| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gvu trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2013, 17:19
| #1 |
 |  gvu trojaner Guten Tag, Erstmals, mein Deutsch ist nicht super, aber hoffentlich passt. Zweitens, ich habe seit ein paar Stunde die GVU Trojaner, und kann nichts mehr mit mein Rechner machen. Ich habe die Rechner Runtergefahren und dann wieder hochgeahren aber ich habe um die 2 minute bevor die Sperrung wieder aufstellt. Ich bin nicht die 'Technik-freak' aber vielleicht jemand könnte mich schrittweise begleitten. Danke vielmals, Gruß, Richie |
|
22.05.2013, 17:22
| #2 |
| /// Malware-holic   | gvu trojaner Hi,
__________________kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
22.05.2013, 17:25
| #3 |
| | gvu trojaner ok, ich melde mich wenn ich soweit bin. Danke
__________________ |
|
22.05.2013, 17:43
| #4 |
| /// Malware-holic | gvu trojaner bitte solche zwischenposts weg lassen, da die Nachfolgenen an diesen angehangen werden müsste ich dann immer reinsehen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2013, 19:25
| #5 |
| | gvu trojaner Hallo, Ich habe jetz ein Problem. Ich habe das CD gebrannt, wie beschriben. Ich habe die Disk in die infizierte Laptop eingeliegt, F12 gedruckt, und selektiert CD-ROM. Dan hat die Computer versucht das REATOGO-X-PE Program hochzuladen, hat dann von allein Windows angefangen, und bevor Windows sich voll geöffnet hatte, die Rechner hat ein Blauebildschirm gezeigt.  |
|
22.05.2013, 19:27
| #6 |
| /// Malware-holic | gvu trojaner Hi, gehe mal ins Bios, geht meist bei Neustart über entf. dort musst du etwas suchen, das ide, bzw AHCI mode heißt, kann dir nicht genau sagen wo, da immer unterschiedlich, könnte aber unter advanced options sein. konfiguriere jeweils den gegenteiligen Mode und versuche die CD erneut.
__________________ --> gvu trojaner |
|
22.05.2013, 20:29
| #7 |
| | gvu trojaner ok, ich habe es gefunden und AHCI auf IDE geändert. Jetzt habe ich auf das OTLPE Icon geclickt, aber ich bekomme die folgenden fenster:  Wo muss ich hin? Danke und Gruß |
|
22.05.2013, 23:56
| #8 |
| /// Malware-holic | gvu trojaner alles aufklappen, ordner windows suchen und dann da draufklicken, dann gehts los
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 06:16
| #9 |
| | gvu trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/23/2013 11:56:23 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.69 Mb Free Space | 59.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.semex-deutschland.de/
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ==========
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/11 02:56:42 | 000,001,107 | ---- | M] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/11 02:56:42 | 000,001,107 | ---- | C] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
========== LOP Check ==========
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
23.05.2013, 10:50
| #10 |
| /// Malware-holic | gvu trojaner komisch, wird erst mal nichts weiter im log angezeigt auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, ins bios gehen, Modus umstellen nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 18:20
| #11 |
| | gvu trojaner Anbei ist Bericht: pc hat sich von allein nicht wieder neu gestartet. Ich habe selbe es runtergefahren, modus umgestellt, aber kommt die BSI sperrbild wieder. 05242013_030458.log |
|
23.05.2013, 18:26
| #12 |
| /// Malware-holic | gvu trojaner OK stelle den Modus noch mal um, wähle im otl scan, den ich noch mal benötige auf jeden fall den betroffenen Nutzer aus, falls du mehrere Windows instalationen hast, auf verschiedenen Laufwerken zb musst du auch die richtige wählen. und poste das neue Log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 19:44
| #13 |
| | gvu trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/23/2013 6:36:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.39 Mb Free Space | 59.43% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Semex-Deutschland
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/11 02:57:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 ???,????,????cr67com,????,??????,?????112scg,tt???8bc8,?????
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com - Informationen zum Thema 1001namen.
O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com - Informationen zum Thema 10sek.
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ==========
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
========== LOP Check ==========
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
23.05.2013, 20:33
| #14 |
| /// Malware-holic | gvu trojaner auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu wenn ja, nimm die cd aus dem laufwerk, Modus im Bios umstellen. windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.05.2013, 21:45
| #15 |
| | gvu trojaner Es scheint zu funktioniern. Hier ist die otl.txt beriecht. Ich lade gleich die reste über die Upchannel. An Desktop sind viele unbekannte Dokumente. Soll ich die auch als ZIP einpacken und über Upchannel dir schicken, oder einfach gleich losen?OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/23/2013 6:36:32 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.39 Mb Free Space | 59.43% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.semex-deutschland.de/
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/05/11 02:57:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
========== Files/Folders - Created Within 30 Days ==========
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
========== LOP Check ==========
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
| Themen zu gvu trojaner |
| deutsch, guten, gvu bka trojaner, gvu trojaner, hoffe, minute, nichts, rechner, sperrbildschirm bundespolizei, sperrung, stunde, super, troja, trojane, trojaner |
