Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows gesperrt - 50 Euro inkl. OTL

Windows gesperrt - 50 Euro inkl. OTL


Log-Analyse und Auswertung: Windows gesperrt - 50 Euro inkl. OTL

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.03.2012, 20:11   #1
Kerse123
 
Windows gesperrt - 50 Euro inkl. OTL - Standard

Windows gesperrt - 50 Euro inkl. OTL


Hallo Zusammen,

ich bin leider auch Opfer geworden. Windows gesperrt, 50 Euro und nix geht mehr. Bin jetzt den allgemeinen Anweisungen erst mal gefolt, hab eine OTL.Txt erstellt. Bitte helft mir!!!

Viele Grüße, Kerse

OTL logfile created on: 10.03.2012 19:50:28 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Kerse\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,86 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 80,46% Memory free
7,73 Gb Paging File | 7,00 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 157,46 Gb Free Space | 55,00% Space Free | Partition Type: NTFS

Computer Name: KERSE-PC | User Name: Kerse | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.10 19:45:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kerse\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.08.05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011.08.05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011.08.05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.01 12:12:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 16:11:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.02 09:02:28 | 000,305,448 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.07.01 12:12:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.01 12:12:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.06.26 17:24:00 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.06.26 17:22:21 | 000,042,696 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.05 17:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010.01.22 17:31:36 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/08 01:38:33] [Kernel | Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=273606100906l0488z145t4561k96n
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=273606100906l0488z145t4561k96n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=273606100906l0488z145t4561k96n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=273606100906l0488z145t4561k96n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=273606100906l0488z145t4561k96n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE382DE382
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SkypeM] C:\Users\Kerse\AppData\Local\Skype\Skype.exe (Iron Mountain Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3494F6-8FEE-452B-BAF8-75942C50C8DB}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.03.10 19:39:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.03.10 07:45:08 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{231E899F-7139-4423-B03C-90386497176A}
[2012.03.10 07:44:57 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{A124F980-27AE-4D90-BDB2-B693D4F1160F}
[2012.03.09 08:51:40 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{70CE8B74-71F3-4B9F-BDB3-1603D7A8897C}
[2012.03.09 08:51:18 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{E44F4600-68CE-4E2B-BA31-CDD8A71D70FC}
[2012.03.08 19:52:31 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{206259E5-4903-4486-A632-9B37F6884967}
[2012.03.08 19:52:20 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{D4173DB9-6227-4D5F-8E08-B92497DA788A}
[2012.03.08 18:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.03.08 16:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
[2012.03.08 16:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Home 3D
[2012.03.08 09:39:38 | 000,000,000 | ---D | C] -- C:\Users\Kerse\Desktop\Mails Kassenvize
[2012.03.08 07:51:54 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{CD5EA3C7-040D-435E-AE74-34A75278C38D}
[2012.03.08 07:51:32 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{E1C7B5AE-6CA3-42C2-853F-2320AF588E94}
[2012.03.07 19:51:06 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{D9EC89BA-5EF4-4587-A814-E0C0DF996557}
[2012.03.07 19:50:44 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{271BEF9A-2F12-4750-930E-3A78A3393548}
[2012.03.07 07:50:16 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{8983FA7D-9453-4DC2-9CE8-D041F5DF2648}
[2012.03.07 07:49:54 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{6E5BFC96-96E1-4344-B141-E1C40128E7AD}
[2012.03.06 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{BE89EC26-67D5-438D-95EF-F43014AE8B25}
[2012.03.06 08:31:32 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{9E348EC3-FEA6-4EC9-9596-8A1A4D2DCA1E}
[2012.03.05 21:16:47 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{8084E9F1-214B-4FAF-944F-B2C290DDCEB7}
[2012.03.05 08:41:06 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{0199128E-AD25-499F-A16C-28D3EE6E8232}
[2012.03.05 08:40:44 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{018BB655-8A0A-4F72-9D00-001701D4798D}
[2012.03.04 15:15:17 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{B462A815-0D09-46DF-A7D1-07BB5F62137F}
[2012.03.04 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{5EC7CF94-4993-49ED-B75A-D856113C5910}
[2012.03.04 08:45:50 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{234C97BA-45B2-4D35-9B82-25AEEFBC7724}
[2012.03.03 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{0388F578-23ED-4500-840C-F848C891C657}
[2012.03.03 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{3B5DE26F-8A4A-4133-9C0F-3F74588913CF}
[2012.03.02 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{D3078796-6AD4-4780-AED5-F4BB4B58221E}
[2012.03.02 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{53FAC79F-49E1-4406-B4D8-15D9B2AF8544}
[2012.03.02 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{68E381ED-13E9-4295-9BAB-51A452B9D01E}
[2012.03.01 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{B1610FEC-0AEC-4F96-974C-FC7C0FC2E852}
[2012.03.01 13:06:31 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{3A4A7841-362E-4184-98D2-2866AE34AFFB}
[2012.02.29 10:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{79677A44-96E5-4E40-A065-1B6B7E1DF322}
[2012.02.28 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{6881A8D0-5504-4E39-9671-19CA7AEDB2F1}
[2012.02.28 11:16:52 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{EFB68361-4F55-4CC4-8CF1-F030B173BB9E}
[2012.02.27 13:04:48 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{E581C565-CB24-491E-B2C2-C0872208CB00}
[2012.02.27 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{27F2BC5E-331E-441C-84E6-06127B01FE8B}
[2012.02.26 09:57:33 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{C123F714-15C1-4ED8-BC28-F0FA28782469}
[2012.02.26 09:57:11 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{B2FF35CC-9DC1-45C3-B3A2-C1DB2113BC6B}
[2012.02.25 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{5EABF1EC-4C1A-4567-980C-5B9161D40B75}
[2012.02.25 07:23:16 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{3C52A47C-76DB-4026-A139-BF370516FE7A}
[2012.02.24 16:57:33 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{4B4588D7-ECB4-4967-831F-8F12924E0245}
[2012.02.24 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{26FB8356-66E2-4378-9B42-928F82FA9AA0}
[2012.02.22 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{C958E27A-A292-4F10-B822-50D07448DC2D}
[2012.02.22 08:08:53 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{677CA21D-F882-492C-9835-14537CA426E0}
[2012.02.21 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7A2D55FF-8A49-42BE-8B41-E353BCEFFA8E}
[2012.02.21 09:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{3E4FB07F-6834-4A2E-8295-0FA9C3183A9D}
[2012.02.20 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7C576791-48CD-43DF-A963-08777DA298E6}
[2012.02.20 20:02:58 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7D7BD93A-B549-4D67-8ED8-0002925A980C}
[2012.02.20 07:40:32 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{DE626EFC-FAEC-434B-82E9-C328E58580A3}
[2012.02.20 07:40:22 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{C16425DA-85DB-4AF1-85D8-69AA2D881997}
[2012.02.19 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{253A23D8-4F37-4D89-83C7-4B89CAA01BB6}
[2012.02.19 16:19:37 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{D00059BF-5188-4BB1-9D2B-041274D0E890}
[2012.02.19 07:47:22 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{86786AB5-D596-4942-8704-F84C8C1F7704}
[2012.02.19 07:47:11 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{08173241-634E-446C-B45F-A4AB11706D88}
[2012.02.18 07:36:12 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{DBE45719-9F05-46EF-B52A-23FE766613FB}
[2012.02.18 07:36:01 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{EE05C8BE-4CE7-4407-BBAD-DA75CA77F202}
[2012.02.18 07:34:19 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{C5581D7A-6597-4D10-9FCF-CBA1693D6A7F}
[2012.02.17 12:35:40 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{373DDD9B-F4FB-4693-A3B7-A3C29345EF31}
[2012.02.17 12:35:29 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{1870EBC6-E744-4102-8B96-A509FE692A00}
[2012.02.16 23:05:27 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{A3BEE0C7-9879-4563-A805-0889748850E8}
[2012.02.16 23:05:08 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{431EB970-4890-4DE7-B51A-89643F315C52}
[2012.02.16 11:04:40 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7F930BAA-B898-4DCD-B9F4-6204CBB3883D}
[2012.02.16 11:04:18 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7B5ACA18-42A2-42C3-9AE1-349D84261063}
[2012.02.15 22:35:00 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{97DBDD8D-EB1D-4ED6-96E6-6828A0ACBDDD}
[2012.02.15 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{A5465003-14A9-4CD9-AA59-D6FFA2DB1BBB}
[2012.02.15 10:24:22 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{A299EB8D-8325-4524-9883-33BA6132C1AA}
[2012.02.15 10:24:00 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{79441F1E-E49A-4739-A2BC-36EF747739EA}
[2012.02.14 11:47:50 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{FDC17BA1-632C-4D60-8B06-465C31676CD1}
[2012.02.14 11:47:29 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{DB80ACF3-45BC-4FAA-9EC3-CAD36FF8E29A}
[2012.02.13 08:28:32 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{7CC6FDE3-CDA9-4C0D-9520-C08A2C55D383}
[2012.02.13 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{541880F6-5701-4EDA-BD79-B0A32E910C44}
[2012.02.12 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{58D01A54-1D17-45F7-BD17-5D3F0E8B9087}
[2012.02.12 20:27:25 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{A59D68CE-3E5A-4D45-A925-6A35BD37D7BD}
[2012.02.12 07:56:08 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{672C28F5-78F6-45E1-949A-8EB09400996C}
[2012.02.12 07:55:58 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{33945DA9-F67B-4C62-9ACA-A31C90492474}
[2012.02.11 09:38:06 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{28EC9B0B-1E9A-4B86-A87E-2C9C577422C5}
[2012.02.11 08:04:50 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{901B0DC1-7871-479C-A228-56FCA7B35592}
[2012.02.10 11:18:39 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{58D5D3B9-6BE1-4279-BEDB-AFF9D5DE8548}
[2012.02.10 11:18:17 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{8CEE0A11-EFDE-4B93-84C7-3F7E004ED9FA}
[2012.02.09 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{0650055D-47B1-44F9-A26E-4DA3C42F5BA9}
[2012.02.09 23:17:32 | 000,000,000 | ---D | C] -- C:\Users\Kerse\AppData\Local\{37414F4F-0A99-4B67-A502-8A3B7BD63404}

========== Files - Modified Within 30 Days ==========

[2012.03.10 19:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.10 19:30:23 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.10 16:47:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.10 16:38:30 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.10 16:38:30 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.10 16:03:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.08 18:00:33 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.08 16:09:26 | 000,001,133 | ---- | M] () -- C:\Users\Kerse\Desktop\Sweet Home 3D.lnk
[2012.03.07 07:41:57 | 001,529,492 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.07 07:41:57 | 000,657,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.07 07:41:57 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.07 07:41:57 | 000,131,296 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.07 07:41:57 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.17 17:41:23 | 000,424,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.17 12:34:31 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012.03.08 18:00:33 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.03.08 16:09:26 | 000,001,133 | ---- | C] () -- C:\Users\Kerse\Desktop\Sweet Home 3D.lnk
[2011.11.11 16:34:53 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.11.11 16:34:53 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.11.11 16:34:53 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.11.11 16:24:24 | 000,000,337 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.08.13 10:29:16 | 000,004,096 | -H-- | C] () -- C:\Users\Kerse\AppData\Local\keyfile3.drm
[2011.08.08 07:59:25 | 000,001,608 | ---- | C] () -- C:\Users\Kerse\AppData\Roaming\MyMicroBalanceConfig.ini
[2011.07.01 18:54:32 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.05 12:44:01 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.11.05 12:43:32 | 000,004,608 | ---- | C] () -- C:\Users\Kerse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.12 19:10:14 | 000,000,580 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.09 15:42:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.08 18:25:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.05 15:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Kerse\AppData\Roaming\wklnhst.dat
[2010.04.08 10:15:28 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.08 10:14:28 | 000,001,691 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.04.08 00:53:33 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.04.08 00:36:05 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.04.08 00:36:05 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.04.08 00:36:05 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.04.08 00:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2010.06.05 14:55:47 | 000,000,000 | -HSD | M] -- C:\Users\Kerse\AppData\Roaming\.#
[2010.06.25 12:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\Ace
[2010.06.05 14:55:39 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\GameConsole
[2010.07.13 11:41:05 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\GetRightToGo
[2010.10.12 19:06:43 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\gtk-2.0
[2010.12.28 16:00:41 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\Nokia
[2010.12.14 11:20:07 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\PacificPoker
[2010.08.01 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\PC Suite
[2010.06.08 18:46:23 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\PlayFirst
[2011.03.08 10:30:57 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\ScreeNet iSaver
[2010.06.11 15:11:16 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\The Inquisitor
[2010.06.08 18:56:15 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\ViquaSoft
[2011.01.30 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\Kerse\AppData\Roaming\Windows Live Writer
[2011.08.19 06:46:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010.11.13 12:24:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.08 00:40:27 | 000,000,000 | ---D | M] -- C:\BOOK
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.05 14:52:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.05 14:53:49 | 000,000,000 | ---D | M] -- C:\elements
[2010.02.11 03:04:05 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.06 17:23:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.06.05 14:52:28 | 000,000,000 | -H-D | M] -- C:\oem
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.11.23 21:20:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.08 16:09:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.10 19:39:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.05 14:52:02 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.05 14:52:02 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.11 16:25:10 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.03.10 16:44:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.17 12:30:20 | 000,000,000 | ---D | M] -- C:\Teamevent_Tankumsee
[2010.07.13 11:42:10 | 000,000,000 | ---D | M] -- C:\Tische beziehen
[2010.06.05 14:52:14 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.10 19:39:50 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.11 03:25:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.11 03:25:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.11 03:25:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.11 03:25:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2010.10.29 19:54:49 | 000,002,903 | ---- | M] () -- C:\Users\Kerse\.recently-used.xbel
[2010.07.10 09:21:33 | 000,002,007 | ---- | M] () -- C:\Users\Kerse\888poker.lnk
[2010.07.09 12:03:02 | 000,002,018 | ---- | M] () -- C:\Users\Kerse\Adobe Reader 9.lnk
[2010.11.20 10:09:40 | 000,000,120 | ---- | M] () -- C:\Users\Kerse\Anke Liepelt.vcf
[2010.11.20 10:09:40 | 000,000,133 | ---- | M] () -- C:\Users\Kerse\Ann.vcf
[2010.11.20 10:09:40 | 000,000,129 | ---- | M] () -- C:\Users\Kerse\Baldino 1 Andrea.vcf
[2010.11.20 10:09:40 | 000,000,131 | ---- | M] () -- C:\Users\Kerse\Baldino Andrea.vcf
[2010.11.20 10:09:40 | 000,000,196 | ---- | M] () -- C:\Users\Kerse\Barny Hase.vcf
[2010.11.20 10:09:40 | 000,000,135 | ---- | M] () -- C:\Users\Kerse\Benny.vcf
[2010.11.20 10:09:40 | 000,000,141 | ---- | M] () -- C:\Users\Kerse\bik Michael.vcf
[2010.11.20 10:09:41 | 000,000,114 | ---- | M] () -- C:\Users\Kerse\Bolz Dirk.vcf
[2010.11.20 10:09:41 | 000,000,141 | ---- | M] () -- C:\Users\Kerse\Brille Schmerschneider.vcf
[2010.11.20 10:09:40 | 000,000,150 | ---- | M] () -- C:\Users\Kerse\Bulle Benson.vcf
[2010.11.20 10:09:40 | 000,000,211 | ---- | M] () -- C:\Users\Kerse\Böhm Andreas.vcf
[2010.11.20 10:09:40 | 000,000,131 | ---- | M] () -- C:\Users\Kerse\Calandra Giacomo.vcf
[2010.11.20 10:09:40 | 000,000,129 | ---- | M] () -- C:\Users\Kerse\Creter Christoph.vcf
[2010.12.04 17:25:11 | 000,024,576 | ---- | M] () -- C:\Users\Kerse\Damen 9-Ball BM.xls
[2011.03.02 15:02:50 | 000,038,542 | ---- | M] () -- C:\Users\Kerse\est-10-1a.pdf
[2011.03.02 15:02:58 | 000,039,712 | ---- | M] () -- C:\Users\Kerse\est-10-1v.pdf
[2011.03.02 15:25:21 | 000,043,321 | ---- | M] () -- C:\Users\Kerse\est-10-anlage-n..pdf
[2011.03.02 15:03:10 | 000,043,321 | ---- | M] () -- C:\Users\Kerse\est-10-anlage-n.pdf
[2010.11.20 10:09:40 | 000,000,218 | ---- | M] () -- C:\Users\Kerse\Fabian Hölscher.vcf
[2010.11.20 10:09:40 | 000,000,221 | ---- | M] () -- C:\Users\Kerse\Federlechner Jörg.vcf
[2010.11.20 10:09:41 | 000,000,223 | ---- | M] () -- C:\Users\Kerse\Feickert Hausärztin.vcf
[2010.11.20 10:09:40 | 000,000,122 | ---- | M] () -- C:\Users\Kerse\Frank Fischer.vcf
[2010.11.20 10:09:41 | 000,000,113 | ---- | M] () -- C:\Users\Kerse\Gaetano.vcf
[2010.11.20 10:09:41 | 000,000,147 | ---- | M] () -- C:\Users\Kerse\Garbers Mirko.vcf
[2010.11.20 10:09:40 | 000,000,127 | ---- | M] () -- C:\Users\Kerse\Gieseke Ronnie.vcf
[2010.11.20 10:09:41 | 000,000,123 | ---- | M] () -- C:\Users\Kerse\Gruss Adrian.vcf
[2010.11.20 10:09:41 | 000,000,174 | ---- | M] () -- C:\Users\Kerse\Gustav.vcf
[2010.11.20 10:09:41 | 000,000,142 | ---- | M] () -- C:\Users\Kerse\Hackfresse.vcf
[2010.11.20 10:09:40 | 000,000,126 | ---- | M] () -- C:\Users\Kerse\han Monecke.vcf
[2010.11.20 10:09:40 | 000,000,123 | ---- | M] () -- C:\Users\Kerse\Harms Gerrit.vcf
[2010.11.20 10:09:40 | 000,000,176 | ---- | M] () -- C:\Users\Kerse\Henne.vcf
[2010.11.20 10:09:40 | 000,000,222 | ---- | M] () -- C:\Users\Kerse\Hoeft Familie.vcf
[2010.11.20 10:09:41 | 000,000,150 | ---- | M] () -- C:\Users\Kerse\Home Oliver.vcf
[2010.11.20 10:09:41 | 000,000,175 | ---- | M] () -- C:\Users\Kerse\Hubi.vcf
[2010.11.20 10:09:40 | 000,000,118 | ---- | M] () -- C:\Users\Kerse\Ina Schiwek.vcf
[2010.11.20 10:09:41 | 000,000,121 | ---- | M] () -- C:\Users\Kerse\Ince Bilgen.vcf
[2010.11.20 10:09:41 | 000,000,124 | ---- | M] () -- C:\Users\Kerse\Iris Powlikat.vcf
[2010.11.20 10:09:41 | 000,000,129 | ---- | M] () -- C:\Users\Kerse\Jo.vcf
[2010.11.20 10:09:41 | 000,000,106 | ---- | M] () -- C:\Users\Kerse\Jogi.vcf
[2011.12.12 08:51:36 | 000,432,918 | ---- | M] () -- C:\Users\Kerse\k.png
[2010.11.20 10:09:41 | 000,000,125 | ---- | M] () -- C:\Users\Kerse\Kappius Helen.vcf
[2010.11.20 10:09:40 | 000,000,166 | ---- | M] () -- C:\Users\Kerse\Kerse.vcf
[2010.11.20 10:09:40 | 000,000,135 | ---- | M] () -- C:\Users\Kerse\Kiki.vcf
[2010.11.20 10:09:40 | 000,000,125 | ---- | M] () -- C:\Users\Kerse\Krebs-Hartmann.vcf
[2010.11.20 10:09:40 | 000,000,127 | ---- | M] () -- C:\Users\Kerse\Krueger Doreen.vcf
[2010.11.20 10:09:40 | 000,000,129 | ---- | M] () -- C:\Users\Kerse\langnr Eggeling.vcf
[2010.11.20 10:09:40 | 000,000,122 | ---- | M] () -- C:\Users\Kerse\leeren Papier.vcf
[2010.11.20 10:09:41 | 000,000,120 | ---- | M] () -- C:\Users\Kerse\Liepelt Anke.vcf
[2010.11.20 10:09:41 | 000,000,146 | ---- | M] () -- C:\Users\Kerse\M Strauss.vcf
[2010.11.20 10:09:40 | 000,000,120 | ---- | M] () -- C:\Users\Kerse\Marcus Hopfe.vcf
[2010.11.20 10:09:41 | 000,000,112 | ---- | M] () -- C:\Users\Kerse\Martin.vcf
[2010.11.20 10:09:41 | 000,000,123 | ---- | M] () -- C:\Users\Kerse\Meike Seeger.vcf
[2010.11.20 10:09:40 | 000,000,125 | ---- | M] () -- C:\Users\Kerse\Meurer Jochen.vcf
[2010.11.20 10:09:41 | 000,000,119 | ---- | M] () -- C:\Users\Kerse\Meyer Greg.vcf
[2010.11.20 10:09:40 | 000,000,213 | ---- | M] () -- C:\Users\Kerse\Michael Prätz.vcf
[2012.02.06 17:52:17 | 000,014,421 | ---- | M] () -- C:\Users\Kerse\mitgliedsantrag 10-2011.pdf
[2010.11.20 10:09:40 | 000,000,122 | ---- | M] () -- C:\Users\Kerse\Mobilbox-Abfrage.vcf
[2010.11.20 10:09:40 | 000,000,131 | ---- | M] () -- C:\Users\Kerse\Mobilbox-Ausland.vcf
[2010.11.20 10:09:40 | 000,000,130 | ---- | M] () -- C:\Users\Kerse\Monecke Jens.vcf
[2011.08.08 07:53:21 | 000,003,037 | ---- | M] () -- C:\Users\Kerse\MyMicroBalance.lnk
[2011.08.09 12:18:51 | 000,051,515 | ---- | M] () -- C:\Users\Kerse\MyMicroBalance.mmb
[2010.11.20 10:09:40 | 000,000,129 | ---- | M] () -- C:\Users\Kerse\Nadine Gianotti.vcf
[2010.11.20 10:09:41 | 000,000,101 | ---- | M] () -- C:\Users\Kerse\Notruf.vcf
[2012.03.10 19:59:26 | 002,883,584 | -HS- | M] () -- C:\Users\Kerse\NTUSER.DAT
[2012.03.10 19:59:26 | 000,262,144 | -HS- | M] () -- C:\Users\Kerse\ntuser.dat.LOG1
[2010.06.05 14:52:15 | 000,000,000 | -HS- | M] () -- C:\Users\Kerse\ntuser.dat.LOG2
[2010.06.05 15:11:33 | 000,065,536 | -HS- | M] () -- C:\Users\Kerse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.06.05 15:11:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kerse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.05 15:11:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kerse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.06.05 14:52:15 | 000,000,020 | -HS- | M] () -- C:\Users\Kerse\ntuser.ini
[2010.11.20 10:09:41 | 000,000,112 | ---- | M] () -- C:\Users\Kerse\Olga Oma.vcf
[2010.11.20 10:09:41 | 000,000,127 | ---- | M] () -- C:\Users\Kerse\OP.vcf
[2010.11.20 10:09:40 | 000,000,123 | ---- | M] () -- C:\Users\Kerse\PanneAusland.vcf
[2011.02.08 14:43:55 | 017,468,504 | ---- | M] (pdfforge GbR) -- C:\Users\Kerse\PDFCreator-1_2_0_setup.exe
[2011.02.08 14:45:01 | 000,001,035 | ---- | M] () -- C:\Users\Kerse\PDFCreator.lnk
[2010.11.20 10:09:40 | 000,000,114 | ---- | M] () -- C:\Users\Kerse\Pizzawald.vcf
[2010.06.08 18:33:55 | 000,001,065 | ---- | M] () -- C:\Users\Kerse\PokerStars.lnk
[2011.08.26 11:20:56 | 000,001,160 | ---- | M] () -- C:\Users\Kerse\posterXXL.de Bestellsoftware.lnk
[2010.11.20 10:09:40 | 000,000,128 | ---- | M] () -- C:\Users\Kerse\privat Eggeling.vcf
[2010.06.20 15:48:22 | 000,001,849 | ---- | M] () -- C:\Users\Kerse\QuickTime Player.lnk
[2010.11.20 10:09:40 | 000,000,198 | ---- | M] () -- C:\Users\Kerse\Ralle.vcf
[2010.11.20 10:09:40 | 000,000,125 | ---- | M] () -- C:\Users\Kerse\Risinger Dean.vcf
[2010.11.20 10:09:41 | 000,000,180 | ---- | M] () -- C:\Users\Kerse\Roberta.vcf
[2010.11.20 10:09:40 | 000,000,107 | ---- | M] () -- C:\Users\Kerse\Rolf.vcf
[2010.11.20 10:09:40 | 000,000,213 | ---- | M] () -- C:\Users\Kerse\S Krämer.vcf
[2010.11.20 10:09:41 | 000,000,172 | ---- | M] () -- C:\Users\Kerse\Schmidt Olli.vcf
[2010.11.20 10:09:41 | 000,000,126 | ---- | M] () -- C:\Users\Kerse\Schuelzke Claas.vcf
[2010.11.20 10:09:40 | 000,000,126 | ---- | M] () -- C:\Users\Kerse\Schweigert Ede.vcf
[2010.11.20 10:09:41 | 000,000,126 | ---- | M] () -- C:\Users\Kerse\Steinberg Anja.vcf
[2010.11.20 10:09:40 | 000,000,125 | ---- | M] () -- C:\Users\Kerse\Sykora Familie.vcf
[2012.02.20 09:03:53 | 000,015,360 | -HS- | M] () -- C:\Users\Kerse\Thumbs.db
[2011.01.08 11:21:46 | 000,894,976 | ---- | M] () -- C:\Users\Kerse\twoandahalfmen-long..mp3
[2011.01.08 10:59:28 | 000,894,976 | ---- | M] () -- C:\Users\Kerse\twoandahalfmen-long.mp3
[2010.11.20 10:09:40 | 000,000,169 | ---- | M] () -- C:\Users\Kerse\Vereinsheim PBSG.vcf
[2010.11.06 09:11:22 | 000,000,623 | ---- | M] () -- C:\Users\Kerse\verkleinerer17 - Verknüpfung.lnk
[2010.11.20 10:09:40 | 000,000,113 | ---- | M] () -- C:\Users\Kerse\Vermittlung.vcf
[2011.09.11 20:34:59 | 000,032,071 | ---- | M] () -- C:\Users\Kerse\voranmeldung.pdf
[2010.10.06 19:04:57 | 000,098,304 | ---- | M] () -- C:\Users\Kerse\VS 2010-10.doc
[2010.11.03 20:04:59 | 000,102,912 | ---- | M] () -- C:\Users\Kerse\VS 2010-11.doc
[2010.11.20 10:09:41 | 000,000,139 | ---- | M] () -- C:\Users\Kerse\Waldi.vcf
[2010.11.20 10:09:41 | 000,000,128 | ---- | M] () -- C:\Users\Kerse\Widera Zahnarzt.vcf
[2011.02.22 13:03:37 | 000,450,936 | ---- | M] () -- C:\Users\Kerse\wobtown_classics-26.jpg
[2011.02.22 13:02:59 | 000,476,288 | ---- | M] () -- C:\Users\Kerse\wobtown_classics-31.jpg
[2011.02.22 13:03:54 | 000,531,029 | ---- | M] () -- C:\Users\Kerse\wobtown_classics-41.jpg
[2010.11.20 10:09:40 | 000,000,122 | ---- | M] () -- C:\Users\Kerse\Wolfgang Pick.vcf
[2011.03.11 11:45:43 | 000,009,611 | ---- | M] () -- C:\Users\Kerse\__securefeedback.ebay.de_ws_eBayISAPI.dll_ODRPrint.pdf
[2011.03.08 10:14:55 | 000,042,029 | ---- | M] () -- C:\Users\Kerse\__www.sky.de_web_abo_siebel_upgrade_boundary_agbRH.do.pdf
[2011.03.15 10:29:29 | 000,018,302 | ---- | M] () -- C:\Users\Kerse\__wwwapps.ups.com_pickup_processverification_loc=de_DE&IP.pdf

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA

< End of report >

 

Themen zu Windows gesperrt - 50 Euro inkl. OTL
.dll, 0x00000001, adobe, alternate, antivir, avira, bho, desktop, error, euro, excel, explorer, format, gesperrt, google earth, home, intranet, launch, locker, logfile, mywinlocker, nvidia, nvstor.sys, object, plug-in, pmmupdate.exe, programme, realtek, registry, required, rundll, scan, searchscopes, software, symantec, version=1.0, windows, winlogon.exe


« Unbekannte Programme versuchen, auf das Internet zuzugreifen - Ursprung unbekannt | Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt »


Ähnliche Themen: Windows gesperrt - 50 Euro inkl. OTL


  1. 50-Euro Bezahlen und Windows gesperrt ?
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  2. 50-Euro Bezahlen und Windows gesperrt ?
    Alles rund um Windows - 12.04.2012 (3)
  3. Schwarzer Bildschirm inkl. Deutschlandflagge, 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (1)
  4. Trojaner, Schwarzer Bildschirm inkl. Deutschlandflagge, 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (23)
  5. 50 Euro Trojaner Windows 7 gesperrt
    Log-Analyse und Auswertung - 23.03.2012 (3)
  6. Windows gesperrt, Zahlungsaufforderung 50 Euro
    Log-Analyse und Auswertung - 22.03.2012 (14)
  7. Windows gesperrt - 50 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (9)
  8. Windows aus Sicherheitsgründen gesperrt - 50 Euro
    Log-Analyse und Auswertung - 20.02.2012 (3)
  9. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 16.02.2012 (13)
  10. Windows gesperrt 50 euro
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (1)
  11. Windows Gesperrt 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (10)
  12. 50 Euro Virus Windows gesperrt
    Log-Analyse und Auswertung - 11.02.2012 (62)
  13. 50 Euro, Windows gesperrt
    Log-Analyse und Auswertung - 10.02.2012 (10)
  14. 50 euro bezahlen, windows gesperrt
    Log-Analyse und Auswertung - 10.02.2012 (1)
  15. Windows gesperrt 50 Euro
    Log-Analyse und Auswertung - 21.01.2012 (1)
  16. Windows gesperrt - 50 Euro zu zahlen
    Log-Analyse und Auswertung - 20.01.2012 (12)
  17. windows gesperrt....50 euro zahlen
    Log-Analyse und Auswertung - 28.12.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows gesperrt - 50 Euro inkl. OTL - Hallo Zusammen, ich bin leider auch Opfer geworden. Windows gesperrt, 50 Euro und nix geht mehr. Bin jetzt den allgemeinen Anweisungen erst mal gefolt, hab eine OTL.Txt erstellt. Bitte helft - Windows gesperrt - 50 Euro inkl. OTL...
Archiv
Du betrachtest: Windows gesperrt - 50 Euro inkl. OTL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130