Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.06.2013, 20:11   #1
Flynoid
 
Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich - Standard

Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich



Guten Tag alle zusammen!

Ich habe heute einen bekannten Trojaner auf meinem Laptop bekommen. Ich dachte mir passiert sowas nie,..
Wie dem auch sei, ich habe von Oldtimer, die Otlpenet.exe Datei auf eine Boot-CD gepackt und auf dem verseuchten Laptop abgespielt. Scan ist gemacht.
Jetzt weis ich natürlich nicht, wie ich diese Textdatei entschlüsseln soll und wo ich das Problem anpacken und beseitigen kann.
Ich bitte also das erfahre Helfer Team um Hilfe!

Wenn es geht, so bald wie möglich, denn der Laptop wird dringend benötigt.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/27/2013 9:29:36 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 11.53 Gb Free Space | 6.19% Space Free | Partition Type: NTFS
Drive D: | 184.84 Gb Total Space | 7.78 Gb Free Space | 4.21% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] -- -- (HWDeviceService.exe)
SRV - [2013/06/17 14:17:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 18:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/24 15:14:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 09:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/05/08 08:46:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 08:46:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/23 12:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/12/23 06:03:30 | 000,655,712 | ---- | M] () [Auto] -- C:\Program Files\Kanguru\UpdateDog\ouc.exe -- (Kanguru. RunOuc)
SRV - [2011/04/26 07:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010/05/28 02:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/04/16 15:31:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/04/30 06:23:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/24 05:40:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/04/21 16:07:04 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/04/16 12:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/15 11:03:40 | 000,656,752 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/04/01 12:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 10:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/23 08:30:36 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/03/17 05:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 12:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/02/11 07:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 12:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - [2012/12/18 05:06:00 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/09/20 00:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV - [2012/09/20 00:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/09/20 00:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/05/08 08:46:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 08:46:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/30 21:22:07 | 000,245,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/12/30 21:20:23 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/11/24 07:30:00 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/07/26 21:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/28 02:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 22:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/26 22:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010/04/26 22:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010/04/26 22:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/03/20 00:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/04/24 08:29:28 | 000,163,840 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/21 17:30:14 | 004,491,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/03/20 17:29:18 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/03/18 05:44:54 | 000,022,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/01/27 13:12:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/11/17 01:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/11/11 12:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/05/16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/07 05:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008/02/06 18:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/09 05:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/12/14 05:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 08:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Fab_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=355ce020-b6e1-4456-b90d-32c2c488442c&sp=addr&q={searchTerms}
IE - HKU\Fab_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Fab_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=355ce020-b6e1-4456-b90d-32c2c488442c&sp=addr&q={searchTerms}
IE - HKU\Fab_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed-msgplus.linkury.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=DE&userid=355ce020-b6e1-4456-b90d-32c2c488442c&sp=addr&q={searchTerms}
IE - HKU\Fab_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Fab_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Fab_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Plus! Network"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=addr&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Fab\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fab\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/11 18:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/24 15:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 15:14:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/24 15:14:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 15:14:13 | 000,000,000 | ---D | M]
 
[2009/11/23 12:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\Mozilla\Extensions
[2013/04/17 09:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\extensions
[2010/11/02 15:30:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/18 22:00:17 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\extensions\toolbar@ask.com
[2013/02/08 09:53:16 | 000,002,333 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\searchplugins\askcom.xml
[2012/06/14 13:11:53 | 000,002,422 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\searchplugins\Messenger Plus Smartbar Search.xml
[2013/06/25 15:19:54 | 000,002,770 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\wnmuw5c9.default\searchplugins\Plusnetwork.xml
[2013/05/24 15:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/24 15:14:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/24 15:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/24 15:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/24 15:14:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- 
() (No name found) -- C:\USERS\FAB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WNMUW5C9.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\Fab_ON_C..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Fab_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Fab_ON_C..\Run: [GoogleChromeAutoLaunch_7D1E69000CD48E322E46164EB2344E68] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Fab_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Fab_ON_C Winlogon: Shell - (C:\Users\Fab\AppData\Roaming\skype.dat) - C:\Users\Fab\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{56115174-8e1e-11de-b90b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{56115174-8e1e-11de-b90b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a6f395dc-e3e3-11e1-ab26-001e657428a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f395dc-e3e3-11e1-ab26-001e657428a8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a6f395f2-e3e3-11e1-ab26-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f395f2-e3e3-11e1-ab26-001e101f63cf}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/24 17:14:34 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\No23 Recorder
[2013/06/24 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2013/06/24 16:36:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/21 11:16:45 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Ab 20.Juni
[2013/06/18 14:28:19 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Fachberichte
[2013/06/17 21:06:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/17 21:06:13 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/06/17 21:06:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/17 21:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/17 21:06:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/17 21:06:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/17 21:06:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/17 21:06:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/06/17 21:06:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/17 21:06:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/17 14:32:30 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2013/06/17 14:32:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/17 14:32:07 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/17 14:32:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/17 14:31:55 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/17 14:31:54 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/17 14:31:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/02 05:14:02 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\a
[2013/05/31 14:53:34 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\babe kleid bday
[2013/05/31 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Juni 2013
[2009/10/22 14:51:15 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeEEE1.dll
[2009/06/16 08:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Fab\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Fab\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Fab\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Fab\AppData\Local\bass.dll
[3 C:\Users\Fab\Documents\*.tmp files -> C:\Users\Fab\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/27 14:15:16 | 000,000,004 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\skype.ini
[2013/06/27 14:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/27 14:15:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/27 14:13:34 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2057394067-3882106823-432610014-1000UA.job
[2013/06/27 14:13:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/27 14:13:34 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013/06/27 14:13:32 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013/06/27 13:02:14 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/27 13:01:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/27 13:01:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/27 13:00:55 | 3182,309,376 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 16:46:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2057394067-3882106823-432610014-1000Core.job
[2013/06/26 16:10:58 | 000,030,073 | ---- | M] () -- C:\Users\Fab\Desktop\431961_384232688362738_57958511_n.jpg
[2013/06/26 15:57:33 | 000,051,392 | ---- | M] () -- C:\Users\Fab\Desktop\1014349_585708731451286_88497893_n.jpg
[2013/06/26 15:26:54 | 000,097,696 | ---- | M] () -- C:\Users\Fab\Desktop\3246616.jpg
[2013/06/25 16:26:19 | 000,089,757 | ---- | M] () -- C:\Users\Fab\Desktop\179793_485742468162113_1258591522_n.jpg
[2013/06/25 00:19:03 | 001,262,138 | ---- | M] () -- C:\Users\Fab\Desktop\s.jpg
[2013/06/24 17:18:37 | 000,001,468 | ---- | M] () -- C:\Users\Fab\AppData\Local\RecConfig.xml
[2013/06/24 17:14:35 | 000,000,804 | ---- | M] () -- C:\Users\Fab\Desktop\No23 Recorder.lnk
[2013/06/24 16:35:26 | 000,026,229 | ---- | M] () -- C:\Users\Fab\Desktop\fam.jpg
[2013/06/24 16:34:09 | 000,039,704 | ---- | M] () -- C:\Users\Fab\Desktop\tumblr_mowzkmTyzc1rxjs5no1_500.jpg
[2013/06/24 15:05:28 | 000,052,717 | ---- | M] () -- C:\Users\Fab\Desktop\943211_483347158420703_391288520_n.jpg
[2013/06/23 14:22:24 | 000,057,536 | ---- | M] () -- C:\Users\Fab\Desktop\600170_476369649118910_1313666087_n.jpg
[2013/06/23 03:49:34 | 000,024,865 | ---- | M] () -- C:\Users\Fab\Desktop\600769_476363182452890_2046756267_n.jpg
[2013/06/22 14:07:34 | 000,083,723 | ---- | M] () -- C:\Users\Fab\Desktop\1010018_392742584178761_322904930_n.jpg
[2013/06/22 14:07:26 | 000,028,932 | ---- | M] () -- C:\Users\Fab\Desktop\270434_476116659144209_2121166292_n.jpg
[2013/06/22 10:52:32 | 000,029,699 | ---- | M] () -- C:\Users\Fab\Desktop\1005868_476115722477636_1444596402_n.jpg
[2013/06/22 07:27:23 | 000,173,391 | ---- | M] () -- C:\Users\Fab\Desktop\1017115_484406221629071_538348959_n.jpg
[2013/06/22 06:44:30 | 007,715,249 | ---- | M] () -- C:\Users\Fab\Desktop\Elijah king ft. 2Nyce- Quitate La Ropa _NEW OFFICIAL VIDEO 2012_.mp3
[2013/06/22 03:32:37 | 000,060,421 | ---- | M] () -- C:\Users\Fab\Desktop\988603_600227320009424_1548788153_n.jpg
[2013/06/21 16:54:19 | 000,031,676 | ---- | M] () -- C:\Users\Fab\Desktop\983598_475705575851984_362062696_n.jpg
[2013/06/21 15:55:12 | 000,079,797 | ---- | M] () -- C:\Users\Fab\Desktop\6462_475709289184946_1270936095_n.jpg
[2013/06/21 15:06:15 | 000,063,006 | ---- | M] () -- C:\Users\Fab\Desktop\983951_538749032849363_653290601_n.jpg
[2013/06/21 12:06:22 | 009,731,704 | ---- | M] () -- C:\Users\Fab\Desktop\One republic - If I lose myself.mp3
[2013/06/21 12:01:14 | 008,617,234 | ---- | M] () -- C:\Users\Fab\Desktop\Madcon feat. Kelly Rowland - One Life.mp3
[2013/06/21 11:48:36 | 009,951,056 | ---- | M] () -- C:\Users\Fab\Desktop\Snoop Lion_ Ashtrays and Heartbreaks ft. Miley Cyrus [song].mp3
[2013/06/21 11:31:49 | 000,027,648 | -H-- | M] () -- C:\Users\Fab\Desktop\photothumb.db
[2013/06/21 11:19:59 | 000,088,362 | ---- | M] () -- C:\Users\Fab\Desktop\15. und 16. Juni - Ulm mit Michelle, Crisi, Filipe.jpg
[2013/06/21 11:14:58 | 009,460,736 | ---- | M] () -- C:\Users\Fab\Desktop\Miley Cyrus - We can´t stop.mp3
[2013/06/17 14:17:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/17 14:17:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/16 16:25:05 | 000,148,480 | ---- | M] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/12 17:25:44 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/06/12 17:25:44 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/12 17:25:44 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/06/12 17:25:44 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/09 16:07:40 | 000,289,522 | ---- | M] () -- C:\Users\Fab\Desktop\Scannen0007.jpg
[2013/06/09 15:16:04 | 000,319,787 | ---- | M] () -- C:\Users\Fab\Desktop\Liniennetzplan.pdf
[3 C:\Users\Fab\Documents\*.tmp files -> C:\Users\Fab\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/27 12:51:17 | 000,000,004 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\skype.ini
[2013/06/26 16:10:57 | 000,030,073 | ---- | C] () -- C:\Users\Fab\Desktop\431961_384232688362738_57958511_n.jpg
[2013/06/26 15:57:32 | 000,051,392 | ---- | C] () -- C:\Users\Fab\Desktop\1014349_585708731451286_88497893_n.jpg
[2013/06/26 15:26:54 | 000,097,696 | ---- | C] () -- C:\Users\Fab\Desktop\3246616.jpg
[2013/06/25 16:26:18 | 000,089,757 | ---- | C] () -- C:\Users\Fab\Desktop\179793_485742468162113_1258591522_n.jpg
[2013/06/25 00:19:25 | 001,262,138 | ---- | C] () -- C:\Users\Fab\Desktop\s.jpg
[2013/06/24 17:18:37 | 000,001,468 | ---- | C] () -- C:\Users\Fab\AppData\Local\RecConfig.xml
[2013/06/24 17:14:35 | 000,000,804 | ---- | C] () -- C:\Users\Fab\Desktop\No23 Recorder.lnk
[2013/06/24 16:35:24 | 000,026,229 | ---- | C] () -- C:\Users\Fab\Desktop\fam.jpg
[2013/06/24 16:34:08 | 000,039,704 | ---- | C] () -- C:\Users\Fab\Desktop\tumblr_mowzkmTyzc1rxjs5no1_500.jpg
[2013/06/24 15:05:24 | 000,052,717 | ---- | C] () -- C:\Users\Fab\Desktop\943211_483347158420703_391288520_n.jpg
[2013/06/23 14:22:21 | 000,057,536 | ---- | C] () -- C:\Users\Fab\Desktop\600170_476369649118910_1313666087_n.jpg
[2013/06/23 03:49:32 | 000,024,865 | ---- | C] () -- C:\Users\Fab\Desktop\600769_476363182452890_2046756267_n.jpg
[2013/06/22 14:07:33 | 000,083,723 | ---- | C] () -- C:\Users\Fab\Desktop\1010018_392742584178761_322904930_n.jpg
[2013/06/22 14:07:24 | 000,028,932 | ---- | C] () -- C:\Users\Fab\Desktop\270434_476116659144209_2121166292_n.jpg
[2013/06/22 10:52:31 | 000,029,699 | ---- | C] () -- C:\Users\Fab\Desktop\1005868_476115722477636_1444596402_n.jpg
[2013/06/22 07:27:23 | 000,173,391 | ---- | C] () -- C:\Users\Fab\Desktop\1017115_484406221629071_538348959_n.jpg
[2013/06/22 06:44:08 | 007,715,249 | ---- | C] () -- C:\Users\Fab\Desktop\Elijah king ft. 2Nyce- Quitate La Ropa _NEW OFFICIAL VIDEO 2012_.mp3
[2013/06/22 03:32:37 | 000,060,421 | ---- | C] () -- C:\Users\Fab\Desktop\988603_600227320009424_1548788153_n.jpg
[2013/06/21 16:54:18 | 000,031,676 | ---- | C] () -- C:\Users\Fab\Desktop\983598_475705575851984_362062696_n.jpg
[2013/06/21 15:55:12 | 000,079,797 | ---- | C] () -- C:\Users\Fab\Desktop\6462_475709289184946_1270936095_n.jpg
[2013/06/21 15:06:15 | 000,063,006 | ---- | C] () -- C:\Users\Fab\Desktop\983951_538749032849363_653290601_n.jpg
[2013/06/21 12:06:21 | 009,731,704 | ---- | C] () -- C:\Users\Fab\Desktop\One republic - If I lose myself.mp3
[2013/06/21 12:00:48 | 008,617,234 | ---- | C] () -- C:\Users\Fab\Desktop\Madcon feat. Kelly Rowland - One Life.mp3
[2013/06/21 11:47:59 | 009,951,056 | ---- | C] () -- C:\Users\Fab\Desktop\Snoop Lion_ Ashtrays and Heartbreaks ft. Miley Cyrus [song].mp3
[2013/06/21 11:20:50 | 000,088,362 | ---- | C] () -- C:\Users\Fab\Desktop\15. und 16. Juni - Ulm mit Michelle, Crisi, Filipe.jpg
[2013/06/21 11:14:17 | 009,460,736 | ---- | C] () -- C:\Users\Fab\Desktop\Miley Cyrus - We can´t stop.mp3
[2013/06/09 16:07:42 | 000,289,522 | ---- | C] () -- C:\Users\Fab\Desktop\Scannen0007.jpg
[2013/06/09 15:15:59 | 000,319,787 | ---- | C] () -- C:\Users\Fab\Desktop\Liniennetzplan.pdf
[2012/12/18 05:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/10/11 17:17:16 | 006,908,648 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/10/11 17:17:16 | 000,017,680 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/01/11 14:04:43 | 000,069,632 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\skype.dat
[2011/03/28 10:20:37 | 000,000,132 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/17 11:37:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/03/17 11:37:36 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/29 12:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 12:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 12:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 12:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/07/22 16:34:23 | 000,119,478 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/07/22 16:31:52 | 000,163,751 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2010/07/22 16:31:52 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2010/03/25 13:20:30 | 000,007,052 | ---- | C] () -- C:\Users\Fab\AppData\Local\d3d9caps.dat
[2010/02/27 15:21:02 | 000,017,408 | ---- | C] () -- C:\Users\Fab\AppData\Local\WebpageIcons.db
[2010/01/20 16:38:21 | 000,163,769 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/01/20 16:36:17 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/01/19 17:44:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/01/12 11:58:00 | 000,016,484 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\wklnhst.dat
[2009/12/10 13:29:01 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009/10/24 07:17:03 | 000,028,800 | ---- | C] () -- C:\Program Files\s0beit_hack_a3v5.raw
[2009/10/24 07:17:03 | 000,026,123 | ---- | C] () -- C:\Program Files\s0beit_hack.ini
[2009/10/20 07:47:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 07:47:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/15 11:21:35 | 000,000,206 | ---- | C] () -- C:\Windows\SCHMIDT.INI
[2009/10/13 11:04:50 | 000,148,480 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/13 10:52:16 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2009/10/12 14:33:51 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2009/09/23 18:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/21 03:23:54 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/08/21 02:56:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/21 02:53:58 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/08/21 02:53:58 | 000,184,751 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/21 02:53:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/21 02:53:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/06/16 08:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009/06/09 05:02:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2009/06/09 04:59:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/06/09 03:31:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/29 10:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 10:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/01 20:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2008/01/21 03:15:58 | 000,628,992 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,126,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Fab\AppData\Local\lame_enc.dll
[2007/04/27 04:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,861,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,246 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,320 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Fab\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Fab\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Fab\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Fab\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Fab\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2012/10/07 09:09:59 | 000,000,000 | -HSD | M] -- C:\Users\Fab\AppData\Roaming\.#
[2010/03/14 13:10:55 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Azureus
[2013/06/27 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\BrowserCompanion
[2010/11/28 11:34:55 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Canneverbe Limited
[2012/10/11 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\dBpoweramp
[2012/11/04 12:31:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft
[2012/11/04 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/23 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\fltk.org
[2009/12/11 20:08:04 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\funkitron
[2012/08/01 05:47:39 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Garmin
[2013/04/17 09:40:59 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\gtk-2.0
[2011/07/29 09:35:30 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Jens Lorek
[2009/12/11 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\LoCo
[2013/04/10 13:02:46 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\MAGIX
[2013/04/10 14:04:00 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\MotionStudios
[2013/04/07 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Music Editor Free
[2010/03/24 08:21:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Nettalk
[2009/11/13 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org
[2009/10/14 13:59:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\PasswordSafe
[2010/06/29 13:08:55 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\PhotoScape
[2012/09/07 11:57:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Rovio
[2013/01/17 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Samsung
[2013/04/05 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\simplitec
[2012/05/07 10:29:55 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Spotify
[2009/11/09 11:10:50 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\temp
[2010/01/12 11:58:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Template
[2009/12/08 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\toshiba
[2010/07/22 04:57:34 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TubeBox
[2013/03/29 10:17:55 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent
[2009/10/14 12:56:41 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VistaCodecs
[2012/06/02 15:46:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\WhatPulse
[2009/12/10 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\WildTangentv1001
[2013/03/28 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\XMedia Recode
[2012/02/16 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Youtube Downloader HD
[2013/03/16 03:47:49 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/12/11 20:13:53 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2009/10/12 11:24:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/03/09 15:49:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2009/10/24 15:03:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2010/11/28 11:34:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2012/08/11 17:47:31 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/12 11:24:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/12 11:24:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/12/23 17:34:48 | 000,000,000 | ---D | M] -- C:\ProgramData\fltk.org
[2012/10/22 12:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2009/12/10 17:51:29 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios
[2009/10/12 10:23:50 | 000,000,000 | ---D | M] -- C:\ProgramData\IsolatedStorage
[2012/08/11 17:46:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Kanguru
[2011/12/18 07:21:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Linkury
[2013/04/10 12:39:32 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/02/12 20:09:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2013/01/06 10:03:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus! for Skype
[2012/09/22 18:59:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2012/09/23 05:24:04 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2013/04/07 06:22:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2011/03/28 08:13:27 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/01/17 13:15:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2013/04/06 15:48:58 | 000,000,000 | ---D | M] -- C:\ProgramData\simplitec
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/12 11:24:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/10/14 13:59:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/08/21 03:20:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA
[2009/10/12 11:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2009/06/09 05:08:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista32
[2009/06/09 05:04:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista64
[2009/10/14 12:56:41 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2009/10/12 11:24:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/12/11 20:18:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/01/16 05:37:42 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/06/09 05:04:44 | 000,000,000 | ---D | M] -- C:\ProgramData\XP
[2009/06/09 05:38:20 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/04 08:43:42 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/17 04:38:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/06/26 16:46:02 | 000,001,108 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2057394067-3882106823-432610014-1000Core.job
[2013/06/27 14:13:34 | 000,001,130 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2057394067-3882106823-432610014-1000UA.job
[2013/06/17 21:24:47 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/06/27 14:13:32 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013/06/27 14:13:34 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/10/17 12:30:14 | 000,000,000 | ---D | M](C:\Users\Fab\Desktop\Important?) -- C:\Users\Fab\Desktop\Important♥
[2012/09/16 09:18:56 | 000,000,000 | ---D | C](C:\Users\Fab\Desktop\Important?) -- C:\Users\Fab\Desktop\Important♥
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Fab\Desktop\Velha Portista - Paródia no Metro.mp4:TOC.WMV
@Alternate Data Stream - 40 bytes -> C:\Users\Fab\AppData\Roaming:NT
< End of report >
         
--- --- ---


Grüße Flynoid

Alt 27.06.2013, 20:32   #2
t'john
/// Helfer-Team
 
Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich - Standard

Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich





Fixen mit OTLpe

  • Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:
ATTFilter
:OTL

O4 - Startup: C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found 
O20 - HKU\Fab_ON_C Winlogon: Shell - (C:\Users\Fab\AppData\Roaming\skype.dat) - C:\Users\Fab\AppData\Roaming\skype.dat () 
[2013/06/27 14:15:16 | 000,000,004 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\skype.ini 
@Alternate Data Stream - 64 bytes -> C:\Users\Fab\Desktop\Velha Portista - Paródia no Metro.mp4:TOC.WMV 
@Alternate Data Stream - 40 bytes -> C:\Users\Fab\AppData\Roaming:NT 
[2012/01/11 14:04:43 | 000,069,632 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\skype.dat 
[2012/10/07 09:09:59 | 000,000,000 | -HSD | M] -- C:\Users\Fab\AppData\Roaming\.#
         
  • Klicke jetzt auf den Fix Button.
  • Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
  • Kopiere nun dessen Inhalt hier in deinen Thread.




dann normal neustarten und:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 30.09.2013, 08:25   #3
t'john
/// Helfer-Team
 
Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich - Standard

Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Alt 30.09.2013, 11:13   #4
Flynoid
 
Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich - Standard

Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich



Guten Tag t'john!

Das Problem hat sich aufgelöst, da ich die genannten Schritte absolviert habe. Für in Zukunft Hilfesuchenden: Die Methode 'mit der CD' hat bei mir ausgereicht. Kein Formatieren, kein löschen von Daten notwendig.

Für die verspätete Rückmeldung entschuldige ich mich.

Schönen Tag noch,
Flynoid

Antwort

Themen zu Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich
antivir, avira, bho, bonjour, computer, converter, desktop, device driver, downloader, dringend, ebay, error, firefox, flash player, home, logfile, mp3, object, problem, realtek, registry, scan, smartbar, software, tarma, trojaner, virus, vista, youtube downloader



Ähnliche Themen: Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich


  1. Herunterfahren nicht möglich, Versuch über "ausführen" legt alles lahm, nun keine Aktionen mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (13)
  2. PC startet ständig neu - keine aktionen möglich
    Netzwerk und Hardware - 25.07.2014 (22)
  3. Nach Neustart von Windows 7 keine Aktionen (Maus+Tastatur) mehr möglich! Allerdings kein Freeze!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (5)
  4. Win 8.1 64bit, Computer gesperrt mit Trojaner (GUV?) nach Übernahme, Neuinstallation etc. nicht möglich
    Log-Analyse und Auswertung - 21.12.2013 (5)
  5. Computer gesperrt- GVU Virus
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (31)
  6. GVU Trojaner hat Windows 7 gesperrt / Webcam / paysafecard oder ukash
    Log-Analyse und Auswertung - 28.04.2013 (13)
  7. Polizei Virus Computer gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (4)
  8. GVU-Virus, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (8)
  9. Computer gesperrt - Paysafe-Card Virus - keine Aktion möglich
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (29)
  10. GVU Trojaner hat Windows 7 gesperrt / Webcam / paysafecard oder ukash
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (13)
  11. GVU BSI Virus hat mein Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (19)
  12. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  13. Computer gesperrt - Trojaner mit ukash und paysafecard
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (11)
  14. Virus hat Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  15. AKM -ihr Computer wurde gesperrt -50€ PaySafeCard
    Log-Analyse und Auswertung - 25.05.2012 (41)
  16. AKM hat meinen Pc gesperrt 50 € Strafe (Paysafecard)
    Log-Analyse und Auswertung - 18.04.2012 (7)
  17. Keine exe, lnk und reg Aktionen mehr :(
    Plagegeister aller Art und deren Bekämpfung - 01.04.2005 (3)

Zum Thema Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich - Guten Tag alle zusammen! Ich habe heute einen bekannten Trojaner auf meinem Laptop bekommen. Ich dachte mir passiert sowas nie,.. Wie dem auch sei, ich habe von Oldtimer, die Otlpenet.exe - Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich...
Archiv
Du betrachtest: Computer gesperrt - GVU (Paysafecard) Virus - keine Aktionen möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.