inc. 19.08.2011 5,47MB 2.3.6.0 PlayReady PC Runtime amd64 Microsoft Corporation 15.10.2010 2,06MB 1.3.0 PokerStars.net PokerStars.net 22.10.2010 Portal Valve 04.11.2010 Portal 2 Valve 18.04.2011 PunkBuster Services Even Balance, Inc. 26.10.2011 0.991 Q.U.B.E. 19.01.2012 QuickTime Apple Inc. 09.11.2011 73,3MB 7.71.80.42 RealPlayer RealNetworks 05.11.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.05.2010 6.0.1.6015 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 05.05.2010 6.1.7600.30118 Renegade Paintball (remove only) 04.02.2011 Samsung Kies Samsung Electronics Co., Ltd. 11.02.2011 167,1MB 2.0.0.11014_49 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 11.07.2011 44,9MB 1.3.2410.0 BENÖTIGT Shop for HP Supplies HP 21.09.2010 14.0 ShotOnline OnNet 19.08.2011 1.0 Shrew Soft VPN Client 20.10.2010 SimCity 4 Deluxe Maxis 28.01.2011 Skype™ 5.6 Skype Technologies S.A. 25.10.2011 21,6MB 5.6.110 Smart Technology Programming Software 7.0.2.7 Mad Catz 01.03.2011 66,5MB 7.0.2.7 Sound Blaster X-Fi Surround 5.1 Pro Creative Technology Limited 19.01.2011 1.0 Source SDK Base 2006 Valve 05.02.2011 Spin & Win Oberon Media 27.06.2010 StepMania (remove only) 15.01.2012 Synaptics Pointing Device Driver Synaptics Incorporated 27.06.2010 14.0.19.0 Team Fortress 2 Valve 03.11.2010 TeamSpeak 2 RC2 Dominating Bytes Design 27.10.2010 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 14.12.2010 Technotrend Viewer CM&V 06.10.2010 The Elder Scrolls V: Skyrim Bethesda Game Studios 17.11.2011 The Lord of the Rings Online™ v03.03.00.8048 Turbine, Inc. 23.06.2011 03.03.00.8048 The Sims(TM) 3 Electronic Arts 14.08.2011 TmNationsForever Nadeo 19.08.2011 TT-BDA Data 06.10.2010 1.00.0000 BENÖTIGT TT-Media Center 06.10.2010 1.00.0000 BENÖTIGT TVUPlayer 2.5.3.1 TVU networks 07.09.2011 2.5.3.1 Urwigo Urwigo 06.01.2012 1.12.0.132 Warcraft III 14.10.2010 Warcraft III: All Products 14.10.2010 Welcome Center Acer Incorporated 27.06.2010 1.01.3002 Windows Live Essentials Microsoft Corporation 30.07.2011 15.4.3538.0513 Windows Live Sync Microsoft Corporation 28.06.2010 2,79MB 14.0.8089.726 WinRAR 21.09.2010 World of Logs Client Digibites Technology 14.06.2011 World of Warcraft Blizzard Entertainment 02.12.2011 4.3.0.15050 XviD MPEG-4 Codec 07.07.2011 Yahoo! Toolbar 21.09.2010 Überwachungstool für die Intel® Turbo-Boost-Technik Intel 28.06.2010 1,13MB 1.0.186.6 |
|
18.02.2012, 16:35
| #29 |
| /// Malware-holic | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner ist doch nur die hälfte beschriftet. ich möchte das du alle programme nach den kategorieen einordnest die ich genannt habe, ob sie für dich nötig, unnötig oder unbekannt sind
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2012, 16:55
| #30 |
| | Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner Tut mir leid hatte vorhin nicht genug Zeit Hier jetzt die ganze Liste: Code:
ATTFilter Acer Backup Manager NewTech Infosystems 05.05.2010 27,2MB 2.0.0.60 UNBEKANNT Acer Crystal Eye Webcam Suyin Optronics Corp 28.06.2010 5.2.11.2 BENÖTIGT Acer ePower Management Acer Incorporated 28.06.2010 5.00.3004 BENÖTIGT Acer eRecovery Management Acer Incorporated 05.05.2010 4.05.3011 UNBEKANNT Acer GameZone Console Oberon Media, Inc. 05.05.2010 6.1.0.2 NICHT BENÖTIGT Acer Registration Acer Incorporated 27.06.2010 1.03.3003 NICHT BENÖTIGT Acer ScreenSaver Acer Incorporated 27.06.2010 1.1.0412.2010 NICHT BENÖTIGT Acer Updater Acer Incorporated 05.05.2010 1.02.3001 UNBEKANNT Acrobat.com Adobe Systems Incorporated 05.05.2010 1,61MB 1.6.65 UNBEKANNT Adobe AIR Adobe Systems Inc. 05.05.2010 1.5.0.7220 UNBEKANNT Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 31.10.2010 6,00MB 10.1.85.3 BENÖTIGT Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 16.02.2012 6,00MB 11.1.102.62 BENÖTIGT Adobe Reader 9.4.4 MUI Adobe Systems Incorporated 07.06.2011 655MB 9.4.4 BENÖTIGT Adobe Shockwave Player 11.5 Adobe Systems, Inc. 24.04.2011 11.5.9.620 UNBEKANNT Amazonia Oberon Media 27.06.2010 UNBEKANNT Apple Application Support Apple Inc. 09.11.2011 61,2MB 2.1.5 BENÖTIGT Apple Mobile Device Support Apple Inc. 09.11.2011 24,4MB 4.0.0.96 BENÖTIGT Apple Software Update Apple Inc. 03.09.2011 2,38MB 2.1.3.127 BENÖTIGT Audacity 1.2.6 26.10.2011 NICHT BENÖTIGT AV VoizGame 01.01.2011 UNBEKANNT Avira AntiVir Personal - Free Antivirus Avira GmbH 12.02.2012 70,6MB 10.2.0.707 BENÖTIGT AVM FRITZ!Box Dokumentation AVM Berlin 14.10.2010 BENÖTIGT Battlefield 3™ Electronic Arts 02.11.2011 1.0.0.0 BENÖTIGT Battlelog Web Plugins EA Digital Illusions CE AB 05.11.2011 1.102.0 BENÖTIGT Bonjour Apple Inc. 09.11.2011 2,08MB 3.0.0.10 UNBEKANNT Broadcom Gigabit NetLink Controller Broadcom Corporation 05.05.2010 0,37MB 12.52.04 UNBEKANNT Cake Mania Oberon Media 27.06.2010 NICHT BENÖTIGT Call of Duty: Black Ops Treyarch 16.11.2010 BENÖTIGT Call of Duty: Black Ops - Multiplayer Treyarch 16.11.2010 BENÖTIGT Canon IJ Network Scan Utility 03.10.2010 BENÖTIGt Canon IJ Network Tool 03.10.2010 BENÖTIGT Canon MP Navigator EX 3.0 03.10.2010 BENÖTIGt Canon MP560 series Benutzerregistrierung 03.10.2010 BENÖTIGT Canon MP560 series MP Drivers 03.10.2010 BENÖTIGT Canon Utilities Easy-PhotoPrint EX 03.10.2010 BENÖTIGT Canon Utilities My Printer 03.10.2010 BENÖTIGT Canon Utilities Solution Menu 03.10.2010 BENÖTIGT CCleaner Piriform 17.02.2012 3.15 BENÖTIGT Chicken Invaders 2 Oberon Media 27.06.2010 NICHT BENÖTIGT Cisco Systems VPN Client 5.0.07.0290 20.10.2010 10,8MB BENÖTIGT Core Temp version 0.99.8 Arthur Liberman 19.02.2011 1,79MB 0.99.8 BENÖTIGT Counter-Strike: Source Valve 20.09.2010 4.597MB 1.0.0.0 BENÖTIGT CraftBukkit 02.01.2012 BENÖTIGT Creative Media Toolbox 6 Creative Technology Limited 19.01.2011 6.02 UNBEKANNT Creative Media Toolbox 6 (Shared Components) Creative Labs 19.01.2011 2.80.12 UNBEKANNT Creative Systeminformationen Creative Technology Limited 19.01.2011 1.10 UNBEKANNT Creative WaveStudio 7 Creative Technology Limited 19.01.2011 7.12 UNBEKANNT CyberLink PowerDVD 10 CyberLink Corp. 25.11.2010 242MB 10.0.2113 BENÖTIGT CyberLink PowerDVD 9 CyberLink Corp. 28.06.2010 167,9MB 9.0.2829.50 NICHT BENÖTIGT DAEMON Tools Toolbar DT Soft Ltd 15.10.2010 1.1.2.0185 BENÖTIGT Dairy Dash Oberon Media 27.06.2010 NICHT BENÖTIGT Dolby Digital Live Pack Creative Technology Limited 19.01.2011 3.01 BENÖTIGT Dream Day First Home Oberon Media 27.06.2010 UNBEKANNT DVB-T USB 2.0 05.05.2010 BENÖTIGT eBay Worldwide OEM 20.09.2010 100,00KB 2.1.0901 UNBEKANNT ESN Sonar ESN Social Software AB 05.11.2011 0.70.4 UNBEKANNT eSobi v2 esobi Inc. 05.05.2010 20,4MB 2.0.4.000274 UNBEKANNT Farm Frenzy 2 Oberon Media 27.06.2010 NICHT BENÖTIGT FL Studio 10 Image-Line 22.11.2011 UNBEKANNT Fraps (remove only) 06.06.2011 BENÖTIGT Galapago Oberon Media 27.06.2010 NICHT BENÖTIGT Google Toolbar for Internet Explorer Google Inc. 09.01.2012 7.2.2427.2330 UNBENÖTIGT Grand Prix 4 06.08.2011 NICHT BENÖTIGT Granny In Paradise Oberon Media 27.06.2010 NICHT BENÖTIGT GSAK 7.7.3.53 (Final) CWE computer services 14.09.2011 BENÖTIGT Half-Life 2 Valve 04.11.2010 BENÖTIGT Half-Life 2: Episode One Valve 04.11.2010 BENÖTIGT Half-Life 2: Episode Two Valve 04.11.2010 BENÖTIGT Heroes of Hellas Oberon Media 27.06.2010 NICHT BENÖTIGT HP Customer Participation Program 14.0 HP 21.09.2010 14.0 BENÖTIGT HP Imaging Device Functions 14.0 HP 21.09.2010 14.0 BENÖTIGT HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 HP 21.09.2010 14.0 BENÖTIGT HP Smart Web Printing 4.60 HP 21.09.2010 4.60 BENÖTIGT HP Solution Center 14.0 HP 21.09.2010 14.0 BENÖTIGT HP Update Hewlett-Packard 21.09.2010 2,97MB 5.002.002.002 BENÖTIGT Identity Card Acer Incorporated 27.06.2010 1.00.3003 UNBEKANNT IL Download Manager Image-Line 22.11.2011 UNBEKANNT Intel(R) Management Engine Components Intel Corporation 06.05.2010 6.0.0.1179 BENÖTIGT Intel(R) Rapid Storage Technology Intel Corporation 29.06.2010 9.6.2.1001 BENÖTIGT Intel(R) Turbo Boost Technology Driver Intel Corporation 29.06.2010 01.01.01.1007 BENÖTIGT iRemote BOJA Consulting 18.07.2011 14,0MB 2.10.0000 UNBEKANNT iTunes Apple Inc. 09.11.2011 169,5MB 10.5.0.142 BENÖTIGT Java(TM) 6 Update 25 (64-bit) Oracle 06.06.2011 91,4MB 6.0.250 UNBEKANNT Java(TM) 6 Update 26 Oracle 21.09.2010 97,0MB 6.0.260 UNBEKANNT Java(TM) 7 Update 2 (64-bit) Oracle 02.01.2012 93,6MB 7.0.20 UNBEKANNT JDownloader AppWork UG (haftungsbeschränkt) 15.10.2010 UNBEKANNT Kane & Lynch 2: Dog Days Demo IO Interactive 23.09.2010 NICHT BENÖTIGT Launch Manager Acer Inc. 27.06.2010 4.0.8 UNBEKANNT League of Legends Riot Games 28.09.2011 1.02.0000 BENÖTIGT LogMeIn Hamachi LogMeIn, Inc. 09.02.2012 2.1.0.159 BENÖTIGT MAGIX Foto Designer 7 MAGIX AG 16.03.2011 7.0.1.1 NICHT BENÖTIGT Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 16.02.2012 17,4MB 1.60.1.1000 BENÖTIGT Microsoft .NET Framework 1.1 23.06.2011 UNBEKANNT Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.05.2011 38,8MB 4.0.30320 UNBEKANNT Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.01.2012 2,94MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Extended Microsoft Corporation 19.01.2012 52,0MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 19.01.2012 10,7MB 4.0.30319 UNBEKANNT Microsoft IntelliType Pro 8.0 Microsoft 20.09.2010 34,9MB 8.0.225.0 UNBEKANNT Microsoft Office 2010 Microsoft Corporation 28.06.2010 6,31MB 14.0.4763.1000 UNBEKANNT Microsoft Office Klick-und-Los 2010 Microsoft Corporation 21.09.2010 14.0.4763.1000 UNBEKANNT Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 21.09.2010 14.0.4763.1000 UNBEKANNT Microsoft PowerPoint Viewer Microsoft Corporation 17.02.2012 196,2MB 14.0.6029.1000 UNBEKANNT Microsoft Silverlight Microsoft Corporation 17.02.2012 168,5MB 4.1.10111.0 UNBEKANNT Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.06.2010 1,72MB 3.1.0000 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 08.10.2010 0,25MB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.09.2010 0,24MB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.06.2011 2,38MB 8.0.56336 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.10.2010 3,84MB 8.0.61000 UNBEKANNT Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 24.04.2011 0,57MB 8.0.51011 UNBEKANNT Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 21.09.2010 0,20MB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 24.04.2011 0,58MB 9.0.30729.5570 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.05.2010 0,58MB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 28.10.2011 13,8MB 10.0.40219 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.10.2011 15,0MB 10.0.40219 UNBEKANNT Mirror's Edge DICE 22.04.2011 BENÖTIGT Mozilla Firefox 9.0.1 (x86 de) Mozilla 19.01.2012 38,4MB 9.0.1 BENÖTIGT MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.09.2010 1,28MB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.09.2010 1,39MB 4.20.9876.0 UNBEKANNT My Game Long Name Epic Games, Inc. 19.01.2012 UNBEKANNT MyWinLocker Suite Egis Technology Inc. 05.05.2010 2,20MB 3.1.210.0 UNBEKANNT Need for Speed™ Most Wanted 15.11.2010 NICHT BENÖTIGT No23 Recorder No23 10.03.2011 2,44MB 2.1.0.3 BENÖTIGT Norton Online Backup Symantec 05.05.2010 2,09MB 1.2.0.36 NICHT BENÖTIGT Norton Security Scan Symantec Corporation 07.11.2010 2.7.3.34 NICHT BENÖTIGT NTI Backup Now 5 NewTech Infosystems 05.05.2010 466MB 5.1.2.628 UNBEKANNT NTI Media Maker 8 NewTech Infosystems 05.05.2010 771MB 8.0.12.6630 UNBEKANNT NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 27.10.2011 285.62 BENÖTIGT NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 27.10.2011 1.2.24.0 BENÖTIGT NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 27.10.2011 9.11.0621 BENÖTIGT Opera 11.61 Opera Software ASA 24.01.2012 11.61.1250 BENÖTIGT Origin Electronic Arts, Inc. 22.12.2011 8.3.7.3619 BENÖTIGT OutlookAddInNet3Setup Samsung 07.01.2011 2,59MB 1.0.0 UNBEKANNT Paintball2 Alpha build 30 Digital Paint 05.02.2011 Alpha build 30 NICHT BENÖTIGT Pando Media Booster Pando Networks Inc. 19.08.2011 5,47MB 2.3.6.0 BENÖTIGT PlayReady PC Runtime amd64 Microsoft Corporation 15.10.2010 2,06MB 1.3.0 UNBEKANNT PokerStars.net PokerStars.net 22.10.2010 NICHT BENÖTIGT Portal Valve 04.11.2010 BENÖTIGT Portal 2 Valve 18.04.2011 BENÖTIGT PunkBuster Services Even Balance, Inc. 26.10.2011 0.991 BENÖTIGT Q.U.B.E. 19.01.2012 BENÖTIGT QuickTime Apple Inc. 09.11.2011 73,3MB 7.71.80.42 BENÖTIGT RealPlayer RealNetworks 05.11.2011 BENÖTIGT Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.05.2010 6.0.1.6015 BENÖTIGT Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 05.05.2010 6.1.7600.30118 BENÖTIGT Renegade Paintball (remove only) 04.02.2011 NICHT BENÖTIGT Samsung Kies Samsung Electronics Co., Ltd. 11.02.2011 167,1MB 2.0.0.11014_49 BENÖTIGT SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 11.07.2011 44,9MB 1.3.2410.0 BENÖTIGT Shop for HP Supplies HP 21.09.2010 14.0 NICHT BENÖTIGT ShotOnline OnNet 19.08.2011 1.0 BENÖTIGT Shrew Soft VPN Client 20.10.2010 NICHT BENÖTIGT SimCity 4 Deluxe Maxis 28.01.2011 BENÖTIGT Skype™ 5.6 Skype Technologies S.A. 25.10.2011 21,6MB 5.6.110 BENÖTIGT Smart Technology Programming Software 7.0.2.7 Mad Catz 01.03.2011 66,5MB 7.0.2.7 UNBEKANNT Sound Blaster X-Fi Surround 5.1 Pro Creative Technology Limited 19.01.2011 1.0 BENÖTIGT Source SDK Base 2006 Valve 05.02.2011 BENÖTIGT Spin & Win Oberon Media 27.06.2010 NICHT BENÖTIGT StepMania (remove only) 15.01.2012 BENÖTIGT Synaptics Pointing Device Driver Synaptics Incorporated 27.06.2010 14.0.19.0 UNBEKANNT Team Fortress 2 Valve 03.11.2010 BENÖTIGT TeamSpeak 2 RC2 Dominating Bytes Design 27.10.2010 2.0.32.60 BENÖTIGT TeamSpeak 3 Client TeamSpeak Systems GmbH 14.12.2010 BENÖTIGT Technotrend Viewer CM&V 06.10.2010 BENÖTIGT The Elder Scrolls V: Skyrim Bethesda Game Studios 17.11.2011 BENÖTIGT The Lord of the Rings Online™ v03.03.00.8048 Turbine, Inc. 23.06.2011 03.03.00.8048 BENÖTIGT The Sims(TM) 3 Electronic Arts 14.08.2011 BENÖTIGT TmNationsForever Nadeo 19.08.2011 BENÖTIGT TT-BDA Data 06.10.2010 1.00.0000 BENÖTIGT TT-Media Center 06.10.2010 1.00.0000 BENÖTIGT TVUPlayer 2.5.3.1 TVU networks 07.09.2011 2.5.3.1 BENÖTIGT Urwigo Urwigo 06.01.2012 1.12.0.132 BENÖTIGT Warcraft III 14.10.2010 BENÖTIGT Warcraft III: All Products 14.10.2010 BENÖTIGT Welcome Center Acer Incorporated 27.06.2010 1.01.3002 UNBEKANNT Windows Live Essentials Microsoft Corporation 30.07.2011 15.4.3538.0513 BENÖTIGT Windows Live Sync Microsoft Corporation 28.06.2010 2,79MB 14.0.8089.726 UNBEKANNT WinRAR 21.09.2010 BENÖTIGT World of Logs Client Digibites Technology 14.06.2011 NICHT BENÖTIGT World of Warcraft Blizzard Entertainment 02.12.2011 4.3.0.15050 BENÖTIGT XviD MPEG-4 Codec 07.07.2011 BENÖTIGT Yahoo! Toolbar 21.09.2010 NICHT BENÖTIGT Überwachungstool für die Intel® Turbo-Boost-Technik Intel 28.06.2010 1,13MB 1.0.186.6 UNBEKANNT |
|
| Themen zu Erst can nott find dwlgina3.dll mit Blackscreen, jetzt den GEMA-Trojaner |
| .dll, bildschirm, blackscreen, booten, dwlgina3.dll, fenster, gema-trojaner, gestartet, konnte, login, meldung, nichts, nochmals, not, otlpe, otlpenet, problem, starte, taskma, taskmanager, titel, vorgehen |
Linear-Darstellung
