Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: T-mobile mms mit Anhang foto_{symbol}.zip

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.01.2013, 16:36   #1
JanT
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Hallo,

ich hatte schon Kontakt zu MarkusG bzgl. des Themas.

Ich habe gestern eine Mail (133kb) von mms@t-mobile.de erhalten. Inhalt der Nachricht war lediglich eine Grafik (ich nehme mal an das T-Mobile-Logo) und die Telefonnummer:

Telefonnummer +491516867326

Im Anhang war die Datei:

foto_{symbol}.zip

Dummerweise bin ich neugierig und habe ich die Datei natürlich runtergeladen:

- Wurde beim Download von Mozilla auf Viren geprüft, nichts gefunden.
- Vor dem öffnen mit Malewarebytes und Spybot auf Viren geprüft, nichts gefunden.
- Daraufhin habe ich den Zip-Ordner extrahiert, Inhalt war die Datei:

foto_{symbol}.jpg.exe

- ebenfalls durch Spybot und Malewarebytes gecheckt.
- immernoch neugierig und in der Hoffnung nur einen Selfextractor vor mir zu haben, Datei geöffnet.
- nach Ausführen der EXE hat sich die Datei selbstständig gelöscht.

Sympthome:

- Auch nach Ausführung keine ersichtlichen Sympthome, keine Maleware auffindbar.
- habe mich dazu entschlossen mit Recue Disc 10 von Kaspersky zu booten
- Computer ließ sich nicht selbstständig runterfahren, da ein Programm in dem Ordner, in dem ich die Datei entpackt hatte, noch geöffnet war
- zum Neustart gezwungen und Rescue Disc gebootet
- Rescue Disc hat auch nichts gefunden
- nach Neustart startet Windows nicht mehr
- Windows Starthilfe hat eine Systemwiederherstellung durchgeführt
- bisher funktioniert alles einwandfrei und ohne Beschwerden

Betriebssystem Windows7 Home Premium (SP 1) 64-bit.

Tja, ansonsten bin ich jetzt auch ein bisschen ratlos, ob ich mir mein System infiziert habe oder nicht. Wie ich euch die Email weiterleiten kann bzw. soll, habe ich leider noch nicht verstanden, verwende Outlook, wäre schön wenn ihr mir das noch mal erklären könntet.

Wäre sehr dankbar wenn ihr mir helfen könntet.
Lg Jan

P.S. Ach so, anbei noch eine OTL logfile.

Alt 31.01.2013, 18:04   #2
t'john
/// Helfer-Team
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip





wo ist das OTL-Log?
__________________

__________________

Alt 31.01.2013, 21:33   #3
JanT
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Sorry dass ich so spät antworte, hatte gerade noch einmal mit Avira Rescue Disc gebootet... dauerte ein wenig. Hatte eigentlich die OTL angehängt, ein neuer Versuch:

Code:
ATTFilter
OTL logfile created on: 31.01.2013 14:27:10 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = D:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,10 Gb Total Space | 186,52 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DEFAULT | User Name: Jan
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 13:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010.02.23 16:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010.02.05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009.11.05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2012.12.04 21:31:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.16 13:49:16 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.04.15 01:58:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.25 12:07:14 | 000,196,464 | ---- | M] (TOSHIBA CORPORATION) [On_Demand] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.02.11 01:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.01.28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.12.04 03:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.10.06 08:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
IE - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 02:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 02:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.31 13:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.31 13:42:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.11 16:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.07.12 16:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\8uvmigml.default\extensions
[2012.10.24 09:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\mond249d.default\extensions
[2013.01.19 11:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.04 21:31:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.20 09:38:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.09 15:36:21 | 000,443,048 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

GELÖSCHT *Privatsphäre* ;)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI]  File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon]  File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv]  File not found
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1001..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\RunOnce: [SysOff]  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{224394ef-60bd-11df-9af2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{224394ef-60bd-11df-9af2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005.07.16 22:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.30 20:53:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Programs
[2013.01.04 16:11:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Apple Computer
[2013.01.04 16:11:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple Computer
[2013.01.04 16:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.04 16:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.04 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.04 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.04 16:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.04 16:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.04 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple
[2013.01.04 16:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.04 16:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.04 16:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.04 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.04 16:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 14:18:02 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 14:03:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.31 14:03:03 | 3166,703,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 13:43:00 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.10 09:37:37 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.04 19:36:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 19:36:30 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.01.04 19:36:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 19:36:30 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.01.04 16:11:45 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.04 16:11:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.04 16:10:26 | 000,002,519 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jan\AppData\Roaming\*.tmp files -> C:\Users\Jan\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 16:11:45 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.04 16:10:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.08.07 20:38:59 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe183.dll
[2012.08.07 15:00:22 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe182.dll
[2012.08.06 13:31:28 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe181.dll
[2012.08.06 06:51:17 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.21 08:34:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.20 19:51:58 | 000,000,017 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\blckdom.res
[2012.07.10 15:34:17 | 000,000,030 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\urhtps.dat
[2012.06.11 11:23:08 | 000,007,607 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg
[2011.11.09 23:55:27 | 000,009,728 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.22 18:08:56 | 003,902,976 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2011.08.22 20:07:48 | 000,074,752 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011.08.22 20:07:02 | 000,158,208 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011.08.22 20:07:00 | 000,259,584 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011.08.22 20:06:30 | 001,524,224 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011.08.22 20:06:30 | 000,211,456 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011.08.22 20:06:30 | 000,097,280 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011.08.22 20:06:28 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011.08.22 20:06:28 | 000,113,664 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011.08.22 20:06:26 | 000,145,920 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011.08.22 20:06:26 | 000,136,704 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011.05.31 19:58:24 | 000,000,346 | ---- | C] () -- C:\windows\SIERRA.INI
[2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011.05.23 08:46:30 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\mkunicode.dll
[2011.02.07 19:00:08 | 000,925,667 | ---- | C] () -- C:\windows\SysWow64\ffmpegmt.dll
[2011.02.07 19:00:08 | 000,065,024 | ---- | C] () -- C:\windows\SysWow64\FLT_ffdshow.dll
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\windows\SysWow64\Registration.ini
[2010.08.01 12:44:00 | 000,000,098 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\wklnhst.dat
[2010.07.28 19:12:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.16 08:57:34 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\windows\SysWow64\ac3config.exe
[2009.08.11 22:21:20 | 001,021,440 | ---- | C] () -- C:\windows\SysWow64\ac3filter_intl.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009.04.28 03:37:00 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\mmfinfo.dll
[2008.11.06 16:37:32 | 003,596,288 | ---- | C] () -- C:\windows\SysWow64\qt-dx331.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2006.03.04 05:52:00 | 000,088,576 | ---- | C] () -- C:\windows\SysWow64\OptimFROG.dll
 
========== LOP Check ==========
 
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.022
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.023
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.024
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.025
[2011.11.19 17:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\AnvSoft
[2011.05.31 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Blender Foundation
[2012.07.22 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\elsterformular
[2011.06.08 00:42:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FTD
[2012.11.16 03:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\FXTS2
[2012.08.13 10:26:54 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ
[2012.07.08 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\kock
[2011.07.31 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Nullsoft
[2010.11.09 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PhotoScape
[2010.10.20 21:31:30 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\pschmid.net
[2010.10.13 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Softland
[2012.08.19 16:42:10 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TeamViewer
[2010.08.01 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Template
[2012.08.05 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Toshiba
[2012.08.06 09:24:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\UAs
[2010.12.08 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WildTangent
[2010.07.27 19:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\WinBatch
[2012.08.03 23:27:00 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Windows Desktop Search
[2012.08.06 14:06:27 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\xmldm
[2013.01.04 16:11:36 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2010.12.07 12:02:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.01.15 21:51:26 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012.07.22 19:07:34 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.07.28 00:23:46 | 000,000,000 | ---D | M] -- C:\ProgramData\MetaQuotes
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012.11.16 02:47:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TmForever
[2012.01.02 20:49:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Toshiba
[2010.07.27 19:31:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2010.05.16 08:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\vista32
[2010.05.16 08:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\vista64
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.12.08 17:34:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2010.05.16 08:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\win7_32
[2010.05.16 08:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\win7_64
[2010.05.16 08:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\xp
[2012.08.21 16:13:03 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.11.06 04:00:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.05 22:12:09 | 000,000,000 | ---D | M] -- C:\1033
[2010.05.06 07:29:43 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.01.04 16:11:48 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.06 10:17:43 | 000,000,000 | ---D | M] -- C:\Games
[2010.05.05 22:12:41 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.10 13:52:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2010.11.10 00:14:28 | 000,000,000 | ---D | M] -- C:\output
[2013.01.04 16:11:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.31 13:42:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.04 16:11:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.27 19:30:42 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.31 14:14:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.07.27 19:32:47 | 000,000,000 | ---D | M] -- C:\Toshiba
[2010.07.27 19:30:58 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.31 13:43:26 | 000,000,000 | ---D | M] -- C:\Windows
[2010.05.05 22:10:54 | 000,000,000 | ---D | M] -- C:\Works
[2012.07.22 19:33:28 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\windows\System32\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\windows\System32\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
...und noch die Auswertung von Avira RD von eben (die Filme und drei Zip-Dateien im Synaptics-Ordner sind ok und von mir erstellt):

Code:
ATTFilter
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:         8.2.10.244
VDF Version:        7.11.59.80
Scan start time: Thu Jan 31 18:19:00 2013
configuration file: /etc/avira/scancl.conf

WARNING: [File is encrypted] /media/Devices/sda2/Program Files/Synaptics/BATCH.ZIP



WARNING: [File is encrypted] /media/Devices/sda2/Program Files/Synaptics/install.zipx



WARNING: [File is encrypted] /media/Devices/sda2/Program Files/Synaptics/runtime.zipx



ALERT: [JS/Expack.afn] /media/Devices/sda2/Users/Jan/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/NRQ0FSTW/52385266[1].htm <<< Contains signature of the Java script virus JS/Expack.afn [renamed]



ALERT: [EXP/Pidief.dpb] /media/Devices/sda2/Users/Jan/AppData/Local/Mozilla/Firefox/Profiles/st4zw4aq.default/Cache/3/BE/FD669d01 <<< Contains signature of the exploits EXP/Pidief.dpb [renamed]



ALERT: [JS/Expack.XI.1] /media/Devices/sda2/Users/Jan/AppData/Local/Mozilla/Firefox/Profiles/st4zw4aq.default/Cache/E/E4/5AFA2d01 <<< Contains signature of the Java script virus JS/Expack.XI.1 [renamed]



ALERT: [TR/Small.FI] /media/Devices/sda2/Users/Jan/AppData/Local/{f7f566ac-d3b0-1ccb-ba36-ba02d39dc67b}/U/00000001.@ <<< Is the Trojan horse TR/ [renamed]



ALERT: [EXP/CVE-2012-1723.A.22] /media/Devices/sda2/Users/Jan/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/0/504bf000-1577dcf0 --> r__aa/r__ab.class <<< Contains signature of the exploits EXP/CVE-2012-1723.A.22 [archive scan abort]



ALERT: [EXP/CVE-2012-1723.A.22] /media/Devices/sda2/Users/Jan/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/11/514fd2cb-34fd50b8 --> r__aa/r__ab.class <<< Contains signature of the exploits EXP/CVE-2012-1723.A.22 [archive scan abort]



ALERT: [EXP/CVE-2012-1723.BT] /media/Devices/sda2/Users/Jan/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/43/2ef2f56b-158ace79 --> b_sa/b_sb.class <<< Contains signature of the exploits EXP/CVE-2012-1723.BT [archive scan abort]



ALERT: [EXP/2012-0507.CU] /media/Devices/sda2/Users/Jan/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/9/e71c349-7d93a37e --> t_eea/t_eed.class <<< Contains signature of the exploits EXP/2012-0507.CU [archive scan abort]



ALERT: [Rkit/Agent.dewl] /media/Devices/sda2/Users/Jan/AppData/Roaming/BAcroIEHelpe180.dll <<< Contains signature of Rootkits RKIT/Agent.dewl [renamed]



ALERT: [TR/Spy.Gen] /media/Devices/sda2/Users/Jan/AppData/Roaming/BAcroIEHelpe181.dll <<< Is the Trojan horse TR/Spy.Gen [renamed]



ALERT: [Rkit/Agent.deyz] /media/Devices/sda2/Users/Jan/AppData/Roaming/BAcroIEHelpe182.dll <<< Contains signature of Rootkits RKIT/Agent.deyz [renamed]



ALERT: [Rkit/Agent.deyz] /media/Devices/sda2/Users/Jan/AppData/Roaming/BAcroIEHelpe183.dll <<< Contains signature of Rootkits RKIT/Agent.deyz [renamed]



WARNING: [File is encrypted] /media/Devices/sda2/Users/Jan/Downloads/kaffeeroesterinden90ern.rar



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Downloads/tmnationsforever_setup.exe --> TmNationsForever_Setup_Tmp-1.bin



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Downloads/tmnationsforever_setup.exe --> TmNationsForever_Setup_Tmp.exe



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r12



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r26



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r00



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r01



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r02



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r03



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r04



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r05



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r06



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r07



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r08



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r09



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r10



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r11



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r13



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r14



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r15



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r16



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r17



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r18



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r19



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r20



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r21



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r22



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r23



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r24



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r25



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r27



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r28



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r29



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r30



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r31



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r32



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r33



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r34



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.r35



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD1/crcl-verblendung.xvid-cd1.rar



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r12



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r26



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r00



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r01



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r02



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r03



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r04



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r05



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r06



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r07



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r08



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r09



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r10



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r11



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r13


WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r14



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r15



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r16



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r17



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r18



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r19



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r20



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r21



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r22



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r23



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r24



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r25



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r27



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r28



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r29



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r30



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r31



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r32



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r33



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r34



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.r35



WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/Jan/Videos/Filme/Lorenz/Verblendung.German.AC3.DVDRip.XviD-CRUCiAL/CD2/crcl-verblendung.xvid-cd2.rar




Statistics :
Directories............... : 35933
Archives.................. : 2616
Files..................... : 1093711
Infected.............. : 12
Renamed........... : 12
Warnings.............. : 80
Suspicious............ : 0
Infections................ : 12
         
Findes es übrigens extrem super, dass einem hier geholfen wird.
__________________

Alt 01.02.2013, 00:12   #4
t'john
/// Helfer-Team
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Fixen mit OTLpe
  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
ATTFilter
:OTL

O4:64bit: - HKLM..\Run: [] File not found 
O4:64bit: - HKLM..\Run: [ThpSrv] File not found 
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\Run: [] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found 
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\RunOnce: [mctadmin] File not found 
O4 - HKU\S-1-5-21-1621450032-1567874369-2038778540-1000..\RunOnce: [SysOff] File not found 
[2012.08.07 20:38:59 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe183.dll 
[2012.08.07 15:00:22 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe182.dll 
[2012.08.06 13:31:28 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe181.dll 
[2012.08.06 06:51:17 | 000,006,400 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\BAcroIEHelpe180.dll 
[2012.07.21 08:34:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad 
[2012.07.20 19:51:58 | 000,000,017 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\blckdom.res 
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.022 
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.023 
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.024 
[2012.07.17 16:39:29 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\13001.025 
[2012.07.08 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\kock 
[2012.08.06 09:24:55 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\UAs 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]
         
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.02.2013, 03:32   #5
JanT
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Hi,

danke dir erstmal für's tippen.
Habe mich, glaube ich, irgendwo unklar ausgedrückt. Der Rechner war bootbar (fast) die ganze Zeit. Ist ja aber auch eig Wurscht, denke ich mal. Ergebnis-Log sieht glaube ich ganz gut aus:

Code:
ATTFilter
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ThpSrv deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1621450032-1567874369-2038778540-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-19\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-21-1621450032-1567874369-2038778540-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-21-1621450032-1567874369-2038778540-1000\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\Users\Jan\AppData\Roaming\BAcroIEHelpe183.dll not found.
File C:\Users\Jan\AppData\Roaming\BAcroIEHelpe182.dll not found.
File C:\Users\Jan\AppData\Roaming\BAcroIEHelpe181.dll not found.
File C:\Users\Jan\AppData\Roaming\BAcroIEHelpe180.dll not found.
C:\ProgramData\0tbpw.pad moved successfully.
C:\Users\Jan\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Jan\AppData\Roaming\13001.022\components folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.022 folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\Jan\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\Jan\AppData\Roaming\kock folder moved successfully.
C:\Users\Jan\AppData\Roaming\UAs folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jan
->Temp folder emptied: 103627837 bytes
->Temporary Internet Files folder emptied: 6342571575 bytes
->Java cache emptied: 932670 bytes
->FireFox cache emptied: 859640782 bytes
->Flash cache emptied: 1129 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3066788 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28146782 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1463386 bytes
 
Total Files Cleaned = 7.000,00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 02012013_031347

Files\Folders moved on Reboot...
File\Folder C:\Users\Jan\AppData\Local\Temp\OICE_FB632BAC-5573-4EB9-855D-6D48E83145E4.0\224B718C. not found!
File\Folder C:\Users\Jan\AppData\Local\Temp\OICE_C8238370-4DC6-4418-8F12-E3C5DA8073E1.0\2504ADDA. not found!
File\Folder C:\Users\Jan\AppData\Local\Temp\OICE_604FA71B-47C6-422E-B947-C67BF450BD82.0\9A5D8BCF. not found!
File\Folder C:\Users\Jan\AppData\Local\Temp\OICE_24E12488-56BD-4575-A1B5-A75EABD05884.0\21BC076C. not found!
File\Folder C:\Users\Jan\AppData\Local\Temp\OICE_0327B871-3575-4602-B483-BAFF29FA333B.0\E6F53D2D. not found!
C:\Users\Jan\AppData\Local\Temp\AdobeARM.log moved successfully.
C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Sind wir am Ende?

Lg


Alt 01.02.2013, 17:05   #6
t'john
/// Helfer-Team
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Zitat:
Sind wir am Ende?
Noch nichtt, ich sage bescheid


Sehr gut!

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
--> T-mobile mms mit Anhang foto_{symbol}.zip

Alt 30.03.2013, 08:45   #7
t'john
/// Helfer-Team
 
T-mobile mms mit Anhang foto_{symbol}.zip - Standard

T-mobile mms mit Anhang foto_{symbol}.zip



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu T-mobile mms mit Anhang foto_{symbol}.zip
computer, download, email, exp/2012-0507.cu, exp/cve-2012-1723.a.22, exp/cve-2012-1723.bt, exp/pidief.dpb, foto_{symbol}.zip, funktioniert, home, js/expack.afn, js/expack.xi.1, kaspersky, mail, mms@t-mobile.de, programm, rkit/agent.dewl, rkit/agent.deyz, spybot, symbol, systemwiederherstellung, t-mobile, tr/spy.gen, windows



Ähnliche Themen: T-mobile mms mit Anhang foto_{symbol}.zip


  1. unbekanntes Symbol in Windows 7 aufgetaucht
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (2)
  2. Unbekanntes Symbol - verschwindet plötzlich
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (9)
  3. Unbekanntes Symbol in Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (3)
  4. Zahnrad(?)symbol in der Taskleiste
    Alles rund um Windows - 20.11.2013 (1)
  5. Zahnrad(?)symbol in der Taskleiste
    Alles rund um Windows - 12.11.2013 (0)
  6. T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet...
    Log-Analyse und Auswertung - 16.04.2013 (23)
  7. mms@t-mobile.de Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (1)
  8. ein komisches symbol
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (14)
  9. Symbol in der Leiste - Was hat das zu bedeuten??
    Plagegeister aller Art und deren Bekämpfung - 16.12.2008 (2)
  10. Tune Up Symbol aufeinmal weiß! *löl*
    Alles rund um Windows - 12.07.2008 (5)
  11. Symbol Taksleiste - falscher Status
    Alles rund um Windows - 04.03.2008 (1)
  12. Virus hinterlässt Symbol?
    Plagegeister aller Art und deren Bekämpfung - 26.11.2007 (4)
  13. Meldung mit ATI-Symbol enthält Virus?
    Plagegeister aller Art und deren Bekämpfung - 28.09.2007 (2)
  14. Trojaner - nerviges Symbol in der Taskleiste
    Log-Analyse und Auswertung - 20.04.2006 (3)
  15. Unbekanntes Icon/Symbol der Festplatte
    Alles rund um Windows - 08.06.2005 (3)
  16. Firewall-Symbol in Taskleiste
    Antiviren-, Firewall- und andere Schutzprogramme - 23.09.2004 (3)
  17. Verstecktes Symbol in der Taskleiste
    Plagegeister aller Art und deren Bekämpfung - 28.05.2004 (38)

Zum Thema T-mobile mms mit Anhang foto_{symbol}.zip - Hallo, ich hatte schon Kontakt zu MarkusG bzgl. des Themas. Ich habe gestern eine Mail (133kb) von mms@t-mobile.de erhalten. Inhalt der Nachricht war lediglich eine Grafik (ich nehme mal an - T-mobile mms mit Anhang foto_{symbol}.zip...
Archiv
Du betrachtest: T-mobile mms mit Anhang foto_{symbol}.zip auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.