| |
| |||||||
Log-Analyse und Auswertung: Interpretation des Log-Files von OTLPE - GVU-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.01.2013, 02:42
| #1 |
| |  Interpretation des Log-Files von OTLPE - GVU-Trojaner Hallo liebes Trojaner-Board-Team, ich habe hier einen Rechner, der seit gestern vom GVU Trojaner befallen ist.
Ich habe bereits folgende CDs/Sticks ohne Erfolg laufen lassen, bevor ich endlich auf das erfolgreichere Trojaner-Board gestoßen bin:
Ich habe eine OTLPE CD gebrannt und bin dann nach folgender Anleitung vorgegangen: (analog zu http://www.trojaner-board.de/130200-...odus-geht.html )
Folgende Custom Scans habe ich in OTLPE eingefügt (später am Ende des Posts aber auch nochmal ohne Custom Scans!), laut http://www.trojaner-board.de/130271-...virus-los.html Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
Code:
ATTFilter OTL logfile created on: 1/30/2013 1:48:08 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.82 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive H: | 465.66 Gb Total Space | 385.07 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.55% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/12 14:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 14:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/16 13:47:00 | 001,048,576 | ---- | M] ( ) [Auto] -- H:\Windows\System32\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 15:40:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/30 12:25:15 | 000,040,960 | ---- | M] () [Auto] -- H:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 16:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand] -- H:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/08 19:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto] -- H:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011/07/24 19:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand] -- H:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011/02/21 23:19:12 | 002,656,280 | R--- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/21 23:19:08 | 000,326,168 | R--- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/16 13:47:00 | 000,593,920 | ---- | M] ( ) [Auto] -- H:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/30 15:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- H:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 16:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/04/16 07:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Matthias_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\Matthias_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Matthias_ON_H\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_H\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: H:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\Matthias_ON_H\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Matthias_ON_H\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [LMPSSDMON] H:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [MSC] H:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] H:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RTHDVCPL] H:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] H:\Windows\System32\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] H:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Super-Charger] H:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Matthias_ON_H..\Run: [LMab1err] H:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Matthias_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Matthias_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Matthias_ON_H Winlogon: Shell - (C:\Users\Matthias\AppData\Roaming\skype.dat) - H:\Users\Matthias\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - H:\Windows\System32\appmgmts.dll (Microsoft Corporation)
========== Files/Folders - Created Within 7 Days ==========
[2013/01/29 23:30:45 | 000,000,000 | ---D | C] -- H:\NBRT
[2013/01/29 18:39:14 | 000,000,000 | -HSD | C] -- H:\found.000
[2013/01/29 18:11:58 | 000,000,000 | ---D | C] -- H:\ProgramData\HitmanPro
[2013/01/29 18:11:46 | 000,000,000 | ---D | C] -- H:\Windows\Minidump
[2013/01/29 16:43:28 | 000,000,000 | ---D | C] -- H:\cce_linux
[2013/01/29 13:29:38 | 000,000,000 | ---D | C] -- H:\Kaspersky Rescue Disk 10.0
[2012/12/12 14:01:23 | 001,044,480 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabserv.dll
[2012/12/12 14:01:23 | 000,802,816 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcomc.dll
[2012/12/12 14:01:23 | 000,376,832 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcomm.dll
[2012/12/12 14:01:23 | 000,356,352 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabhcp.dll
[2012/12/12 14:01:22 | 000,593,920 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcoms.exe
========== Files - Modified Within 7 Days ==========
[2013/01/29 18:48:21 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/29 18:48:08 | 000,000,004 | ---- | M] () -- H:\Users\Matthias\AppData\Roaming\skype.ini
[2013/01/29 18:45:42 | 000,001,110 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/29 18:45:29 | 3151,982,592 | -HS- | M] () -- H:\hiberfil.sys
[2013/01/29 18:39:50 | 000,003,552 | ---- | M] () -- H:\bootsqm.dat
[2013/01/29 18:27:32 | 000,026,704 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 18:27:32 | 000,026,704 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 18:19:56 | 356,086,300 | ---- | M] () -- H:\Windows\MEMORY.DMP
[2013/01/28 03:40:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 14:17:00 | 000,001,114 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/26 09:01:07 | 000,000,282 | ---- | M] () -- H:\Windows\tasks\RegClean Pro_DEFAULT.job
========== Files Created - No Company Name ==========
[2013/01/29 18:39:50 | 000,003,552 | ---- | C] () -- H:\bootsqm.dat
[2013/01/29 18:11:43 | 356,086,300 | ---- | C] () -- H:\Windows\MEMORY.DMP
[2013/01/26 14:24:28 | 000,000,004 | ---- | C] () -- H:\Users\Matthias\AppData\Roaming\skype.ini
[2012/12/12 14:03:23 | 000,028,672 | ---- | C] () -- H:\Windows\hookdllX.dll
[2012/12/12 14:03:23 | 000,011,776 | ---- | C] () -- H:\Windows\SysWow64\pmsbfn32.dll
[2012/05/15 14:48:44 | 000,000,028 | ---- | C] () -- H:\Windows\ODBC.INI
[2012/05/15 13:39:37 | 000,000,021 | ---- | C] () -- H:\Windows\DvInesKurusOleServer003.INI
[2012/05/15 13:28:39 | 000,000,111 | ---- | C] () -- H:\Windows\dvinesinstalllocation001.INI
[2012/05/15 13:26:41 | 000,000,112 | ---- | C] () -- H:\Windows\Startup.INI
[2012/05/09 11:33:42 | 001,846,516 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/08 07:02:25 | 000,047,616 | ---- | C] () -- H:\Users\Matthias\AppData\Roaming\skype.dat
[2012/05/08 06:44:32 | 000,145,804 | ---- | C] () -- H:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 16:31:16 | 000,963,912 | ---- | C] () -- H:\Windows\SysWow64\igkrng600.bin
[2012/03/19 16:31:16 | 000,261,208 | ---- | C] () -- H:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- H:\Windows\SysWow64\igdde32.dll
[2012/03/19 15:21:14 | 013,212,672 | ---- | C] () -- H:\Windows\SysWow64\ig4icd32.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2009/09/30 05:05:48 | 000,290,816 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v60.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2008/10/30 11:00:22 | 000,048,640 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v60.dll
[2008/10/30 10:59:24 | 000,025,088 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v60.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v50.dll
[2003/05/24 11:38:52 | 000,224,768 | ---- | C] () -- H:\Program Files\ToDoList2003.exe
[1999/01/19 08:18:30 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 08:18:30 | 000,046,080 | ---- | C] () -- H:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 08:18:30 | 000,043,008 | ---- | C] () -- H:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 08:18:30 | 000,020,480 | ---- | C] () -- H:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 08:18:30 | 000,019,968 | ---- | C] () -- H:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- H:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- H:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 08:18:28 | 000,176,128 | ---- | C] () -- H:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 08:18:28 | 000,141,824 | ---- | C] () -- H:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 08:18:28 | 000,023,552 | ---- | C] () -- H:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- H:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- H:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 08:18:28 | 000,022,016 | ---- | C] () -- H:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 08:18:28 | 000,018,432 | ---- | C] () -- H:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 08:18:28 | 000,017,920 | ---- | C] () -- H:\Windows\SysWow64\LFMAC60N.DLL
[1995/02/14 17:11:00 | 000,017,920 | ---- | C] () -- H:\Windows\SysWow64\IMPLODE.DLL
========== LOP Check ==========
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/12/12 03:16:45 | 000,000,000 | ---D | M] -- H:\ProgramData\Ask
[2012/05/09 11:51:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2012/05/09 12:42:30 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonBJ
[2012/06/10 02:58:05 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonEPP
[2012/06/10 02:58:05 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEPPEX2
[2012/05/15 13:59:14 | 000,000,000 | ---D | M] -- H:\ProgramData\DATEV
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/05/20 12:58:04 | 000,000,000 | ---D | M] -- H:\ProgramData\elsterformular
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/01/29 18:11:58 | 000,000,000 | ---D | M] -- H:\ProgramData\HitmanPro
[2012/10/19 04:57:36 | 000,000,000 | ---D | M] -- H:\ProgramData\PDF Writer
[2012/05/15 13:55:41 | 000,000,000 | ---D | M] -- H:\ProgramData\SkyCom
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2013/01/26 09:01:07 | 000,000,282 | ---- | M] () -- H:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012/12/26 13:27:08 | 000,000,290 | ---- | M] () -- H:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012/12/08 10:30:16 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/11/27 15:15:17 | 000,000,000 | -HSD | M] -- H:\$Recycle.Bin
[2013/01/29 16:51:19 | 000,000,000 | ---D | M] -- H:\cce_linux
[2013/01/09 07:29:32 | 000,000,000 | -HSD | M] -- H:\Config.Msi
[2012/05/15 14:43:56 | 000,000,000 | ---D | M] -- H:\DASSDVS
[2012/08/14 04:08:50 | 000,000,000 | ---D | M] -- H:\Daten
[2012/05/15 13:39:34 | 000,000,000 | ---D | M] -- H:\DATEV
[2012/05/15 14:07:43 | 000,000,000 | ---D | M] -- H:\DDS
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\Documents and Settings
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen
[2012/05/08 16:33:16 | 000,000,000 | ---D | M] -- H:\Drivers
[2012/12/12 03:26:53 | 000,000,000 | ---D | M] -- H:\Firefox
[2013/01/29 18:39:14 | 000,000,000 | -HSD | M] -- H:\found.000
[2012/05/08 16:33:16 | 000,000,000 | ---D | M] -- H:\Hotfix
[2012/12/04 04:57:29 | 000,000,000 | ---D | M] -- H:\I.S.Bau_outluck
[2012/05/08 06:44:18 | 000,000,000 | ---D | M] -- H:\Intel
[2013/01/29 15:19:44 | 000,000,000 | ---D | M] -- H:\Kaspersky Rescue Disk 10.0
[2012/05/08 07:35:54 | 000,000,000 | RH-D | M] -- H:\MSOCache
[2013/01/29 23:30:45 | 000,000,000 | ---D | M] -- H:\NBRT
[2009/07/13 22:20:08 | 000,000,000 | ---D | M] -- H:\PerfLogs
[2012/12/12 14:06:10 | 000,000,000 | R--D | M] -- H:\Program Files
[2012/12/12 14:03:10 | 000,000,000 | R--D | M] -- H:\Program Files (x86)
[2013/01/29 18:15:23 | 000,000,000 | -H-D | M] -- H:\ProgramData
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\Programme
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\Recovery
[2013/01/24 10:34:45 | 000,000,000 | -HSD | M] -- H:\System Volume Information
[2012/05/08 06:40:27 | 000,000,000 | R--D | M] -- H:\Users
[2013/01/29 18:19:56 | 000,000,000 | ---D | M] -- H:\Windows
[2012/05/08 06:47:23 | 000,000,000 | ---D | M] -- H:\winki
< %PROGRAMFILES%\*.exe >
[2003/05/24 11:38:52 | 000,224,768 | ---- | M] () -- H:\Program Files\ToDoList2003.exe
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- H:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- H:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- H:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- H:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: IASTORV.SYS >
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 22:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- H:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\System32\netlogon.dll
[2010/11/20 22:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- H:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\SysWOW64\netlogon.dll
[2010/11/20 22:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 22:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- H:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\SysWOW64\scecli.dll
[2010/11/20 22:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\System32\scecli.dll
[2010/11/20 22:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- H:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\SysWOW64\user32.dll
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- H:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\System32\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- H:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\System32\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- H:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\System32\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- H:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- H:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\*****\Anwendungsdaten\skype.dat) - File not found
:Files C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\*.tmp
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\*.exe
C:\Dokumente und Einstellungen\*****\*.exe
C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]
Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\skype.dat deleted successfully.
Error: Unable to interpret <:Files C:\ProgramData\*.exe> in the current context!
Error: Unable to interpret <C:\ProgramData\*.dll> in the current context!
Error: Unable to interpret <C:\ProgramData\*.tmp> in the current context!
Error: Unable to interpret <C:\ProgramData\TEMP> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\*.exe> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\*.exe> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\*.tmp> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Temp\*.exe> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\*.exe> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\Autostart\ctfmon.lnk> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk> in the current context!
Error: Unable to interpret <C:\Dokumente und Einstellungen\Matthias\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\> in the current context!
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: Matthias
->Temp folder emptied: 239735100 bytes
->Temporary Internet Files folder emptied: 797974491 bytes
->Java cache emptied: 1238094 bytes
->Flash cache emptied: 18417 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 367831411 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36029979 bytes
Total Files Cleaned = 1,376.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 01302013_020558
Code:
ATTFilter OTL logfile created on: 1/30/2013 2:26:05 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.82 Mb Free Space | 75.82% Space Free | Partition Type: NTFS
Drive H: | 465.66 Gb Total Space | 386.45 Gb Free Space | 82.99% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.54% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/12 14:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 14:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/16 13:47:00 | 001,048,576 | ---- | M] ( ) [Auto] -- H:\Windows\System32\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 15:40:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/30 12:25:15 | 000,040,960 | ---- | M] () [Auto] -- H:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 16:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand] -- H:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/08 19:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto] -- H:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2011/07/24 19:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand] -- H:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2011/02/21 23:19:12 | 002,656,280 | R--- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/21 23:19:08 | 000,326,168 | R--- | M] (Intel Corporation) [Auto] -- H:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/09/16 13:47:00 | 000,593,920 | ---- | M] ( ) [Auto] -- H:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/08/30 15:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- H:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/19 16:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/04/16 07:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- H:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Matthias_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\Matthias_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Matthias_ON_H\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_H\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\Matthias_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: H:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\Matthias_ON_H\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Matthias_ON_H\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - H:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [LMPSSDMON] H:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe ()
O4:64bit: - HKLM..\Run: [MSC] H:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] H:\Users\Matthias\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RTHDVCPL] H:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] H:\Windows\System32\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] H:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Super-Charger] H:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Matthias_ON_H..\Run: [LMab1err] H:\Program Files\Lexmark\ErrorApp\lmab1err.exe ( )
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Matthias_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Matthias_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Matthias_ON_H Winlogon: Shell - (C:\Users\Matthias\AppData\Roaming\skype.dat) - H:\Users\Matthias\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/30 02:05:58 | 000,000,000 | ---D | C] -- H:\_OTL
[2013/01/29 23:30:45 | 000,000,000 | ---D | C] -- H:\NBRT
[2013/01/29 18:39:14 | 000,000,000 | -HSD | C] -- H:\found.000
[2013/01/29 18:11:58 | 000,000,000 | ---D | C] -- H:\ProgramData\HitmanPro
[2013/01/29 18:11:46 | 000,000,000 | ---D | C] -- H:\Windows\Minidump
[2013/01/29 16:43:28 | 000,000,000 | ---D | C] -- H:\cce_linux
[2013/01/29 13:29:38 | 000,000,000 | ---D | C] -- H:\Kaspersky Rescue Disk 10.0
[2013/01/09 07:09:45 | 000,750,592 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32spl.dll
[2013/01/09 07:09:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\win32spl.dll
[2013/01/09 07:09:32 | 000,307,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 07:09:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\usp10.dll
[2013/01/09 07:09:31 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 07:09:28 | 002,746,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\gameux.dll
[2013/01/09 07:09:28 | 002,576,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\gameux.dll
[2013/01/09 07:09:28 | 000,441,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wpc.dll
[2013/01/09 07:09:28 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\fpb.rs
[2013/01/09 07:09:28 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\System32\fpb.rs
[2013/01/09 07:09:28 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 07:09:28 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc-nz.rs
[2013/01/09 07:09:28 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 07:09:28 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\System32\pegibbfc.rs
[2013/01/09 07:09:28 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\csrr.rs
[2013/01/09 07:09:28 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\System32\csrr.rs
[2013/01/09 07:09:28 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\cob-au.rs
[2013/01/09 07:09:28 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\System32\cob-au.rs
[2013/01/09 07:09:28 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\usk.rs
[2013/01/09 07:09:28 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\System32\usk.rs
[2013/01/09 07:09:28 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\grb.rs
[2013/01/09 07:09:28 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\System32\grb.rs
[2013/01/09 07:09:28 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 07:09:28 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-pt.rs
[2013/01/09 07:09:28 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi.rs
[2013/01/09 07:09:28 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi.rs
[2013/01/09 07:09:28 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\djctq.rs
[2013/01/09 07:09:28 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\System32\djctq.rs
[2013/01/09 07:09:27 | 000,308,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\Wpc.dll
[2013/01/09 07:09:27 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\cero.rs
[2013/01/09 07:09:27 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\System32\cero.rs
[2013/01/09 07:09:27 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\esrb.rs
[2013/01/09 07:09:27 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\System32\esrb.rs
[2013/01/09 07:09:27 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\oflc.rs
[2013/01/09 07:09:27 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc.rs
[2013/01/09 07:09:27 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 07:09:27 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-fi.rs
[2013/01/09 07:09:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\KernelBase.dll
[2013/01/09 07:09:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2013/01/09 07:09:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64win.dll
[2013/01/09 07:09:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe
[2013/01/09 07:09:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64.dll
[2013/01/09 07:09:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll
[2013/01/09 07:09:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntvdm64.dll
[2013/01/09 07:09:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 07:09:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64cpu.dll
[2013/01/09 07:09:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 07:09:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 07:09:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 07:09:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\wow32.dll
[2013/01/09 07:09:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 07:09:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 07:09:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 07:09:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\setup16.exe
[2013/01/09 07:09:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\instnm.exe
[2013/01/09 07:09:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 07:09:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 07:09:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 07:09:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\user.exe
[2013/01/09 07:08:57 | 000,068,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe
[2012/12/12 14:01:23 | 001,044,480 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabserv.dll
[2012/12/12 14:01:23 | 000,802,816 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcomc.dll
[2012/12/12 14:01:23 | 000,376,832 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcomm.dll
[2012/12/12 14:01:23 | 000,356,352 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabhcp.dll
[2012/12/12 14:01:22 | 000,593,920 | ---- | C] ( ) -- H:\Windows\SysWow64\lmabcoms.exe
========== Files - Modified Within 30 Days ==========
[2013/01/29 18:48:21 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/29 18:48:08 | 000,000,004 | ---- | M] () -- H:\Users\Matthias\AppData\Roaming\skype.ini
[2013/01/29 18:45:42 | 000,001,110 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/29 18:45:29 | 3151,982,592 | -HS- | M] () -- H:\hiberfil.sys
[2013/01/29 18:39:50 | 000,003,552 | ---- | M] () -- H:\bootsqm.dat
[2013/01/29 18:27:32 | 000,026,704 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 18:27:32 | 000,026,704 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 18:19:56 | 356,086,300 | ---- | M] () -- H:\Windows\MEMORY.DMP
[2013/01/28 03:40:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 14:17:00 | 000,001,114 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/26 09:01:07 | 000,000,282 | ---- | M] () -- H:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/01/09 15:40:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 15:40:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 15:04:34 | 000,484,736 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 07:29:24 | 001,846,516 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 07:29:24 | 000,798,090 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 07:29:24 | 000,736,168 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 07:29:24 | 000,185,996 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 07:29:24 | 000,149,068 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/06 16:55:19 | 000,001,160 | ---- | M] () -- H:\Users\Matthias\Desktop\AR_2013 - Verknüpfung.lnk
========== Files Created - No Company Name ==========
[2013/01/29 18:39:50 | 000,003,552 | ---- | C] () -- H:\bootsqm.dat
[2013/01/29 18:11:43 | 356,086,300 | ---- | C] () -- H:\Windows\MEMORY.DMP
[2013/01/26 14:24:28 | 000,000,004 | ---- | C] () -- H:\Users\Matthias\AppData\Roaming\skype.ini
[2013/01/06 16:55:19 | 000,001,160 | ---- | C] () -- H:\Users\Matthias\Desktop\AR_2013 - Verknüpfung.lnk
[2012/12/12 14:03:23 | 000,028,672 | ---- | C] () -- H:\Windows\hookdllX.dll
[2012/12/12 14:03:23 | 000,011,776 | ---- | C] () -- H:\Windows\SysWow64\pmsbfn32.dll
[2012/05/15 14:48:44 | 000,000,028 | ---- | C] () -- H:\Windows\ODBC.INI
[2012/05/15 13:39:37 | 000,000,021 | ---- | C] () -- H:\Windows\DvInesKurusOleServer003.INI
[2012/05/15 13:28:39 | 000,000,111 | ---- | C] () -- H:\Windows\dvinesinstalllocation001.INI
[2012/05/15 13:26:41 | 000,000,112 | ---- | C] () -- H:\Windows\Startup.INI
[2012/05/09 11:33:42 | 001,846,516 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/08 07:02:25 | 000,047,616 | ---- | C] () -- H:\Users\Matthias\AppData\Roaming\skype.dat
[2012/05/08 06:44:32 | 000,145,804 | ---- | C] () -- H:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 16:31:16 | 000,963,912 | ---- | C] () -- H:\Windows\SysWow64\igkrng600.bin
[2012/03/19 16:31:16 | 000,261,208 | ---- | C] () -- H:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- H:\Windows\SysWow64\igdde32.dll
[2012/03/19 15:21:14 | 013,212,672 | ---- | C] () -- H:\Windows\SysWow64\ig4icd32.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2009/09/30 05:05:48 | 000,290,816 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v60.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2008/10/30 11:00:22 | 000,048,640 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v60.dll
[2008/10/30 10:59:24 | 000,025,088 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v60.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldapssl32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldappr32v50.dll
[2004/12/14 10:55:22 | 000,000,019 | ---- | C] () -- H:\Windows\SysWow64\nsldap32v50.dll
[2003/05/24 11:38:52 | 000,224,768 | ---- | C] () -- H:\Program Files\ToDoList2003.exe
[1999/01/19 08:18:30 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\LFPNG60N.DLL
[1999/01/19 08:18:30 | 000,046,080 | ---- | C] () -- H:\Windows\SysWow64\LFTIF60N.DLL
[1999/01/19 08:18:30 | 000,043,008 | ---- | C] () -- H:\Windows\SysWow64\LTFIL60N.DLL
[1999/01/19 08:18:30 | 000,020,480 | ---- | C] () -- H:\Windows\SysWow64\LFPSD60N.DLL
[1999/01/19 08:18:30 | 000,019,968 | ---- | C] () -- H:\Windows\SysWow64\LFTGA60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- H:\Windows\SysWow64\LFWPG60N.DLL
[1999/01/19 08:18:30 | 000,019,456 | ---- | C] () -- H:\Windows\SysWow64\LFWMF60N.DLL
[1999/01/19 08:18:28 | 000,176,128 | ---- | C] () -- H:\Windows\SysWow64\LFFAX60N.DLL
[1999/01/19 08:18:28 | 000,141,824 | ---- | C] () -- H:\Windows\SysWow64\LFCMP60N.DLL
[1999/01/19 08:18:28 | 000,023,552 | ---- | C] () -- H:\Windows\SysWow64\LFPCX60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- H:\Windows\SysWow64\LFPCT60N.DLL
[1999/01/19 08:18:28 | 000,022,528 | ---- | C] () -- H:\Windows\SysWow64\LFEPS60N.DLL
[1999/01/19 08:18:28 | 000,022,016 | ---- | C] () -- H:\Windows\SysWow64\LFBMP60N.DLL
[1999/01/19 08:18:28 | 000,018,432 | ---- | C] () -- H:\Windows\SysWow64\LFMSP60N.DLL
[1999/01/19 08:18:28 | 000,017,920 | ---- | C] () -- H:\Windows\SysWow64\LFMAC60N.DLL
[1995/02/14 17:11:00 | 000,017,920 | ---- | C] () -- H:\Windows\SysWow64\IMPLODE.DLL
========== LOP Check ==========
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/12/12 03:16:45 | 000,000,000 | ---D | M] -- H:\ProgramData\Ask
[2012/05/09 11:51:26 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2012/05/09 12:42:30 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonBJ
[2012/06/10 02:58:05 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonEPP
[2012/06/10 02:58:05 | 000,000,000 | -H-D | M] -- H:\ProgramData\CanonIJEPPEX2
[2012/05/15 13:59:14 | 000,000,000 | ---D | M] -- H:\ProgramData\DATEV
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/05/20 12:58:04 | 000,000,000 | ---D | M] -- H:\ProgramData\elsterformular
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2013/01/29 18:11:58 | 000,000,000 | ---D | M] -- H:\ProgramData\HitmanPro
[2012/10/19 04:57:36 | 000,000,000 | ---D | M] -- H:\ProgramData\PDF Writer
[2012/05/15 13:55:41 | 000,000,000 | ---D | M] -- H:\ProgramData\SkyCom
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/05/08 06:40:19 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2013/01/26 09:01:07 | 000,000,282 | ---- | M] () -- H:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012/12/26 13:27:08 | 000,000,290 | ---- | M] () -- H:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012/12/08 10:30:16 | 000,032,640 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Viele Grüße, Daniel |
| Themen zu Interpretation des Log-Files von OTLPE - GVU-Trojaner |
| adobe, adobe flash player, autorun, bho, dateien, defender, error, fehler, flash player, format, logfile, logfile otlpe gvu trojaner fix, microsoft, monitor, msn, nvidia, plug-in, programm, realtek, regclean, regclean pro, registry, remote user, rundll, scan, security, software, temp, windows, windows media player |
Baum-Darstellung