Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.05.2013, 17:19   #1
Newson
 
gvu trojaner - Standard

gvu trojaner



Guten Tag,

Erstmals, mein Deutsch ist nicht super, aber hoffentlich passt.

Zweitens, ich habe seit ein paar Stunde die GVU Trojaner, und kann nichts mehr mit mein Rechner machen. Ich habe die Rechner Runtergefahren und dann wieder hochgeahren aber ich habe um die 2 minute bevor die Sperrung wieder aufstellt.

Ich bin nicht die 'Technik-freak' aber vielleicht jemand könnte mich schrittweise begleitten.

Danke vielmals,

Gruß, Richie

Alt 22.05.2013, 17:22   #2
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Hi,
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 22.05.2013, 17:25   #3
Newson
 
gvu trojaner - Standard

gvu trojaner



ok, ich melde mich wenn ich soweit bin. Danke
__________________

Alt 22.05.2013, 17:43   #4
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



bitte solche zwischenposts weg lassen, da die Nachfolgenen an diesen angehangen werden müsste ich dann immer reinsehen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.05.2013, 19:25   #5
Newson
 
gvu trojaner - Standard

gvu trojaner



Hallo,

Ich habe jetz ein Problem. Ich habe das CD gebrannt, wie beschriben. Ich habe die Disk in die infizierte Laptop eingeliegt, F12 gedruckt, und selektiert CD-ROM. Dan hat die Computer versucht das REATOGO-X-PE Program hochzuladen, hat dann von allein Windows angefangen, und bevor Windows sich voll geöffnet hatte, die Rechner hat ein Blauebildschirm gezeigt.gvu trojaner-20130522_194032.jpg


Alt 22.05.2013, 19:27   #6
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



Hi, gehe mal ins Bios, geht meist bei Neustart über entf.
dort musst du etwas suchen, das ide, bzw AHCI mode heißt, kann dir nicht genau sagen wo, da immer unterschiedlich, könnte aber unter advanced options sein.
konfiguriere jeweils den gegenteiligen Mode und versuche die CD erneut.
__________________
--> gvu trojaner

Alt 22.05.2013, 20:29   #7
Newson
 
gvu trojaner - Standard

gvu trojaner



ok, ich habe es gefunden und AHCI auf IDE geändert.
Jetzt habe ich auf das OTLPE Icon geclickt, aber ich bekomme die folgenden fenster:

gvu trojaner-20130522_211336.jpg

Wo muss ich hin?

Danke und Gruß

Alt 22.05.2013, 23:56   #8
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



alles aufklappen, ordner windows suchen und dann da draufklicken, dann gehts los
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 06:16   #9
Newson
 
gvu trojaner - Standard

gvu trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/23/2013 11:56:23 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.69 Mb Free Space | 59.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.semex-deutschland.de/
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/11 02:56:42 | 000,001,107 | ---- | M] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/11 02:56:42 | 000,001,107 | ---- | C] () -- E:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
 
========== LOP Check ==========
 
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

Alt 23.05.2013, 10:50   #10
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



komisch, wird erst mal nichts weiter im log angezeigt
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja,
ins bios gehen, Modus umstellen
nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 18:20   #11
Newson
 
gvu trojaner - Standard

gvu trojaner



Anbei ist Bericht:
pc hat sich von allein nicht wieder neu gestartet. Ich habe selbe es runtergefahren, modus umgestellt, aber kommt die BSI sperrbild wieder.

05242013_030458.log

Alt 23.05.2013, 18:26   #12
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



OK stelle den Modus noch mal um, wähle im otl scan, den ich noch mal benötige auf jeden fall den betroffenen Nutzer aus, falls du mehrere Windows instalationen hast, auf verschiedenen Laufwerken zb musst du auch die richtige wählen. und poste das neue Log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 19:44   #13
Newson
 
gvu trojaner - Standard

gvu trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/23/2013 6:36:32 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.39 Mb Free Space | 59.43% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = Semex-Deutschland
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/05/11 02:57:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	???,????,????cr67com,????,??????,?????112scg,tt???8bc8,?????
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com - Informationen zum Thema 1001namen.
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com - Informationen zum Thema 10sek.
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
 
========== LOP Check ==========
 
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

Alt 23.05.2013, 20:33   #14
markusg
/// Malware-holic
 
gvu trojaner - Standard

gvu trojaner



auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu
wenn ja, nimm die cd aus dem laufwerk, Modus im Bios umstellen. windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2013, 21:45   #15
Newson
 
gvu trojaner - Standard

gvu trojaner



Es scheint zu funktioniern. Hier ist die otl.txt beriecht. Ich lade gleich die reste über die Upchannel. An Desktop sind viele unbekannte Dokumente. Soll ich die auch als ZIP einpacken und über Upchannel dir schicken, oder einfach gleich losen?OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/23/2013 6:36:32 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 12.15 Gb Total Space | 6.09 Gb Free Space | 50.11% Space Free | Partition Type: NTFS
Drive D: | 130.89 Gb Total Space | 127.98 Gb Free Space | 97.78% Space Free | Partition Type: NTFS
Drive E: | 155.00 Gb Total Space | 99.78 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive F: | 985.00 Mb Total Space | 585.39 Mb Free Space | 59.43% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/16 01:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/10 02:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (SilentHerdsman)
SRV - [2011/12/05 11:44:10 | 000,098,304 | ---- | M] (Multiplan Consultants Limited) [Auto] -- E:\SilentHerdsman\services\JavaService.exe -- (ETSWatchdog)
SRV - [2011/05/15 06:29:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/10 12:47:41 | 000,040,960 | ---- | M] (Dell Inc.) [Auto] -- E:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/10/26 04:22:10 | 000,245,648 | ---- | M] () [Auto] -- E:\SilentHerdsman\resources\ntpServer\bin\ntpd.exe -- (NTP)
SRV - [2010/09/04 03:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/04 03:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/05 15:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/22 15:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 15:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2010/05/14 08:11:08 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- E:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/04/07 08:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009/12/01 13:13:12 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/04 17:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 17:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 11:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- E:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/08 08:12:51 | 000,116,104 | ---- | M] () [Auto] -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/07/15 19:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 19:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 06:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- E:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2013/01/20 10:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/11 01:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/02/10 12:47:40 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/29 12:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/08/30 23:15:56 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/08/20 13:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- E:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV - [2010/08/12 12:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/07/19 13:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/19 13:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/19 13:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/10 18:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 18:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 17:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2010/04/07 08:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/27 11:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 16:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 15:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/15 19:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 19:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 19:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- E:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/13 20:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/05/28 12:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\c.proebsting_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\r.newson_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.semex-deutschland.de/
IE - HKU\r.newson_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: E:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/04/19 06:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/11 02:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/05/11 02:57:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (No name found) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions
[2013/05/11 03:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\r.newson\AppData\Roaming\Mozilla\Firefox\Profiles\5vviftf1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/11 02:56:27 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2013/04/10 02:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/04/10 04:18:46 | 000,001,392 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 04:18:46 | 000,002,465 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 04:18:46 | 000,001,153 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 04:18:46 | 000,006,805 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 04:18:46 | 000,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 04:18:46 | 000,001,105 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/24 02:53:58 | 000,442,957 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	autodiscover.tcom-it.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\c.proebsting_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] E:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] E:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] E:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] E:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] E:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreeFallProtection] E:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] E:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] E:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] E:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] E:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] E:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] E:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\c.proebsting_ON_E..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\r.newson_ON_E..\Run: [DisplaySwitch] E:\ProgramData\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKU\r.newson_ON_E..\Run: [RESTART_STICKY_NOTES] E:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] E:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NTP_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\postgres_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\c.proebsting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - E:\Program Files\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - E:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/23 11:49:59 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/22 13:57:41 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 10:35:13 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Byxew
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Liocgi
[2013/05/22 10:23:00 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Eqyx
[2013/05/22 10:22:04 | 000,095,744 | ---- | C] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/16 01:09:29 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/05/16 01:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/05/16 01:09:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/05/16 01:09:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/05/16 01:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/05/16 01:09:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/05/16 01:09:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/05/16 01:09:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/05/16 01:09:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/05/16 01:04:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/15 01:26:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\wwanprotdim.dll
[2013/05/15 01:26:15 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/05/15 01:19:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:19:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\authui.dll
[2013/05/15 01:19:54 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\consent.exe
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{F3523132-0D6F-41A1-9CA2-F5C21E09DA5B}
[2013/05/11 03:06:17 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\{9FC7F15F-A688-4CE7-AE25-7D5914442510}
[2013/05/11 03:00:18 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Macromedia
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Roaming\Mozilla
[2013/05/11 02:57:39 | 000,000,000 | ---D | C] -- E:\Users\r.newson\AppData\Local\Mozilla
[2011/02/10 14:18:24 | 000,004,096 | ---- | C] ( ) -- E:\Windows\System32\IGFXDEVLib.dll
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/22 18:44:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/05/22 18:42:28 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 18:42:13 | 2358,259,712 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/22 14:32:10 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:24 | 000,014,240 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 14:02:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:01:22 | 000,733,666 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/05/22 14:01:22 | 000,693,808 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/05/22 14:01:22 | 000,159,292 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/05/22 14:01:22 | 000,134,936 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/05/22 13:57:41 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2013/05/22 13:57:28 | 000,000,031 | ---- | M] () -- E:\tmuninst.ini
[2013/05/22 10:32:26 | 002,250,054 | ---- | M] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:12 | 000,465,655 | ---- | M] () -- E:\ProgramData\1.jpg
[2013/05/22 10:22:01 | 000,095,744 | ---- | M] (Hilgraeve, Inc.) -- E:\ProgramData\DisplaySwitch.exe
[2013/05/22 02:52:18 | 000,139,873 | ---- | M] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/18 01:06:05 | 000,492,184 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/05/16 16:35:44 | 000,326,569 | ---- | M] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 01:40:28 | 000,001,062 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/16 01:04:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 01:04:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/11 02:56:42 | 000,001,119 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/06 15:38:35 | 009,742,839 | ---- | M] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/04/30 02:06:35 | 000,082,640 | ---- | M] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:06 | 000,725,866 | ---- | M] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[1 E:\Users\r.newson\Desktop\*.tmp files -> E:\Users\r.newson\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/22 10:32:26 | 002,250,054 | ---- | C] () -- E:\ProgramData\1.bmp
[2013/05/22 10:32:07 | 000,465,655 | ---- | C] () -- E:\ProgramData\1.jpg
[2013/05/22 02:52:16 | 000,139,873 | ---- | C] () -- E:\Users\r.newson\Desktop\NF BHV1 freie bestande.pdf
[2013/05/16 16:35:43 | 000,326,569 | ---- | C] () -- E:\Users\r.newson\Desktop\Carnival RZG.pdf
[2013/05/16 15:57:49 | 000,165,239 | R--- | C] () -- E:\Users\r.newson\Desktop\facebook_-1277089541.jpg
[2013/05/06 15:38:33 | 009,742,839 | ---- | C] () -- E:\Users\r.newson\Desktop\87nkIIlmUh7NiubCsfcT6e2Sw1367831810.pdf
[2013/04/30 02:06:35 | 000,082,640 | ---- | C] () -- E:\Users\r.newson\Desktop\IB CAN 000102327659 _Picolo.pdf
[2013/04/30 02:06:05 | 000,725,866 | ---- | C] () -- E:\Users\r.newson\Desktop\karsten Heesch.pdf
[2012/07/08 04:49:11 | 000,000,848 | ---- | C] () -- E:\Windows\Brpfx04a.ini
[2012/07/08 04:49:11 | 000,000,163 | ---- | C] () -- E:\Windows\brpcfx.ini
[2012/07/08 04:48:55 | 000,106,496 | ---- | C] () -- E:\Windows\System32\BrMuSNMP.dll
[2012/07/08 04:48:55 | 000,000,066 | ---- | C] () -- E:\Windows\Brfaxrx.ini
[2012/07/08 04:48:55 | 000,000,000 | ---- | C] () -- E:\Windows\brdfxspd.dat
[2012/06/21 03:24:45 | 000,000,432 | ---- | C] () -- E:\Windows\BRWMARK.INI
[2012/06/21 03:24:45 | 000,000,065 | ---- | C] () -- E:\Windows\System32\BD7320.DAT
[2012/06/18 11:38:22 | 000,000,096 | ---- | C] () -- E:\Users\r.newson\AppData\Local\fusioncache.dat
[2011/08/02 08:40:58 | 000,252,928 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2011/06/10 00:34:52 | 000,080,416 | ---- | C] () -- E:\Windows\System32\RtNicProp32.dll
[2011/04/23 08:22:01 | 000,000,100 | ---- | C] () -- E:\Users\c.proebsting\AppData\Local\fusioncache.dat
[2011/02/10 14:18:25 | 000,870,560 | ---- | C] () -- E:\Windows\System32\igkrng575.bin
[2011/02/10 14:18:25 | 000,208,896 | ---- | C] () -- E:\Windows\System32\iglhsip32.dll
[2011/02/10 14:18:25 | 000,143,360 | ---- | C] () -- E:\Windows\System32\iglhcp32.dll
[2011/02/10 14:18:24 | 000,104,796 | ---- | C] () -- E:\Windows\System32\igfcg575m.bin
[2011/02/10 14:18:22 | 000,127,868 | ---- | C] () -- E:\Windows\System32\igcompkrng575.bin
[2011/02/10 14:18:22 | 000,000,151 | ---- | C] () -- E:\Windows\System32\GfxUI.exe.config
[2011/02/10 12:48:01 | 000,006,656 | ---- | C] () -- E:\Windows\System32\bcmwlrc.dll
[2009/07/14 04:47:43 | 000,733,666 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,159,292 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,492,184 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,693,808 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,134,936 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
[2005/12/21 11:57:36 | 000,139,264 | ---- | C] () -- E:\Windows\System32\nsldap32v50.dll
[2005/12/21 11:57:04 | 000,024,576 | ---- | C] () -- E:\Windows\System32\nsldappr32v50.dll
[2005/12/21 11:54:34 | 000,040,960 | ---- | C] () -- E:\Windows\System32\nsldapssl32v50.dll
[2005/01/17 01:10:16 | 000,045,056 | ---- | C] () -- E:\Windows\System32\BRTCPCON.DLL
[2004/08/09 01:00:42 | 000,000,114 | ---- | C] () -- E:\Windows\System32\BRLMW03A.INI
 
========== LOP Check ==========
 
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/02/02 07:32:24 | 000,000,000 | ---D | M] -- E:\ProgramData\Ask
[2011/03/19 06:52:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/09/16 03:56:39 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJMyPrinter
[2013/05/06 05:49:39 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJPLM
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/11/08 04:20:44 | 000,000,000 | ---D | M] -- E:\ProgramData\LSMilchkuh
[2011/12/19 05:50:06 | 000,000,000 | ---D | M] -- E:\ProgramData\PCDr
[2011/02/10 12:58:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PhotoShow Shared Assets
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2011/02/10 12:51:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/02/10 12:59:21 | 000,000,000 | ---D | M] -- E:\ProgramData\Uninstall
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/05/22 15:10:00 | 000,000,564 | ---- | M] () -- E:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/18 10:16:35 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2013/05/22 16:25:00 | 000,000,506 | ---- | M] () -- E:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012/06/18 11:27:22 | 000,000,000 | -HSD | M] -- E:\$Recycle.Bin
[2011/02/10 12:43:14 | 000,000,000 | ---D | M] -- E:\Apps
[2013/03/18 10:06:32 | 000,000,000 | ---D | M] -- E:\backup
[2013/05/16 01:10:25 | 000,000,000 | -HSD | M] -- E:\Config.Msi
[2011/03/01 04:50:30 | 000,000,000 | ---D | M] -- E:\dell
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2011/02/10 14:18:51 | 000,000,000 | ---D | M] -- E:\Drivers
[2011/02/10 05:37:10 | 000,000,000 | ---D | M] -- E:\Intel
[2012/06/22 02:59:05 | 000,000,000 | ---D | M] -- E:\Logs
[2012/03/26 08:13:31 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2012/12/17 16:26:37 | 000,000,000 | ---D | M] -- E:\NMP_Backup
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2013/05/14 09:27:56 | 000,000,000 | R--D | M] -- E:\Program Files
[2013/05/22 10:32:26 | 000,000,000 | -H-D | M] -- E:\ProgramData
[2011/02/28 12:28:23 | 000,000,000 | -HSD | M] -- E:\Programme
[2013/05/23 11:49:59 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2013/03/18 10:11:19 | 000,000,000 | ---D | M] -- E:\Ruby193
[2013/03/18 10:08:34 | 000,000,000 | ---D | M] -- E:\SilentHerdsman
[2013/03/18 10:11:53 | 000,000,000 | ---D | M] -- E:\SilentHerdsmanInstaller-2.7.7.0
[2013/05/20 06:31:06 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2013/03/18 10:11:50 | 000,000,000 | R--D | M] -- E:\Users
[2011/03/04 03:15:47 | 000,000,000 | ---D | M] -- E:\VIT
[2013/02/27 22:06:03 | 000,000,000 | ---D | M] -- E:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\drivers\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010/03/04 14:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- E:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 01:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\System32\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 01:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- E:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\System32\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\System32\user32.dll
[2010/11/20 08:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- E:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- E:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- E:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/11/20 08:19:02 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\fontext.dll
[2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
--- --- ---

Antwort

Themen zu gvu trojaner
deutsch, guten, gvu bka trojaner, gvu trojaner, hoffe, minute, nichts, rechner, sperrbildschirm bundespolizei, sperrung, stunde, super, troja, trojane, trojaner



Zum Thema gvu trojaner - Guten Tag, Erstmals, mein Deutsch ist nicht super, aber hoffentlich passt. Zweitens, ich habe seit ein paar Stunde die GVU Trojaner, und kann nichts mehr mit mein Rechner machen. Ich - gvu trojaner...
Archiv
Du betrachtest: gvu trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.