Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wegen GVU Trojaner kein Zugriff mehr auf meinen PC möglich (https://www.trojaner-board.de/135778-wegen-gvu-trojaner-kein-zugriff-mehr-meinen-pc-moeglich.html)

AnWe 30.05.2013 09:51
Wegen GVU Trojaner kein Zugriff mehr auf meinen PC möglich
 
Hallo und guten Morgen,
nach Rückkehr von einer Reise hat mir mein lieber Ehemann "gebeichtet", dass auf unserem PC ein Virus ist. Es handelt sich hierbei um den GVU Trojaner, und ich habe jetzt leider keinen Zugang mehr zu meinen Daten. Da ich es leider versäumt habe, meine Daten zu sichern kann ich ja auch leider nicht formatieren und neu aufsetzen.
Könnt ihr mir bitte helfen, den Trojaner zu entfernen? Ich arbeite mit Windows 7 home. Was kann/soll ich tun?
Vielen Dank im voraus für eine Antwort.

Liebe Grüße
Anna

markusg 30.05.2013 10:28
Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

AnWe 30.05.2013 11:09
Hallo Markus,
verstehe ich das richtig? Die Anweisungen, die du mir gegeben hast beziehen sich alle auf den zweiten PC? Das heißt, auch das Booten von CD soll auf diesem zweiten PC (der nicht infiziert ist) erfolgen?

markusg 30.05.2013 11:50
ne, das booten natürlich nicht, nur das brennen, Logfiles von nem sauberen PC machen ja nich so viel Sinn :-)

AnWe 30.05.2013 13:51
Hallo Markus,
ich hoffe, dass ich beim Brennen der CD alles richtig gemacht habe...

Der infizierte Rechner ist von CD gestartet, der REATOGO_X-PE Desktop wurde angezeigt, aber dann kommt folgende Meldung:

[CODE]File VMSCSI.SY_ caused an unexpected error (4096 at line 3540 in d:\xpsprtm\base\boot\setup\setup.c.
Press any key to continue.
[CODE]

Nach Drücken einer beliebigen Taste heißt es dann:
Setup failed

markusg 30.05.2013 13:53
läuft die cd denn auf nem andern pc?

AnWe 30.05.2013 14:53
Nee, leider nicht. Auch hier die Meldung: File VMSCSI.SY_ is corrupted...???

markusg 30.05.2013 16:28
dann noch mal brennen auf langsamster Stufe.
oder gucken ob die cd dreckig isb

AnWe 30.05.2013 19:27
Oje, nach 3 Versuchen läuft die CD endlich.... REATOGO_X_PE läuft, aber leider ohne Maus.
Und ich kenne nicht alle Tastaturbelegungen. Es kann also noch etwas dauern bis ich mich durchgewurstelt habe - oder kennst du da einen guten Weg???????

So, jetzt habe ich endlich die OTL Logdatei, kann sie aber nicht posten. Eure Webseite stürzt ab, 2x unter Chrome, 1x unter IE. Die Datei ist ja sehr groß. Was mache ich falsch?

markusg 30.05.2013 20:57
evtl. auf 2 posts teilen.

AnWe 30.05.2013 21:41
Das geht leider auch nicht. Ich habe jetzt mal etwa die Hälfte der Logdatei kopiert. Beim Posten erhalte ich dann die Meldung, dass ich zu viele Zeichen habe (über 500.000 für die Hälfte der Logdatei!) und dass nur maximal 120.000 Zeichen erlaubt sind ???

markusg 30.05.2013 21:42
dann packen und anhängen bitte

AnWe 30.05.2013 22:02
Okay, dann als Anhang :-)

markusg 30.05.2013 22:09
Hi
wenn man das Scandatum von 30 tage auf all umstellt ists ja auch kein Wunder...
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Anni_Wedel_ON_E..\Run: [Sysyem Cleaner] E:\Users\Anni Wedel\AppData\Local\Temp\0.28321502508128926.bfg (EA Swiss-Digital LLC)
O4 - HKU\Anni_Wedel_ON_E..\Run: [ctfmon.exe] E:\ProgramData\bwhr.dat (Microsoft Corporation)
[2013/05/30 08:28:00 | 095,023,320 | ---- | M] () -- E:\ProgramData\rhwb.pad
[2013/05/11 16:03:51 | 000,002,584 | ---- | C] () -- E:\ProgramData\rhwb.js
[2013/05/11 16:00:05 | 000,001,031 | ---- | C] () -- E:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/11 15:59:36 | 000,000,150 | ---- | C] () -- E:\ProgramData\rhwb.reg
[2013/05/11 15:59:36 | 000,000,054 | ---- | C] () -- E:\ProgramData\rhwb.bat
[2013/05/11 15:59:35 | 095,023,320 | ---- | C] () -- E:\ProgramData\rhwb.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

AnWe 31.05.2013 21:25
Hallo Markus,
Ich habe jetzt im Moment auch mit dem anderen PC meine Probleme. melde mich baldmöglichst. Danke!

markusg 02.06.2013 12:43
Ok gib dann einfach bescheid

AnWe 03.06.2013 19:02
Hallo Markus,
so, nun bin ich wieder da. Und ich hatte richtig was zu tun. Den fix.txt konnte nicht laden lassen sondern musste ihn manuell eingeben. Und das ohne funktionierende Maus, mit amerikanischer Tastatur :-(. Drei Versuche habe ich gebraucht, also auch 3 Logdateien erzeugt. Und die kann ich dir jetzt nicht als Upload schicken, weil mein Antivir meldet, dass die Datei den Virus js/Agent.48412 enthält. Der USB-Stick mit der
n Movedfiles steckt jetzt übrigens im sauberen PC. Ich hoffe, das richtet keinen Schaden an???
Denn vom meinem infizierten PC kann ich leider nicht uploaden. Der PC startet und es kommt die Meldung:Die Datei 0.28321502508128926 kann nicht geöffnet werden. Dann sehe ich kurz den Windows Bildschirm und kurz darauf den GVU Virus.

Im abgesicherten Modus kann ich übrigens starten!
LG Anna

markusg 03.06.2013 19:26
das macht nichts, ok poste noch mal ein neues OTL Log

AnWe 03.06.2013 20:03
Ok, dann nochmal die OTL.txt:
Code:
OTL logfile created on: 6/4/2013 3:48:05 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.32 Mb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.69 Gb Free Space | 89.89% Space Free | Partition Type: FAT
Drive F: | 453.54 Gb Total Space | 387.81 Gb Free Space | 85.51% Space Free | Partition Type: NTFS
Drive G: | 12.12 Gb Total Space | 1.71 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive H: | 1.90 Gb Total Space | 0.00 Gb Free Space | 0.10% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/16 12:07:14 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto] -- F:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/16 08:59:40 | 004,072,216 | ---- | M] () [Auto] -- F:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/02/04 11:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand] -- F:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/28 10:43:10 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/19 13:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- F:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- F:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 09:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- F:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 07:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- F:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/16 12:06:54 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- F:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/12/27 15:38:37 | 000,303,616 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/12/27 15:38:36 | 000,035,328 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/08/17 05:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 05:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/05/07 11:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- F:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/02/25 18:00:18 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/02/25 18:00:18 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/02/25 18:00:18 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010/02/20 13:20:05 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/08/11 11:19:18 | 000,084,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/05 18:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 13:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/16 06:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 06:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 06:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 06:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 06:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anni_Wedel_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Anni_Wedel_ON_F\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - Reg Error: Key error. File not found
IE - HKU\Anni_Wedel_ON_F\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found
IE - HKU\Anni_Wedel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: ffxtlbr@zonealarm.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: F:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: F:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: F:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/04/07 03:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/03/29 01:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 15:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 07:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/17 15:25:41 | 000,000,000 | ---D | M]
 
[2010/11/30 06:31:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Extensions
[2013/05/27 03:56:29 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\extensions
[2012/03/29 01:52:07 | 000,000,000 | ---D | M] (Zonealarm.com) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\extensions\ffxtlbr@zonealarm.com
[2011/12/05 12:26:54 | 000,000,939 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\searchplugins\conduit.xml
[2012/06/16 07:52:18 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/09 07:58:53 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/28 13:15:42 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 15:53:59 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 13:44:30 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 05:28:41 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/06/16 07:52:18 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/07/31 16:40:24 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/07/31 16:40:24 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/07/31 16:40:24 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/07/31 16:40:24 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/07/31 16:40:24 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - F:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - F:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - F:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - F:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - F:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - F:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O3:64bit: - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [IntelliPoint] F:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ISW] F:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer]  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Remote Solution] F:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] F:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDFPrint] F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ZoneAlarm] F:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\Anni_Wedel_ON_F..\Run: [ctfmon.exe] F:\ProgramData\bwhr.dat (Microsoft Corporation)
O4 - HKU\Anni_Wedel_ON_F..\Run: [EPSON BX525WD Series]  File not found
O4 - HKU\Anni_Wedel_ON_F..\Run: [Sony PC Companion] F:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\Anni_Wedel_ON_F..\Run: [Sysyem Cleaner] F:\Users\Anni Wedel\AppData\Local\Temp\0.28321502508128926.bfg (EA Swiss-Digital LLC)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\Anni_Wedel_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\Anni_Wedel_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: ezSharedSvc - F:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/03 12:10:27 | 000,000,000 | ---D | C] -- F:\_OTL
[2013/05/16 04:23:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/16 04:23:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/16 04:23:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/16 04:23:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/16 04:23:04 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/16 04:23:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/16 04:23:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/16 04:23:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/16 04:23:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 04:23:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/16 04:23:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/16 04:23:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/16 04:23:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/16 04:23:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/16 04:23:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/16 04:23:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/16 04:23:01 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/16 03:24:08 | 000,265,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/16 03:24:08 | 000,144,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdd.dll
[2013/05/16 03:23:52 | 001,930,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/16 03:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\shdocvw.dll
[2013/05/16 03:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\authui.dll
[2013/05/16 03:23:51 | 000,111,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/05/11 15:59:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\bwhr.dat
[2013/05/11 15:59:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/05/05 13:54:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/14 12:40:49 | 000,102,400 | ---- | C] ( ) -- F:\Windows\SysWow64\bclnap.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 19:50:48 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/06/03 19:50:45 | 095,023,320 | ---- | M] () -- F:\ProgramData\rhwb.pad
[2013/06/03 19:50:29 | 000,001,114 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 19:50:01 | 3220,676,608 | -HS- | M] () -- F:\hiberfil.sys
[2013/06/03 16:53:14 | 000,643,628 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/06/03 16:53:14 | 000,606,992 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/06/03 16:53:14 | 000,126,188 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/06/03 16:53:14 | 000,103,370 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/06/03 13:41:12 | 000,015,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 13:41:12 | 000,015,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 13:39:12 | 000,002,584 | ---- | M] () -- F:\ProgramData\rhwb.js
[2013/06/03 13:39:12 | 000,000,150 | ---- | M] () -- F:\ProgramData\rhwb.reg
[2013/06/03 13:39:12 | 000,000,054 | ---- | M] () -- F:\ProgramData\rhwb.bat
[2013/05/31 09:00:00 | 000,001,118 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 13:00:41 | 000,002,149 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/16 07:12:27 | 000,354,248 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/11 16:00:05 | 000,001,031 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/11 15:59:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\bwhr.dat
[2013/05/11 15:59:13 | 000,044,544 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/05/07 00:56:51 | 000,002,249 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/06 02:56:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/05 13:54:03 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/05 13:54:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/03 13:39:12 | 000,002,584 | ---- | C] () -- F:\ProgramData\rhwb.js
[2013/06/03 13:39:12 | 000,000,150 | ---- | C] () -- F:\ProgramData\rhwb.reg
[2013/06/03 13:39:12 | 000,000,054 | ---- | C] () -- F:\ProgramData\rhwb.bat
[2013/06/03 13:38:58 | 095,023,320 | ---- | C] () -- F:\ProgramData\rhwb.pad
[2013/05/11 16:00:05 | 000,001,031 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/05 13:54:20 | 000,002,249 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/05 13:54:20 | 000,002,149 | ---- | C] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/14 12:40:48 | 003,256,320 | ---- | C] () -- F:\Windows\SysWow64\beconvlib.dll
[2012/11/14 12:40:48 | 000,299,008 | ---- | C] () -- F:\Windows\SysWow64\bprgcomm.dll
[2012/11/14 12:40:48 | 000,221,184 | ---- | C] () -- F:\Windows\SysWow64\SII_PDF.dll
[2012/11/14 12:40:48 | 000,131,072 | ---- | C] () -- F:\Windows\SysWow64\CSVSpecialProcessing.dll
[2012/11/14 12:40:48 | 000,102,400 | ---- | C] () -- F:\Windows\SysWow64\SARzilla.dll
[2012/11/14 12:40:48 | 000,098,304 | ---- | C] () -- F:\Windows\SysWow64\DVM.dll
[2012/11/14 12:40:48 | 000,053,248 | ---- | C] () -- F:\Windows\SysWow64\RegisterExe.exe
[2012/05/21 04:40:15 | 000,003,395 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Local\recently-used.xbel
[2011/05/25 06:09:13 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/01 05:44:01 | 000,554,496 | ---- | C] () -- F:\Windows\SysWow64\dvmsg.dll
[2011/02/23 12:11:38 | 000,000,033 | ---- | C] () -- F:\Windows\ROBOCHAL.INI
[2011/02/07 08:03:10 | 000,006,144 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 06:21:22 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/04/11 09:53:16 | 000,004,096 | ---- | C] () -- F:\Windows\d3dx.dat
[2010/02/21 12:52:25 | 000,000,032 | ---- | C] () -- F:\Windows\Menu.INI
[2010/02/20 13:51:27 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/01/06 13:08:47 | 000,009,868 | ---- | C] () -- F:\Windows\SysWow64\ezdigsgn.dat
[2009/09/29 10:25:16 | 000,013,312 | ---- | C] () -- F:\Windows\LPRES.DLL
[2009/08/02 19:21:54 | 000,197,912 | ---- | C] () -- F:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 19:21:52 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 19:21:52 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/04/22 04:44:26 | 000,000,000 | ---D | M] -- F:\ProgramData\1912 Titanic Mystery
[2010/04/26 08:03:39 | 000,000,000 | ---D | M] -- F:\ProgramData\Absolutist
[2010/04/15 14:18:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Alawar Entertainment
[2010/11/12 15:01:13 | 000,000,000 | ---D | M] -- F:\ProgramData\Alawar Stargaze
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/03/16 14:49:56 | 000,000,000 | ---D | M] -- F:\ProgramData\Arcade Lab
[2010/05/12 09:42:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Awem
[2011/02/03 17:14:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BOONTY
[2010/02/25 18:08:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BVRP Software
[2010/02/21 09:34:26 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2010/04/28 08:02:33 | 000,000,000 | ---D | M] -- F:\ProgramData\CheckPoint
[2012/09/17 14:22:36 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2010/05/06 08:12:38 | 000,000,000 | ---D | M] -- F:\ProgramData\Deadtime Stories
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/11/28 12:45:16 | 000,000,000 | ---D | M] -- F:\ProgramData\eBay
[2011/03/17 05:39:48 | 000,000,000 | ---D | M] -- F:\ProgramData\elsterformular
[2011/05/31 14:23:01 | 000,000,000 | ---D | M] -- F:\ProgramData\EPSON
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/04/19 16:45:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Flood Light Games
[2010/07/12 13:44:51 | 000,000,000 | ---D | M] -- F:\ProgramData\Floodlight Games
[2010/03/17 08:29:25 | 000,000,000 | ---D | M] -- F:\ProgramData\GameHouse
[2011/11/16 03:50:36 | 000,000,000 | ---D | M] -- F:\ProgramData\Intenium
[2010/03/23 11:44:07 | 000,000,000 | ---D | M] -- F:\ProgramData\IronCode
[2010/04/11 17:42:04 | 000,000,000 | ---D | M] -- F:\ProgramData\Meridian93
[2010/03/28 16:30:59 | 000,000,000 | ---D | M] -- F:\ProgramData\Merscom
[2010/07/04 10:29:11 | 000,000,000 | ---D | M] -- F:\ProgramData\MonteCristo
[2010/08/18 15:48:06 | 000,000,000 | ---D | M] -- F:\ProgramData\MumboJumbo
[2010/03/28 15:21:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Nevosoft
[2010/05/26 02:07:50 | 000,000,000 | ---D | M] -- F:\ProgramData\PlayFirst
[2010/04/04 07:37:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Recovery
[2010/03/28 16:09:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Rumbic Studio
[2012/03/29 01:50:04 | 000,000,000 | ---D | M] -- F:\ProgramData\Sony
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/05/30 08:00:28 | 000,000,000 | ---D | M] -- F:\ProgramData\SugarGames
[2010/03/29 16:36:37 | 000,000,000 | ---D | M] -- F:\ProgramData\SZ
[2012/09/17 14:56:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/03/27 14:05:19 | 000,000,000 | ---D | M] -- F:\ProgramData\The Mirror Mysteries
[2013/03/24 10:38:18 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2011/05/31 14:20:27 | 000,000,000 | ---D | M] -- F:\ProgramData\UDL
[2010/04/14 07:56:08 | 000,000,000 | ---D | M] -- F:\ProgramData\Valusoft
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2011/01/14 13:18:16 | 000,000,000 | ---D | M] -- F:\ProgramData\WildTangent
[2012/11/13 08:09:19 | 000,000,000 | ---D | M] -- F:\ProgramData\WinZip
[2012/01/05 13:50:36 | 000,000,000 | ---D | M] -- F:\ProgramData\Zylom
[2013/03/24 10:46:00 | 000,000,000 | -HSD | M] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/03/24 10:46:00 | 000,000,000 | ---D | M] -- F:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
[2013/03/24 10:46:00 | 000,000,000 | ---D | M] -- F:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2013/03/24 10:46:00 | 000,000,000 | -H-D | M] -- F:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
[2013/03/24 10:46:01 | 000,000,000 | ---D | M] -- F:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[2013/03/24 10:46:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/24 10:46:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/05/25 06:44:31 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/02/20 12:52:02 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2010/05/31 04:16:31 | 000,000,000 | -H-D | M] -- F:\hp
[2011/05/25 10:58:39 | 000,000,000 | ---D | M] -- F:\Motherboard
[2010/02/20 14:19:39 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2011/02/11 02:46:37 | 000,000,000 | R--D | M] -- F:\NonVista
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2013/04/14 07:42:49 | 000,000,000 | R--D | M] -- F:\Program Files
[2013/05/12 14:02:10 | 000,000,000 | ---D | M] -- F:\Program Files (x86)
[2013/06/03 19:50:45 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\Programme
[2013/05/31 03:14:06 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/12/10 03:45:04 | 000,000,000 | ---D | M] -- F:\temp
[2011/05/09 15:32:34 | 000,000,000 | ---D | M] -- F:\UnZipper
[2012/12/10 03:45:52 | 000,000,000 | R--D | M] -- F:\Users
[2013/06/04 00:20:33 | 000,000,000 | ---D | M] -- F:\Windows
[2013/06/03 12:10:27 | 000,000,000 | ---D | M] -- F:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 16:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- F:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 161 bytes -> F:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 148 bytes -> F:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 139 bytes -> F:\ProgramData\Temp:7631EA83
< End of report >

markusg 03.06.2013 20:09
teste mal, ob du unter otl mit shift+alt das tastaturlayout wieder auf deutsch bekommst.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - Startup: F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ()
O4 - HKU\Anni_Wedel_ON_F..\Run: [Sysyem Cleaner] F:\Users\Anni Wedel\AppData\Local\Temp\0.28321502508128926.bfg (EA Swiss-Digital LLC)
O4 - HKU\Anni_Wedel_ON_F..\Run: [ctfmon.exe] F:\ProgramData\bwhr.dat (Microsoft Corporation)
[2013/06/03 19:50:45 | 095,023,320 | ---- | M] () -- F:\ProgramData\rhwb.pad
[2013/06/03 13:39:12 | 000,002,584 | ---- | M] () -- F:\ProgramData\rhwb.js
[2013/06/03 13:39:12 | 000,000,150 | ---- | M] () -- F:\ProgramData\rhwb.reg
[2013/05/11 15:59:13 | 000,044,544 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

AnWe 03.06.2013 21:11
Der PC startet leider nicht neu. Anbei die Logdatei:
Code:
========== OTL ==========
F:\ProgramData\rhwb.pad moved successfully.
F:\ProgramData\rhwb.js moved successfully.
F:\ProgramData\rhwb.reg moved successfully.
File 13/05/11 15:59:13 | 000,044,544 | ---- | M] (Microsoft Corporation) -- not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Anni Wedel
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Anni Wedel
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1206740 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Total Files Cleaned = 1.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06042013_050649

markusg 03.06.2013 21:14
dann mal manuell neustartenb

AnWe 03.06.2013 21:20
Genau das gleiche wie vorher: Meldung, die Datei 0.28321502508128926 kann nicht geöffnet werden, dann der Bildschirm GVU :-(

markusg 03.06.2013 21:23
hmm noch mal scannen wie folgt:
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• setze den haken bei "Automatically Load All Remaining Users" wenn er nicht gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

AnWe 03.06.2013 21:42
Hallo,
OTL startet nun nicht mehr. Es kommt die Meldung: File\i386\system32\c_1252.nls could not be loaded. The error code is 4096

Hab den PC 2mal neu gestartet. Immer das gleiche Ergebnis. Und nun?

Nachsatz: Ich melde mich gleich nochmal. PC ist nun doch gestartet...

Anbei die neueste Logdatei:
Code:
OTL logfile created on: 6/4/2013 7:06:51 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.32 Mb Free Space | 74.32% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.69 Gb Free Space | 89.88% Space Free | Partition Type: FAT
Drive F: | 453.54 Gb Total Space | 387.71 Gb Free Space | 85.49% Space Free | Partition Type: NTFS
Drive G: | 12.12 Gb Total Space | 1.71 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/16 12:07:14 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto] -- F:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/16 08:59:40 | 004,072,216 | ---- | M] () [Auto] -- F:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- F:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/02/04 11:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand] -- F:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/28 10:43:10 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/19 13:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- F:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- F:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 09:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- F:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 07:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- F:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/16 12:06:54 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- F:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/12/27 15:38:37 | 000,303,616 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/12/27 15:38:36 | 000,035,328 | ---- | M] () [Kernel | Auto] -- F:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/08/17 05:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/17 05:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/05/07 11:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- F:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/02/25 18:00:18 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/02/25 18:00:18 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/02/25 18:00:18 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010/02/20 13:20:05 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/08/11 11:19:18 | 000,084,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/05 18:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 13:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/05/16 06:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 06:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/16 06:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008/05/16 06:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV:64bit: - [2008/05/16 06:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 06:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anni_Wedel_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Anni_Wedel_ON_F\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - Reg Error: Key error. File not found
IE - HKU\Anni_Wedel_ON_F\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - Reg Error: Key error. File not found
IE - HKU\Anni_Wedel_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\UpdatusUser_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: ffxtlbr@zonealarm.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: F:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: F:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: F:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: F:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/04/07 03:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/03/29 01:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 15:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 07:52:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/17 15:25:41 | 000,000,000 | ---D | M]
 
[2010/11/30 06:31:58 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Extensions
[2013/05/27 03:56:29 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\extensions
[2012/03/29 01:52:07 | 000,000,000 | ---D | M] (Zonealarm.com) -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\extensions\ffxtlbr@zonealarm.com
[2011/12/05 12:26:54 | 000,000,939 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Mozilla\Firefox\Profiles\33wlloiw.default\searchplugins\conduit.xml
[2012/06/16 07:52:18 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/09 07:58:53 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/28 13:15:42 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/06 15:53:59 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/08 13:44:30 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/19 05:28:41 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/06/16 07:52:18 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/07/31 16:40:24 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/07/31 16:40:24 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/07/31 16:40:24 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/07/31 16:40:24 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/07/31 16:40:24 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - F:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - F:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - F:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - F:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - F:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - F:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - F:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.)
O3:64bit: - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Anni_Wedel_ON_F\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - F:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [IntelliPoint] F:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ISW] F:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer]  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Remote Solution] F:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] F:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDFPrint] F:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ZoneAlarm] F:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\Anni_Wedel_ON_F..\Run: [ctfmon.exe] F:\ProgramData\bwhr.dat (Microsoft Corporation)
O4 - HKU\Anni_Wedel_ON_F..\Run: [EPSON BX525WD Series]  File not found
O4 - HKU\Anni_Wedel_ON_F..\Run: [Sony PC Companion] F:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\Anni_Wedel_ON_F..\Run: [Sysyem Cleaner] F:\Users\Anni Wedel\AppData\Local\Temp\0.28321502508128926.bfg (EA Swiss-Digital LLC)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin]  File not found
O4 - Startup: F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\Anni_Wedel_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\Anni_Wedel_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: ezSharedSvc - F:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/03 12:10:27 | 000,000,000 | ---D | C] -- F:\_OTL
[2013/05/16 04:23:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\ieui.dll
[2013/05/16 04:23:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/05/16 04:23:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/05/16 04:23:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/05/16 04:23:04 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\msfeeds.dll
[2013/05/16 04:23:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/05/16 04:23:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesysprep.dll
[2013/05/16 04:23:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/16 04:23:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/16 04:23:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/05/16 04:23:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iesetup.dll
[2013/05/16 04:23:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/05/16 04:23:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\iernonce.dll
[2013/05/16 04:23:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/05/16 04:23:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/05/16 04:23:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript.dll
[2013/05/16 04:23:01 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\jscript9.dll
[2013/05/16 03:24:08 | 000,265,064 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\drivers\dxgmms1.sys
[2013/05/16 03:24:08 | 000,144,384 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\cdd.dll
[2013/05/16 03:23:52 | 001,930,752 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\authui.dll
[2013/05/16 03:23:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\shdocvw.dll
[2013/05/16 03:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- F:\Windows\SysWow64\authui.dll
[2013/05/16 03:23:51 | 000,111,448 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\consent.exe
[2013/05/11 15:59:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\bwhr.dat
[2013/05/11 15:59:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/05/05 13:54:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/14 12:40:49 | 000,102,400 | ---- | C] ( ) -- F:\Windows\SysWow64\bclnap.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 23:19:10 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/06/03 23:19:03 | 095,023,320 | ---- | M] () -- F:\ProgramData\rhwb.pad
[2013/06/03 23:17:30 | 000,002,584 | ---- | M] () -- F:\ProgramData\rhwb.js
[2013/06/03 23:17:30 | 000,000,150 | ---- | M] () -- F:\ProgramData\rhwb.reg
[2013/06/03 23:17:03 | 000,001,114 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 23:16:42 | 3220,676,608 | -HS- | M] () -- F:\hiberfil.sys
[2013/06/03 16:53:14 | 000,643,628 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/06/03 16:53:14 | 000,606,992 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/06/03 16:53:14 | 000,126,188 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/06/03 16:53:14 | 000,103,370 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/06/03 13:41:12 | 000,015,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 13:41:12 | 000,015,568 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 13:39:12 | 000,000,054 | ---- | M] () -- F:\ProgramData\rhwb.bat
[2013/05/31 09:00:00 | 000,001,118 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 13:00:41 | 000,002,149 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/16 07:12:27 | 000,354,248 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/05/11 16:00:05 | 000,001,031 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/11 15:59:13 | 000,118,784 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\bwhr.dat
[2013/05/11 15:59:13 | 000,044,544 | ---- | M] (Microsoft Corporation) -- F:\ProgramData\rundll32.exe
[2013/05/07 00:56:51 | 000,002,249 | ---- | M] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/06 02:56:35 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/05 13:54:03 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/05 13:54:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/03 23:17:30 | 000,002,584 | ---- | C] () -- F:\ProgramData\rhwb.js
[2013/06/03 23:17:30 | 000,000,150 | ---- | C] () -- F:\ProgramData\rhwb.reg
[2013/06/03 23:17:21 | 095,023,320 | ---- | C] () -- F:\ProgramData\rhwb.pad
[2013/06/03 13:39:12 | 000,000,054 | ---- | C] () -- F:\ProgramData\rhwb.bat
[2013/05/11 16:00:05 | 000,001,031 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/05 13:54:20 | 000,002,249 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/05 13:54:20 | 000,002,149 | ---- | C] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/14 12:40:48 | 003,256,320 | ---- | C] () -- F:\Windows\SysWow64\beconvlib.dll
[2012/11/14 12:40:48 | 000,299,008 | ---- | C] () -- F:\Windows\SysWow64\bprgcomm.dll
[2012/11/14 12:40:48 | 000,221,184 | ---- | C] () -- F:\Windows\SysWow64\SII_PDF.dll
[2012/11/14 12:40:48 | 000,131,072 | ---- | C] () -- F:\Windows\SysWow64\CSVSpecialProcessing.dll
[2012/11/14 12:40:48 | 000,102,400 | ---- | C] () -- F:\Windows\SysWow64\SARzilla.dll
[2012/11/14 12:40:48 | 000,098,304 | ---- | C] () -- F:\Windows\SysWow64\DVM.dll
[2012/11/14 12:40:48 | 000,053,248 | ---- | C] () -- F:\Windows\SysWow64\RegisterExe.exe
[2012/05/21 04:40:15 | 000,003,395 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Local\recently-used.xbel
[2011/05/25 06:09:13 | 000,252,928 | ---- | C] () -- F:\Windows\SysWow64\DShowRdpFilter.dll
[2011/05/01 05:44:01 | 000,554,496 | ---- | C] () -- F:\Windows\SysWow64\dvmsg.dll
[2011/02/23 12:11:38 | 000,000,033 | ---- | C] () -- F:\Windows\ROBOCHAL.INI
[2011/02/07 08:03:10 | 000,006,144 | ---- | C] () -- F:\Users\Anni Wedel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/30 06:21:22 | 000,000,000 | ---- | C] () -- F:\Windows\nsreg.dat
[2010/04/11 09:53:16 | 000,004,096 | ---- | C] () -- F:\Windows\d3dx.dat
[2010/02/21 12:52:25 | 000,000,032 | ---- | C] () -- F:\Windows\Menu.INI
[2010/02/20 13:51:27 | 000,000,056 | -H-- | C] () -- F:\Windows\SysWow64\ezsidmv.dat
[2010/01/06 13:08:47 | 000,009,868 | ---- | C] () -- F:\Windows\SysWow64\ezdigsgn.dat
[2009/09/29 10:25:16 | 000,013,312 | ---- | C] () -- F:\Windows\LPRES.DLL
[2009/08/02 19:21:54 | 000,197,912 | ---- | C] () -- F:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 19:21:54 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 19:21:52 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 19:21:52 | 000,058,648 | ---- | C] () -- F:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/04/22 04:44:26 | 000,000,000 | ---D | M] -- F:\ProgramData\1912 Titanic Mystery
[2010/04/26 08:03:39 | 000,000,000 | ---D | M] -- F:\ProgramData\Absolutist
[2010/04/15 14:18:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Alawar Entertainment
[2010/11/12 15:01:13 | 000,000,000 | ---D | M] -- F:\ProgramData\Alawar Stargaze
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/03/16 14:49:56 | 000,000,000 | ---D | M] -- F:\ProgramData\Arcade Lab
[2010/05/12 09:42:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Awem
[2011/02/03 17:14:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BOONTY
[2010/02/25 18:08:49 | 000,000,000 | ---D | M] -- F:\ProgramData\BVRP Software
[2010/02/21 09:34:26 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2010/04/28 08:02:33 | 000,000,000 | ---D | M] -- F:\ProgramData\CheckPoint
[2012/09/17 14:22:36 | 000,000,000 | -H-D | M] -- F:\ProgramData\Common Files
[2010/05/06 08:12:38 | 000,000,000 | ---D | M] -- F:\ProgramData\Deadtime Stories
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2011/11/28 12:45:16 | 000,000,000 | ---D | M] -- F:\ProgramData\eBay
[2011/03/17 05:39:48 | 000,000,000 | ---D | M] -- F:\ProgramData\elsterformular
[2011/05/31 14:23:01 | 000,000,000 | ---D | M] -- F:\ProgramData\EPSON
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2010/04/19 16:45:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Flood Light Games
[2010/07/12 13:44:51 | 000,000,000 | ---D | M] -- F:\ProgramData\Floodlight Games
[2010/03/17 08:29:25 | 000,000,000 | ---D | M] -- F:\ProgramData\GameHouse
[2011/11/16 03:50:36 | 000,000,000 | ---D | M] -- F:\ProgramData\Intenium
[2010/03/23 11:44:07 | 000,000,000 | ---D | M] -- F:\ProgramData\IronCode
[2010/04/11 17:42:04 | 000,000,000 | ---D | M] -- F:\ProgramData\Meridian93
[2010/03/28 16:30:59 | 000,000,000 | ---D | M] -- F:\ProgramData\Merscom
[2010/07/04 10:29:11 | 000,000,000 | ---D | M] -- F:\ProgramData\MonteCristo
[2010/08/18 15:48:06 | 000,000,000 | ---D | M] -- F:\ProgramData\MumboJumbo
[2010/03/28 15:21:37 | 000,000,000 | ---D | M] -- F:\ProgramData\Nevosoft
[2010/05/26 02:07:50 | 000,000,000 | ---D | M] -- F:\ProgramData\PlayFirst
[2010/04/04 07:37:31 | 000,000,000 | ---D | M] -- F:\ProgramData\Recovery
[2010/03/28 16:09:12 | 000,000,000 | ---D | M] -- F:\ProgramData\Rumbic Studio
[2012/03/29 01:50:04 | 000,000,000 | ---D | M] -- F:\ProgramData\Sony
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2010/05/30 08:00:28 | 000,000,000 | ---D | M] -- F:\ProgramData\SugarGames
[2010/03/29 16:36:37 | 000,000,000 | ---D | M] -- F:\ProgramData\SZ
[2012/09/17 14:56:02 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2010/03/27 14:05:19 | 000,000,000 | ---D | M] -- F:\ProgramData\The Mirror Mysteries
[2013/03/24 10:38:18 | 000,000,000 | ---D | M] -- F:\ProgramData\TuneUp Software
[2011/05/31 14:20:27 | 000,000,000 | ---D | M] -- F:\ProgramData\UDL
[2010/04/14 07:56:08 | 000,000,000 | ---D | M] -- F:\ProgramData\Valusoft
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2011/01/14 13:18:16 | 000,000,000 | ---D | M] -- F:\ProgramData\WildTangent
[2012/11/13 08:09:19 | 000,000,000 | ---D | M] -- F:\ProgramData\WinZip
[2012/01/05 13:50:36 | 000,000,000 | ---D | M] -- F:\ProgramData\Zylom
[2013/03/24 10:46:00 | 000,000,000 | -HSD | M] -- F:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/03/24 10:46:00 | 000,000,000 | ---D | M] -- F:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
[2013/03/24 10:46:00 | 000,000,000 | ---D | M] -- F:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2013/03/24 10:46:00 | 000,000,000 | -H-D | M] -- F:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
[2013/03/24 10:46:01 | 000,000,000 | ---D | M] -- F:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[2013/03/24 10:46:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/24 10:46:01 | 000,000,000 | -HSD | M] -- F:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/05/25 06:44:31 | 000,032,640 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/02/20 12:52:02 | 000,000,000 | -HSD | M] -- F:\$Recycle.Bin
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\Documents and Settings
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\Dokumente und Einstellungen
[2010/05/31 04:16:31 | 000,000,000 | -H-D | M] -- F:\hp
[2011/05/25 10:58:39 | 000,000,000 | ---D | M] -- F:\Motherboard
[2010/02/20 14:19:39 | 000,000,000 | RH-D | M] -- F:\MSOCache
[2011/02/11 02:46:37 | 000,000,000 | R--D | M] -- F:\NonVista
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- F:\PerfLogs
[2013/04/14 07:42:49 | 000,000,000 | R--D | M] -- F:\Program Files
[2013/05/12 14:02:10 | 000,000,000 | ---D | M] -- F:\Program Files (x86)
[2013/06/03 23:18:54 | 000,000,000 | -H-D | M] -- F:\ProgramData
[2010/02/20 12:48:03 | 000,000,000 | -HSD | M] -- F:\Programme
[2013/05/31 03:14:06 | 000,000,000 | -HSD | M] -- F:\System Volume Information
[2012/12/10 03:45:04 | 000,000,000 | ---D | M] -- F:\temp
[2011/05/09 15:32:34 | 000,000,000 | ---D | M] -- F:\UnZipper
[2012/12/10 03:45:52 | 000,000,000 | R--D | M] -- F:\Users
[2013/06/04 00:20:33 | 000,000,000 | ---D | M] -- F:\Windows
[2013/06/03 12:10:27 | 000,000,000 | ---D | M] -- F:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- F:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- F:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- F:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- F:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 16:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- F:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- F:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\System32\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- F:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- F:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- F:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\System32\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- F:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- F:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\System32\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- F:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\System32\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\System32\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- F:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 161 bytes -> F:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 148 bytes -> F:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 139 bytes -> F:\ProgramData\Temp:7631EA83
< End of report >

...aber ich bin verwirrt! Welche beiden Logs. Ich haabe nur eine ?

Gespeichert wurde in F:otl.txt

markusg 03.06.2013 22:26
hmm findet wieder das Selbe...
kannst du mal neustarten, f8 drücken und die Systemreperatur starten?b

AnWe 03.06.2013 22:45
Meinst du die Systemstartreparatur? Die habe ich jetzt 2mal laufen lassen. Ohne Erfolg :-(

Hallo Markus,
ich habe jetzt mal in Windows nach eine exe.Datei gesucht, die ungefähr zu dem Zeitpunkt erstellt oder geändert wurde, als der GVU Virus das erste Mal auf meinem PC auftauchte.
Ich finde da eine Datei DVStub.exe aus ca. Mitte Mai, mit der ich nichts anfangen kann. Es gibt wohl Querverweise zu Tobit Radio, mit dem ich auch nichts anfangen kann. Liegt da mein Problem begraben?
Bis bald
LG Anna

markusg 04.06.2013 11:18
nein.
ok dann retten wir daten und setzen neu auf.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

AnWe 04.06.2013 20:09
Guten Abend Markus :-)
Dieser Link ... forum.chip.de geht bei mir leider nicht. Was finde ich unter diesem Link?

Ich habe einen Fertig-PC von HP Compaq Presario CZXA01GB2K, auf der Restore-CD steht noch folgende Nummer 146.931 10449_0900Ej. Finde ich auf dieser CD Windows7?

Was ich auch noch ist ein Wiederherstellungsdatenträger.

Ich denke ich muss zuerst Daten sichern- brauche ich dazu den o. e. Link?
LG Anni

markusg 05.06.2013 12:06
genau, daten sichern von der Linux cd von oben.

AnWe 05.06.2013 20:55
Hallo Markus,
geht es etwas genauer bitte? ...wie ich schon sagte, der Link funktioniert nicht. Ich gehe ja gern selbst auf die Suche, aber dann bräuchte ich bitte einen Namen des Programms oder der Datei.
LG Anna

markusg 05.06.2013 22:08
Hi,
steht doch in post 28, der Link, der zu chip.de führtb
(ubuntu)b

AnWe 07.06.2013 22:41
Markus, wenn ich sage der Link funktioniert nicht...wie kann ich dann mit deiner Antwort was anfangen???? Ich benötige Hilfe für Laien nicht für Profis!!!!!!

markusg 08.06.2013 16:49
Hi, aber nu:
http://forum.chip.de/viren-trojaner-...c-1736596.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19