Hallo liebes trojaner-board Team,

ich habe mir unglücklicherweise den GVU Trojaner eingefangen. Damals konnte ich ihn einfach über den abgesicherten Modus löschen, doch diesmal haben sich die Hacker was neues einfallen lassen.
Wenn ich versuche den Computer im abgesicherten Modus zu starten, fährt er sofort wieder runter. Somit komme ich erst gar nicht auf meinen Desktop.
Eine Systemwiederherstellung ist momentan nicht möglich, da ich keinen Wiederherstellungspunkt habe.

Bei mir handelt es sich dabei um exakt dasselbe Problem wie hier:
http://www.trojaner-board.de/135041-...ktioniert.html

Ich hoffe ihr könnt mir da weiterhelfen.

hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         

• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Ich habe zwar einen Zweit-PC mit CD-Brenner, aber leider hat mein infizierter Rechner kein DVD/CD Laufwerk.
Könnte man auch das Tool auch auf einen Stick ziehen und dann davon booten?
Danke schonmal im vorraus

Hi,
Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht
mehr vorhanden sein.

• Downloade dir OTLPEstd.exe und speichere die Datei auf dem Desktop.
• Solltest
  Du kein 7-zip oder Winrar auf deinem System haben, lade dir 7-zip herunter und installiere
  es.
• Nach der Installation von 7-zip, extrahiere OTLPEstd mit einem Rechtsklick auf OTLPE.iso und wähle Entpacken nach "OTLPEstd\".
  
  
  
  
  
  Nun öffne bitte den Ordner OTLPEStd und mache einen Rechtklick auf die OTLPE_New_Std.iso und wähle in 7zip Dateien entpacken
  
  
  
  Entpacke die Dateien in einen Ordner ( OTLPE ) auf dem Desktop. Nehme bitte ebenfalls die Einstellung wie im Bild vor.
  
  

Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens
C:\).

• Leere den USB Stick auf den Du OTLPE erstellen willst.
• Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
• Drücke
  im DOS Fenster eine beliebige Taste.
• Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
  Für Drive Label: gib ein OTLPE.
  Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
  Setze ein Häckchen bei Enable File Copy.
• Klicke Start, akzeptiere die Nutzungsbestimmungen.

Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt
  wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
  for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• 
  OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
  und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste
  den Inhalt von C:\OTL.Txt und Extras.Txt.

Nach langem hin und her, findet eeecpfr meinen Stick nicht. Es ist ein 32 GB stick. Habe schon alle Formate (NTFS, Fat32, EXFat) formatiert, und habe es auch schon mit einer kleinen Partitionierung (2GB) versucht.

Was nun?

evtl. n anderen stick?

oder pc mal starten f8 drücken und gucken ob der abgesicherte modus geht

Also beim infiziertem PC geht der abgesicherte Modus ja leider nicht, da der Rechner beim booten sofort wieder runterfährt.

Einen anderen Stick habe ich leider gerade nicht zur Hand. Ich habe es soeben noch mit einer externen Festplatte probiert, aber das ging leider auch nicht.

Ich werde versuchen auf morgen einen neuen Stick aufzutreiben.

oder an nem andern pc ausprobieren.

Vorweg erstmal sorry für die riesigen Bilder, aber ich habe sie auf die schnelle nicht klein bekommen.

Nach langem hin und her habe ich mir die neuste Version von PeToUSB geladen und diese als Administrator gestartet, und nun hat das Tool auch endlich meinen Stick erkannt.

Im Bootmenü hatte ich dann vom Stick her 2 Auswahlmöglichkeiten
hier ein Bild:



Wenn ich vom UEFI Stick gebootet hab, passierte gar nichts, und Windows 7 fährt ganz normal hoch, mit GVU Meldung.

Wenn ich im Bootmenü nach dem normalen Stick boote, kommt immer folgende Meldung:



Nach diesem Neustart bootet der Rechner wieder normal in das Windows 7 System.

Nach der ganzen Aktion habe ich mir nun einen externen DVD-Brenner ausgeliehen und habe entsprechend deiner Anleitung verfahren.
Das REATOGO-X-PE System wird diesmal auch erkannt, und es wird auch davon gebootet, doch sobald der Windows XP Ladescreen kommt, erhalte ich einen Bluescreen mit folgender Meldung:




Nun bin ich mit meinem Latein am Ende
Hast du vielleicht noch eine rettende Idee?

gehe bitte ins bios, dort müsste es die Option, ide bzw ahci mode geben, da den geggenteiligen konfigurieren und die CD starten, da die Bios versionen immer unterschiedlich aussehen kann ich dir nicht genau sagen wo du suchen musst, advanced options aber häufig.

Der Mode war standardmäßig bei mir auf AHCI, und habe ihn auf IDE gestellt, und es funktionierte
Danke schonmal dafür.

Also nun habe ich die Log:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 5/21/2013 1:29:07 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.33 Mb Free Space | 74.33% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 73.98 Mb Free Space | 73.98% Space Free | Partition Type: NTFS
Drive E: | 213.34 Gb Total Space | 12.43 Gb Free Space | 5.82% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive G: | 19.43 Gb Total Space | 2.17 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive H: | 97.56 Gb Total Space | 2.00 Gb Free Space | 2.05% Space Free | Partition Type: NTFS
Drive I: | 833.85 Gb Total Space | 9.18 Gb Free Space | 1.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/02 09:39:30 | 000,168,864 | ---- | M] () [Auto] -- H:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/15 11:19:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/26 16:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/26 16:57:04 | 000,390,440 | ---- | M] () [Auto] -- H:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/26 16:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/04/24 15:29:56 | 000,078,512 | ---- | M] () [On_Demand] -- H:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/12 05:21:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/10 08:05:52 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/11/13 01:19:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/20 04:56:06 | 000,136,896 | ---- | M] (Futuremark Corporation) [On_Demand] -- H:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/06/09 07:33:44 | 000,076,888 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/08 20:18:08 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto] -- H:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/08 20:17:38 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto] -- H:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/08 19:39:40 | 011,839,488 | ---- | M] () [Auto] -- H:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/06/08 18:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto] -- H:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/05/30 06:38:50 | 000,008,192 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/08/29 17:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto] -- H:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/04/29 19:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/27 11:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto] -- H:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/24 15:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System] -- H:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/10 08:20:34 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System] -- H:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/20 07:49:00 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- H:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/08 20:18:28 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/08 20:17:18 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/06/08 20:16:28 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 17:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 17:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/05/02 09:39:14 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto] -- H:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012/04/06 14:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/15 06:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/10 13:24:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/07 08:12:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011/08/29 17:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 08:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot] -- H:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/10 12:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 07:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- H:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 07:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- H:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/12/28 22:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/10 09:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 09:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/27 10:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 10:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 10:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 10:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- H:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 10:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 10:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand] -- H:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/04/29 01:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/11/23 20:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 20:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/02 14:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- H:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/01 14:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/04/13 17:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- H:\Windows\System32\drivers\tap0801.sys -- (tap0801)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,DefaultNetProfile = 9667429
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Lapilala_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA BB C6 79 2A 19 CE 01  [binary data]
IE - HKU\Lapilala_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lapilala_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: H:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120212-0402: H:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: H:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.122.0: H:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2: H:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: H:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: H:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/12/10 08:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 05:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/12/27 11:58:26 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Lapilala\AppData\Roaming\Mozilla\Extensions
[2013/05/08 13:05:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Lapilala\AppData\Roaming\Mozilla\Firefox\Profiles\onxh8qyq.default\extensions
[2013/05/06 08:01:04 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 05:21:44 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/06 08:01:04 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- H:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) -- 
() (No name found) -- H:\USERS\LAPILALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ONXH8QYQ.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
() (No name found) -- H:\USERS\LAPILALA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ONXH8QYQ.DEFAULT\EXTENSIONS\MYTUBE@ASHISHMISHRA.IN.XPI
[2013/04/12 05:21:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/16 06:15:53 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/08 09:54:03 | 000,002,465 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/16 06:15:53 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/16 06:15:53 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/16 06:15:53 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/16 06:15:53 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/03/03 12:46:26 | 000,000,878 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - H:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - H:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - H:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] H:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] H:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [BCSSync]  File not found
O4:64bit: - HKLM..\Run: [Launch LCore] H:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] H:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] H:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] H:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] H:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Lapilala_ON_H..\Run: [ApplePhotoStreams]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [DAEMON Tools Lite]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [iCloudServices]  File not found
O4 - HKU\Lapilala_ON_H..\Run: [MicroUpdate] H:\Windows\MSDCSC\msdcsc.exe (Microsoft Corporation)
O4 - HKU\Lapilala_ON_H..\Run: [MobileDocuments]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin]  File not found
O4 - Startup: H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Lapilala_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - H:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - H:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - H:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - H:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\MSDCSC\msdcsc.exe) - H:\Windows\MSDCSC\msdcsc.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (C:\Users\Lapilala\AppData\Roaming\skype.dat) - H:\Users\Lapilala\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\klogon: DllName - %SystemRoot%\System32\klogon.dll - H:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - H:\Windows\System32\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - H:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: openvpn-gui - hkey= - key= - H:\Users\Lapilala\Desktop\USAIP\bin\openvpn-gui.exe ()
MsConfig:64bit - StartUpReg: Razer Mamba Elite Driver - hkey= - key= - H:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - H:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: vmware-tray - hkey= - key= - H:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig:64bit - State: "bootini" - 2
MsConfig:64bit - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/19 06:15:34 | 000,000,000 | R--D | C] -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/05/15 17:06:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2013/05/15 17:06:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2013/05/15 17:06:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/05/15 17:06:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/05/15 17:06:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2013/05/15 17:06:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 17:06:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/05/15 17:06:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/05/15 17:06:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/05/15 17:06:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2013/05/15 17:06:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2013/05/15 17:06:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2013/05/15 17:06:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 17:06:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/05/15 17:06:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/05/15 17:06:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/05/15 17:06:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2013/05/15 17:03:30 | 000,265,064 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 17:03:30 | 000,144,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\cdd.dll
[2013/05/15 17:03:19 | 001,930,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll
[2013/05/15 17:03:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shdocvw.dll
[2013/05/15 17:03:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\authui.dll
[2013/05/15 17:03:11 | 000,111,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe
[2013/05/15 17:03:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll
[2013/05/15 11:19:14 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/08 19:27:00 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2013/05/07 18:22:23 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013/05/07 18:06:42 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/05/06 08:01:53 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/06 08:01:40 | 000,000,000 | ---D | C] -- H:\ProgramData\Hotspot Shield
[2013/05/06 08:01:04 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Hotspot Shield
[2013/05/06 08:00:59 | 000,000,000 | ---D | C] -- H:\Users\Lapilala\AppData\Roaming\Hotspot Shield
[2013/05/03 13:16:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013/04/24 15:28:08 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- H:\Windows\System32\drivers\taphss6.sys
[2013/04/24 15:18:34 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- H:\Windows\System32\drivers\hssdrv6.sys
[2013/04/23 11:39:29 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Skype
[4 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/20 10:36:57 | 000,000,004 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
[2013/05/20 10:36:12 | 000,000,266 | ---- | M] () -- H:\Windows\tasks\AutoKMS.job
[2013/05/20 10:36:07 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/05/20 10:35:35 | 2131,877,887 | -HS- | M] () -- H:\hiberfil.sys
[2013/05/19 06:20:47 | 000,020,480 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 06:20:47 | 000,020,480 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 06:19:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 06:15:34 | 000,000,035 | ---- | M] () -- H:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/05/19 06:05:37 | 000,699,570 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/05/19 06:05:37 | 000,654,888 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/05/19 06:05:37 | 000,149,392 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/05/19 06:05:37 | 000,122,346 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/05/16 06:23:46 | 000,002,441 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/16 06:21:54 | 000,001,005 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013/05/16 06:19:54 | 000,423,952 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/05/15 11:19:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 11:19:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/15 11:19:14 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/07 18:13:37 | 000,001,106 | ---- | M] () -- H:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
[2013/05/07 18:13:00 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/05/07 18:10:07 | 000,000,000 | R--D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/07 18:07:38 | 000,001,132 | ---- | M] () -- H:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2013/05/06 19:04:03 | 000,000,553 | ---- | M] () -- H:\Users\Public\Desktop\Left 4 Dead 2.lnk
[2013/05/06 12:30:00 | 000,778,048 | ---- | M] () -- H:\Users\Lapilala\Desktop\blobby.rar
[2013/05/06 08:02:30 | 000,001,148 | ---- | M] () -- H:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/05/06 08:01:53 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/05/03 13:16:25 | 000,000,987 | ---- | M] () -- H:\Users\Public\Desktop\Blender.lnk
[2013/05/03 13:16:25 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013/04/30 08:43:24 | 000,001,102 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/04/30 08:43:24 | 000,001,090 | ---- | M] () -- H:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- H:\Windows\System32\drivers\taphss6.sys
[2013/04/24 15:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- H:\Windows\System32\drivers\hssdrv6.sys
[2013/04/22 07:01:23 | 000,000,619 | ---- | M] () -- H:\Users\Public\Desktop\Age of Empire 2 HD Edition.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empire 2 HD Edition.lnk
[4 H:\Windows\SysWow64\*.tmp files -> H:\Windows\SysWow64\*.tmp -> ]
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/16 07:18:10 | 000,000,004 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
[2013/05/16 06:21:54 | 000,001,005 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2013/05/07 18:13:37 | 000,001,106 | ---- | C] () -- H:\Users\Public\Desktop\Aufstieg des Hexenkönigs™.lnk
[2013/05/07 18:07:38 | 000,001,132 | ---- | C] () -- H:\Users\Public\Desktop\Die Schlacht um Mittelerde™ II.lnk
[2013/05/06 19:04:02 | 000,000,553 | ---- | C] () -- H:\Users\Public\Desktop\Left 4 Dead 2.lnk
[2013/05/06 12:29:59 | 000,778,048 | ---- | C] () -- H:\Users\Lapilala\Desktop\blobby.rar
[2013/05/06 08:02:30 | 000,001,148 | ---- | C] () -- H:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/05/03 13:16:25 | 000,000,987 | ---- | C] () -- H:\Users\Public\Desktop\Blender.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | C] () -- H:\Users\Public\Desktop\Age of Empire 2 HD Edition.lnk
[2013/04/22 07:01:23 | 000,000,619 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empire 2 HD Edition.lnk
[2012/12/24 16:13:39 | 000,000,000 | ---- | C] () -- H:\Windows\BRPARAM.INI
[2012/12/24 16:11:25 | 000,045,056 | ---- | C] () -- H:\Windows\SysWow64\BRTCPCON.DLL
[2012/12/24 16:11:25 | 000,000,114 | ---- | C] () -- H:\Windows\SysWow64\BRLMW03A.INI
[2012/12/24 16:08:04 | 000,000,060 | R--- | C] () -- H:\Program Files (x86)\BRINST.INI
[2012/11/15 13:17:54 | 000,204,952 | ---- | C] () -- H:\Windows\SysWow64\ativvsvl.dat
[2012/11/15 13:17:54 | 000,157,144 | ---- | C] () -- H:\Windows\SysWow64\ativvsva.dat
[2012/10/07 07:11:19 | 000,000,659 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\MPQEditor.ini
[2012/09/27 11:07:50 | 000,000,000 | ---- | C] () -- H:\Windows\SysWow64\cd.dat
[2012/08/22 00:16:24 | 000,429,416 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2012/06/19 10:38:46 | 000,168,864 | ---- | C] () -- H:\Program Files\Common Files\WireHelpSvc.exe
[2012/06/11 12:06:52 | 001,598,712 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/10 09:19:52 | 000,000,320 | ---- | C] () -- H:\Windows\WPE PRO - modified.INI
[2012/05/30 06:39:01 | 000,077,824 | ---- | C] () -- H:\Windows\KMService.exe
[2012/05/30 06:39:01 | 000,008,192 | ---- | C] () -- H:\Windows\SysWow64\srvany.exe
[2012/05/29 03:40:16 | 000,017,408 | ---- | C] () -- H:\Users\Lapilala\AppData\Local\WebpageIcons.db
[2012/05/02 08:58:10 | 000,029,184 | ---- | C] () -- H:\Windows\SysWow64\kdbsdk32.dll
[2012/04/22 07:20:26 | 000,281,520 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2012/04/22 07:20:25 | 000,076,888 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2012/01/11 08:31:03 | 000,074,752 | ---- | C] () -- H:\Users\Lapilala\AppData\Roaming\skype.dat
[2011/12/30 06:36:37 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2011/12/27 12:02:54 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2011/12/27 11:36:01 | 000,001,769 | ---- | C] () -- H:\Windows\Language_trs.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2013/03/23 04:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/21 02:18:45 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/06/19 09:15:41 | 000,000,000 | ---D | M] -- H:\ProgramData\Battle.net
[2012/05/01 15:34:20 | 000,000,000 | ---D | M] -- H:\ProgramData\ClubSanDisk
[2012/02/10 13:24:23 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/04/22 06:45:19 | 000,000,000 | ---D | M] -- H:\ProgramData\EA Core
[2012/04/22 10:50:41 | 000,000,000 | ---D | M] -- H:\ProgramData\EA Logs
[2012/04/22 07:57:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Electronic Arts
[2012/06/19 10:38:37 | 000,000,000 | ---D | M] -- H:\ProgramData\ESL Wire
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/05/06 08:31:42 | 000,000,000 | ---D | M] -- H:\ProgramData\Hotspot Shield
[2012/08/20 19:41:24 | 000,000,000 | ---D | M] -- H:\ProgramData\id Software
[2013/02/03 09:59:12 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/30 09:16:10 | 000,000,000 | ---D | M] -- H:\ProgramData\Origin
[2012/09/30 14:56:35 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/06/23 12:51:34 | 000,000,000 | ---D | M] -- H:\ProgramData\PMS
[2012/02/10 05:40:06 | 000,000,000 | ---D | M] -- H:\ProgramData\PopCap Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2013/04/22 07:03:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Steam
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/12/28 18:25:20 | 000,000,000 | ---D | M] -- H:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/05/20 10:36:12 | 000,000,266 | ---- | M] () -- H:\Windows\Tasks\AutoKMS.job
[2013/05/14 03:22:00 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/27 10:42:31 | 000,000,000 | -HSD | M] -- H:\$Recycle.Bin
[2013/01/21 02:07:27 | 000,000,000 | ---D | M] -- H:\AMD
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\Documents and Settings
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen
[2011/12/27 11:36:02 | 000,000,000 | ---D | M] -- H:\Intel
[2012/05/30 07:02:14 | 000,000,000 | RH-D | M] -- H:\MSOCache
[2012/09/26 09:46:10 | 000,000,000 | ---D | M] -- H:\NVIDIA
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- H:\PerfLogs
[2013/03/23 04:59:47 | 000,000,000 | R--D | M] -- H:\Program Files
[2013/05/06 08:01:04 | 000,000,000 | R--D | M] -- H:\Program Files (x86)
[2013/05/06 08:01:40 | 000,000,000 | -H-D | M] -- H:\ProgramData
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Programme
[2011/12/27 10:42:04 | 000,000,000 | -HSD | M] -- H:\Recovery
[2013/05/15 17:05:30 | 000,000,000 | -HSD | M] -- H:\System Volume Information
[2012/09/26 09:48:26 | 000,000,000 | ---D | M] -- H:\temp
[2012/09/27 11:35:16 | 000,000,000 | R--D | M] -- H:\Users
[2013/05/16 07:24:12 | 000,000,000 | ---D | M] -- H:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- H:\Windows\System32\drivers\iaStor.sys
[2011/04/26 06:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- H:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 H:\Windows\system32\*.tmp files -> H:\Windows\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         

Hoffe du kannst was damit anfangen, und danke nochmal für die Hilfe bis hier hin

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O20 - HKU\Lapilala_ON_H Winlogon: Shell - (C:\Users\Lapilala\AppData\Roaming\skype.dat) - H:\Users\Lapilala\AppData\Roaming\skype.dat ()
[2013/05/20 10:36:57 | 000,000,004 | ---- | M] () -- H:\Users\Lapilala\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, stelle den Modus im Bios wieder um.
windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.

• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
  folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
• 
  Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
  hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Hat soweit alles geklappt und komme wieder in mein System rein.
Leider hat Windows nicht automatisch neugestartet und entsprechend auch keine otl.exe geöffnet.

Dafür hat sich eine txt File direkt nach dem Fix geöffnet. Ich poste sie hier mal:

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Lapilala_ON_H\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Lapilala\AppData\Roaming\skype.dat deleted successfully.
H:\Users\Lapilala\AppData\Roaming\skype.dat moved successfully.
H:\Users\Lapilala\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lapilala
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Lapilala
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 7001600 bytes
%systemroot%\System32 (64bit) .tmp files removed: 8556032 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39022282 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
 
Total Files Cleaned = 52.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05212013_042437
         

Den Ordner mit moved Files habe ich entsprechend gepackt und erflogreich hochgeladen

Hi
ist ja das richtige Log, also, alles schick.
Wenn du nicht manuell neugestartet hast, mach das mal, du solltest wieder in deinen Account kommen.
Wenn dem so ist:
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.