Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Security Fenster - Achtung ihr Computer wurde gesperrt! (https://www.trojaner-board.de/108871-windows-security-fenster-achtung-computer-wurde-gesperrt.html)

klaus.k 01.02.2012 17:15
Windows Security Fenster - Achtung ihr Computer wurde gesperrt!
 
Halli Hallo,

ich habe hier das selbe Problem wie hier, und wollte lieber vorher Fragen, bevor ich was kaputt mache, ob ich genauso vorgehen muss, oder muss was von den Dateipfaden geändert werden?


Hier die OTL-Datei:
HTML-Code:
OTL logfile created on: 01.02.2012 16:53:49 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = K:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 79,21% Memory free
5,98 Gb Paging File | 5,45 Gb Available in Paging File | 91,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,06 Gb Total Space | 14,31 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 18,90 Gb Free Space | 75,58% Space Free | Partition Type: NTFS
Drive I: | 48,82 Gb Total Space | 2,99 Gb Free Space | 6,12% Space Free | Partition Type: NTFS
Drive J: | 1222,27 Gb Total Space | 19,15 Gb Free Space | 1,57% Space Free | Partition Type: NTFS
Drive K: | 1,87 Gb Total Space | 0,52 Gb Free Space | 27,91% Space Free | Partition Type: FAT
 
Computer Name: GOTT-PC | User Name: Gott | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.02.01 16:40:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.15 18:01:59 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.05.18 10:53:44 | 001,496,576 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011.05.18 10:53:44 | 000,346,112 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2010.03.21 19:19:50 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012.01.16 19:19:03 | 000,909,152 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.20 13:50:18 | 000,152,064 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.12.08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.07.21 10:13:34 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.17 11:54:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.04.05 18:18:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 10:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.07 01:01:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.08.14 23:41:22 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.09.24 11:56:00 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.08.19 11:09:26 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.08.19 11:09:26 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.10 10:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.05 15:10:19 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.12.02 11:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 11:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.12.02 11:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 13:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 13:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 11:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 11:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.10.21 08:45:18 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.10.21 08:45:16 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.10.21 08:45:16 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010.10.08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.07.17 11:54:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.18 18:10:34 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.18 18:10:34 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.03.19 21:09:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.21 20:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2009.12.21 20:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.16 10:18:02 | 000,489,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.05.29 12:30:38 | 000,508,160 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.02.04 09:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://mystart.incredimail.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.38
FF - prefs.js..extensions.enabledItems: {ec8030f7-c20a-464f-9b1e-13a3a9e97399}:0.1.9.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {BFB5F154-9212-46F3-B547-AC6106030A54}:1.0.8
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.47
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=&mid=241103c058d37a7478a94bfa2256c206-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=9.0.0.18.1&lang=de&pr=fr&d=2011-12-04%2011%3A29%3A37&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.24 11:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.11 14:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.07 19:00:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 19:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 16:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.19 17:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.07 19:00:24 | 000,000,000 | ---D | M]
 
[2010.05.07 11:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Extensions
[2010.05.07 11:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.01 16:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions
[2010.05.13 20:05:10 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011.08.07 19:15:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.13 20:05:11 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2010.05.13 20:05:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.21 08:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.04.08 19:46:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.12 21:57:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] ("Ewock Toolbar">) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] ("Fasterfox [de]") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.29 15:59:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] (Cryptload Link Copier) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{ec8030f7-c20a-464f-9b1e-13a3a9e97399}
[2010.11.30 18:57:09 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\ConsumerInput@Compete
[2010.05.13 20:05:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.05.13 20:05:10 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\searchrecs@veoh.com
[2011.08.07 19:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\staged-xpis
[2008.11.25 10:36:28 | 000,000,681 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\ask.xml
[2009.06.21 12:06:02 | 000,000,884 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\conduit.xml
[2009.01.06 19:38:36 | 000,000,523 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\daemon-search.xml
[2008.11.07 17:47:16 | 000,005,310 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\footiefox.xml
[2012.01.29 09:58:28 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-1.xml
[2008.11.25 14:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-2.xml
[2008.12.18 19:38:50 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-3.xml
[2010.04.03 09:53:24 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-4.xml
[2010.05.07 11:55:18 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-5.xml
[2011.08.05 21:32:46 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-6.xml
[2011.11.27 15:25:09 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-7.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin.xml
[2010.05.07 12:15:54 | 000,002,149 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\MyStart Search.xml
[2010.03.22 18:43:44 | 000,000,266 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\Search.xml
[2010.03.22 18:01:32 | 000,001,040 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\yahoo-zugo.xml
[2012.02.01 16:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.24 11:56:44 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010.03.23 19:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2011.05.07 19:00:24 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2012.01.16 19:19:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 19:19:02 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [vasja] C:\Users\Gott\AppData\Local\Temp\0.7522183516244759.exe (Orb Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAED20F-C6E0-48CA-B9F3-31488A888F57}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6319CFE3-4E5C-4BDA-BC25-DD1BA26A7277}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5EA307F-9BD3-4313-AFDD-2CAEF080DB09}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\configure\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\install\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell\AutoRun\command - "" = N:\shelexec.exe .\start.htm
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell\verb\command - "" = N:\shelexec.exe .\start.htm
O33 - MountPoints2\{eae5e92e-a93a-11e0-a864-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{eae5e92e-a93a-11e0-a864-4061865ee25c}\Shell\AutoRun\command - "" = O:\Startme.exe
O33 - MountPoints2\{eae5e937-a93a-11e0-a864-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{eae5e937-a93a-11e0-a864-4061865ee25c}\Shell\AutoRun\command - "" = O:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1ED62F6C-53D1-72E3-EC87-93D67714676F} - Microsoft Windows Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BA0EA1D-93F7-4BF3-245A-1CAE27203533} - Microsoft Windows Media Player
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Gott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AdobeCS4ServiceManager[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]AlcoholAutomount[/b] - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: [b]AVMWlanClient[/b] - hkey= - key= - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: [b]BrMfcWnd[/b] - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: [b]ControlCenter3[/b] - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: [b]IAStorIcon[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]ICQ[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]IncrediMail[/b] - hkey= - key= - C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
MsConfig - StartUpReg: [b]msnmsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]NokiaMServer[/b] - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: [b]NokiaOviSuite2[/b] - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: [b]PC Suite Tray[/b] - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: [b]Sony Ericsson PC Companion[/b] - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
MsConfig - StartUpReg: [b]Sony Ericsson PC Suite[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]Ulead AutoDetector v2[/b] - hkey= - key= - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.01.26 20:32:09 | 000,000,000 | R-SD | C] -- C:\Users\Gott\Documents\My Stationery
[2012.01.11 14:13:17 | 000,000,000 | ---D | C] -- C:\Users\Gott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHeart® CD-ROM
[2012.01.11 14:09:49 | 000,000,000 | ---D | C] -- C:\Users\Gott\Desktop\Winheart
[2012.01.06 20:19:37 | 000,000,000 | ---D | C] -- C:\Users\Gott\Desktop\Brain Academy
[2012.01.02 20:38:40 | 000,000,000 | ---D | C] -- C:\Users\Gott\AppData\Local\WBFSManager
[2012.01.02 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2012.01.02 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\Gott\Documents\WBFS Manager Covers
[2012.01.02 20:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012.01.02 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Gott\Desktop\Wii
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.02.01 16:45:13 | 000,707,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.01 16:45:13 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.01 16:45:13 | 000,152,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.01 16:45:13 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.01 16:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.01 16:33:11 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.01 16:27:31 | 000,000,000 | ---- | M] () -- C:\Users\Gott\AppData\Local\prvlcl.dat
[2012.02.01 16:26:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.01 16:26:44 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.02.01 16:25:10 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 16:25:10 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.01 15:33:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.01 13:49:13 | 092,359,108 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.01.28 10:50:43 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.26 18:54:30 | 000,013,095 | ---- | M] () -- C:\Users\Gott\Desktop\EVPTh_Fragen.odt
[2012.01.26 15:05:10 | 000,007,334 | ---- | M] () -- C:\Users\Gott\Desktop\koppe.odt
[2012.01.24 18:09:35 | 001,652,512 | ---- | M] () -- C:\Users\Gott\Desktop\Bronchiolitis Oliterans.odp
[2012.01.22 19:51:02 | 000,001,023 | ---- | M] () -- C:\Users\Gott\Desktop\INSTRUME.8xv
[2012.01.22 19:48:28 | 000,007,334 | ---- | M] () -- C:\Users\Gott\Desktop\Physik.odt
[2012.01.22 19:43:09 | 000,001,386 | ---- | M] () -- C:\Users\Gott\Desktop\OPTDINGE.8xv
[2012.01.22 19:35:48 | 000,000,967 | ---- | M] () -- C:\Users\Gott\Desktop\OPTIKALL.8xv
[2012.01.22 16:07:42 | 000,029,740 | ---- | M] () -- C:\Users\Gott\Desktop\Bronchioli_Obliterans.odt
[2012.01.22 13:09:59 | 000,024,390 | ---- | M] () -- C:\Users\Gott\Desktop\frage.jpg
[2012.01.22 12:41:18 | 000,043,745 | ---- | M] () -- C:\Users\Gott\Desktop\BO.jpg
[2012.01.22 12:34:21 | 000,013,133 | ---- | M] () -- C:\Users\Gott\Desktop\31-ct-thorax-lunge-normal.jpg
[2012.01.22 12:34:06 | 000,028,392 | ---- | M] () -- C:\Users\Gott\Desktop\CT_BO.JPG
[2012.01.18 17:10:14 | 000,000,296 | ---- | M] () -- C:\Windows\winheart.ini
[2012.01.16 17:01:10 | 002,570,836 | ---- | M] () -- C:\Users\Gott\Desktop\Antrag_3.jpg
[2012.01.16 17:00:00 | 002,746,353 | ---- | M] () -- C:\Users\Gott\Desktop\Antrag_2.jpg
[2012.01.16 16:58:01 | 002,280,210 | ---- | M] () -- C:\Users\Gott\Desktop\Antrag_1.jpg
[2012.01.15 14:32:31 | 001,973,974 | ---- | M] () -- C:\Users\Gott\Desktop\Guitar_hero.jpg
[2012.01.15 13:37:20 | 002,033,933 | ---- | M] () -- C:\Users\Gott\Desktop\15012012346.JPG
[2012.01.15 13:24:10 | 002,720,861 | ---- | M] () -- C:\Users\Gott\Desktop\15012012345.JPG
[2012.01.15 13:23:52 | 002,538,201 | ---- | M] () -- C:\Users\Gott\Desktop\15012012344.JPG
[2012.01.15 13:23:32 | 002,638,379 | ---- | M] () -- C:\Users\Gott\Desktop\15012012343.JPG
[2012.01.08 18:27:43 | 002,336,876 | ---- | M] () -- C:\Users\Gott\Desktop\vene.jpg
[2012.01.08 12:49:39 | 000,000,094 | -H-- | M] () -- C:\Users\Gott\Desktop\.~lock.Ebay.odt#
[2012.01.07 17:39:18 | 000,065,666 | R--- | M] () -- C:\Users\Gott\Desktop\Audiometer_Handout.pdf
[2012.01.02 20:36:57 | 000,002,663 | ---- | M] () -- C:\Users\Public\Desktop\WBFS Manager 4.0.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.01.28 10:50:43 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.26 15:05:10 | 000,007,334 | ---- | C] () -- C:\Users\Gott\Desktop\koppe.odt
[2012.01.24 18:04:49 | 000,013,095 | ---- | C] () -- C:\Users\Gott\Desktop\EVPTh_Fragen.odt
[2012.01.22 19:51:02 | 000,001,023 | ---- | C] () -- C:\Users\Gott\Desktop\INSTRUME.8xv
[2012.01.22 19:48:28 | 000,007,334 | ---- | C] () -- C:\Users\Gott\Desktop\Physik.odt
[2012.01.22 19:43:09 | 000,001,386 | ---- | C] () -- C:\Users\Gott\Desktop\OPTDINGE.8xv
[2012.01.22 19:35:48 | 000,000,967 | ---- | C] () -- C:\Users\Gott\Desktop\OPTIKALL.8xv
[2012.01.22 13:11:01 | 001,652,512 | ---- | C] () -- C:\Users\Gott\Desktop\Bronchiolitis Oliterans.odp
[2012.01.22 13:09:58 | 000,024,390 | ---- | C] () -- C:\Users\Gott\Desktop\frage.jpg
[2012.01.22 12:41:18 | 000,043,745 | ---- | C] () -- C:\Users\Gott\Desktop\BO.jpg
[2012.01.22 12:34:21 | 000,013,133 | ---- | C] () -- C:\Users\Gott\Desktop\31-ct-thorax-lunge-normal.jpg
[2012.01.22 12:34:05 | 000,028,392 | ---- | C] () -- C:\Users\Gott\Desktop\CT_BO.JPG
[2012.01.21 15:56:33 | 000,029,740 | ---- | C] () -- C:\Users\Gott\Desktop\Bronchioli_Obliterans.odt
[2012.01.18 17:09:22 | 000,000,296 | ---- | C] () -- C:\Windows\winheart.ini
[2012.01.16 17:01:10 | 002,570,836 | ---- | C] () -- C:\Users\Gott\Desktop\Antrag_3.jpg
[2012.01.16 17:00:00 | 002,746,353 | ---- | C] () -- C:\Users\Gott\Desktop\Antrag_2.jpg
[2012.01.16 16:58:01 | 002,280,210 | ---- | C] () -- C:\Users\Gott\Desktop\Antrag_1.jpg
[2012.01.15 14:38:06 | 002,033,933 | ---- | C] () -- C:\Users\Gott\Desktop\15012012346.JPG
[2012.01.15 14:32:30 | 001,973,974 | ---- | C] () -- C:\Users\Gott\Desktop\Guitar_hero.jpg
[2012.01.15 14:30:09 | 002,720,861 | ---- | C] () -- C:\Users\Gott\Desktop\15012012345.JPG
[2012.01.15 14:30:08 | 002,538,201 | ---- | C] () -- C:\Users\Gott\Desktop\15012012344.JPG
[2012.01.15 14:30:07 | 002,638,379 | ---- | C] () -- C:\Users\Gott\Desktop\15012012343.JPG
[2012.01.08 18:27:43 | 002,336,876 | ---- | C] () -- C:\Users\Gott\Desktop\vene.jpg
[2012.01.08 12:49:39 | 000,000,094 | -H-- | C] () -- C:\Users\Gott\Desktop\.~lock.Ebay.odt#
[2012.01.07 17:39:16 | 000,065,666 | R--- | C] () -- C:\Users\Gott\Desktop\Audiometer_Handout.pdf
[2012.01.05 15:48:47 | 006,726,910 | ---- | C] () -- C:\Users\Gott\Desktop\Bedienung MyDrive.pdf
[2012.01.02 20:36:57 | 000,002,663 | ---- | C] () -- C:\Users\Public\Desktop\WBFS Manager 4.0.lnk
[2011.10.16 18:02:08 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.10.16 18:01:55 | 000,000,032 | ---- | C] () -- C:\Windows\Sierra.ini
[2011.09.03 19:17:57 | 011,161,600 | ---- | C] () -- C:\Users\Gott\AppData\Roaming\Sandra.mdb
[2011.08.27 20:25:43 | 000,183,564 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.01.29 12:10:25 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.29 12:10:25 | 000,022,328 | ---- | C] () -- C:\Users\Gott\AppData\Roaming\PnkBstrK.sys
[2011.01.29 12:10:04 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.29 12:09:47 | 002,337,865 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.29 12:09:47 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.23 09:35:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011.01.23 09:35:45 | 000,000,074 | ---- | C] () -- C:\Windows\UF.ini
[2010.11.20 13:38:10 | 000,006,144 | ---- | C] () -- C:\Users\Gott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.27 15:48:35 | 000,000,092 | ---- | C] () -- C:\Users\Gott\AppData\Local\fusioncache.dat
[2010.07.18 00:22:48 | 000,027,601 | ---- | C] () -- C:\Users\Gott\AppData\Roaming\phpdesigner.xml
[2010.06.18 18:10:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.18 18:10:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.11 13:25:09 | 000,017,408 | ---- | C] () -- C:\Users\Gott\AppData\Local\WebpageIcons.db
[2010.05.15 22:26:19 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.12 17:43:12 | 000,001,368 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.05.12 12:59:19 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.05.12 12:54:23 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2010.05.05 16:21:06 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
[2010.05.05 16:21:03 | 000,106,496 | ---- | C] () -- C:\Windows\JAPI.DLL
[2010.05.05 16:21:03 | 000,035,600 | ---- | C] () -- C:\Windows\AMCAP.EXE
[2010.05.05 16:20:54 | 000,172,032 | ---- | C] () -- C:\Windows\JAPI2.DLL
[2010.04.18 15:32:54 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.04.18 15:32:54 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.04.18 15:32:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.18 15:32:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.18 15:31:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2010.04.18 15:31:34 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.04.12 15:43:13 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2010.03.28 20:01:58 | 000,000,000 | ---- | C] () -- C:\Users\Gott\AppData\Roaming\wklnhst.dat
[2010.03.22 17:43:55 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010.03.20 18:06:07 | 000,000,000 | ---- | C] () -- C:\Users\Gott\AppData\Local\prvlcl.dat
[2010.03.19 16:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.19 15:34:14 | 000,461,368 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010.03.19 15:34:14 | 000,016,456 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010.03.19 15:34:14 | 000,011,088 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2009.12.17 08:29:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,707,088 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,152,680 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,410,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,660,706 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,124,896 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.07 01:01:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008.12.04 09:49:08 | 000,013,039 | ---- | C] () -- C:\Program Files\Sims2 eXtreme uninstall.bat
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.05.12 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\AquaSoft
[2011.01.07 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Artisteer
[2011.02.24 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Audiometer
[2011.04.28 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\BSW
[2011.05.22 09:05:44 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Canneverbe Limited
[2011.03.30 15:24:30 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Crossword Compiler Deutsch 8
[2010.05.12 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\DemoPlugin
[2010.05.12 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\DiashowManager
[2010.03.22 17:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\DonationCoder
[2011.08.21 10:07:50 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\DVDVideoSoft
[2010.04.28 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.20 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\FileZilla
[2010.05.14 15:07:21 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\GlarySoft
[2012.02.01 16:11:23 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\go
[2010.03.22 17:23:53 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\GrabPro
[2011.09.18 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\gtk-2.0
[2012.01.29 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\ICQ
[2010.05.08 12:22:53 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Inkscape
[2010.06.14 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Leadertech
[2011.07.08 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\LG Electronics
[2011.05.28 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Nokia
[2010.03.23 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\OpenOffice.org
[2010.10.13 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Opera
[2010.03.22 17:30:08 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Orbit
[2010.03.22 18:01:34 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Participatory Culture Foundation
[2011.05.28 10:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\PC Suite
[2010.07.18 00:22:48 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\phpDesigner
[2011.04.25 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Rovio
[2010.10.21 20:23:24 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\SchnellSchreiben
[2011.05.07 18:37:57 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Sony
[2011.08.13 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\TeamViewer
[2010.03.28 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Template
[2010.05.07 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Thunderbird
[2010.06.21 18:57:00 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Ubisoft
[2010.05.08 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Ulead Systems
[2011.07.08 17:59:09 | 000,000,000 | -H-D | M] -- C:\Users\Gott\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2012.02.01 16:26:44 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.11.11 13:38:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010.03.28 19:57:00 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.03.19 15:12:43 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.08.10 23:13:37 | 000,000,000 | ---D | M] -- C:\581a8005e53f01558d
[2010.03.19 15:12:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.22 17:29:45 | 000,000,000 | ---D | M] -- C:\downloads
[2011.07.13 09:43:32 | 000,000,000 | ---D | M] -- C:\ef9010e808be86cfeed705e7cb38cb7d
[2010.10.03 16:22:42 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.03.22 17:16:28 | 000,000,000 | ---D | M] -- C:\IExp0.tmp
[2010.03.22 17:16:31 | 000,000,000 | ---D | M] -- C:\IExp1.tmp
[2009.12.17 08:16:53 | 000,000,000 | ---D | M] -- C:\Intel
[2011.09.03 20:11:09 | 000,000,000 | ---D | M] -- C:\Medion
[2011.11.19 17:23:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.07.08 15:23:19 | 000,000,000 | ---D | M] -- C:\Neues Verzeichnis
[2010.03.31 20:45:23 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.01.01 17:11:10 | 000,000,000 | ---D | M] -- C:\Poker
[2012.01.02 20:36:56 | 000,000,000 | -HSD | M] -- C:\Program Files
[2010.07.16 01:32:00 | 000,000,000 | ---D | M] -- C:\Program Files1
[2011.12.19 17:50:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.03.19 15:12:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.19 15:12:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.16 18:01:16 | 000,000,000 | ---D | M] -- C:\SIERRA
[2010.07.12 21:59:49 | 000,000,000 | ---D | M] -- C:\Sounds
[2011.08.27 17:17:28 | 000,000,000 | ---D | M] -- C:\Spiele
[2010.03.28 20:12:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.23 09:35:40 | 000,000,000 | ---D | M] -- C:\Urban
[2011.09.03 18:56:57 | 000,000,000 | R--D | M] -- C:\Users
[2010.07.24 08:44:49 | 000,000,000 | ---D | M] -- C:\UT2004
[2012.02.01 16:33:11 | 000,000,000 | ---D | M] -- C:\Windows
[2010.12.21 20:32:35 | 000,000,000 | ---D | M] -- C:\xampp
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
[color=#A23BEC]< MD5 for: WS2IFSL.SYS  >[/color]
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2011.09.18 16:11:04 | 000,002,818 | ---- | M] () -- C:\Users\Gott\.recently-used.xbel
[2010.03.19 16:16:56 | 031,495,517 | ---- | M] () -- C:\Users\Gott\IncrediMail2Premium604B4475.zip
[2012.02.01 16:58:00 | 004,194,304 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT
[2012.02.01 16:58:00 | 000,262,144 | -HS- | M] () -- C:\Users\Gott\ntuser.dat.LOG1
[2011.12.22 10:48:29 | 000,262,144 | -HS- | M] () -- C:\Users\Gott\ntuser.dat.LOG2
[2011.12.22 10:48:29 | 001,048,576 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
[2011.12.22 10:48:29 | 001,048,576 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
[2011.12.22 10:48:29 | 001,048,576 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
[2011.12.22 10:48:29 | 000,065,536 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf
[2010.03.19 15:37:15 | 000,065,536 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.03.19 15:37:15 | 000,524,288 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.03.19 15:37:15 | 000,524,288 | -HS- | M] () -- C:\Users\Gott\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.03.19 15:12:39 | 000,000,020 | -HS- | M] () -- C:\Users\Gott\ntuser.ini
 
[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.exe >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.dll >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >


Kann mir jemand weiterhelfen?
Ich bedanke mich schonmal im voraus!

Viele Grüße

kira 01.02.2012 19:57
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [vasja] C:\Users\Gott\AppData\Local\Temp\0.7522183516244759.exe (Orb Networks)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\configure\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df5774f-40c9-11df-aa8f-4061865ee25c}\Shell\install\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell\AutoRun\command - "" = N:\shelexec.exe .\start.htm
O33 - MountPoints2\{5df57760-40c9-11df-aa8f-4061865ee25c}\Shell\verb\command - "" = N:\shelexec.exe .\start.htm
O33 - MountPoints2\{eae5e92e-a93a-11e0-a864-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{eae5e92e-a93a-11e0-a864-4061865ee25c}\Shell\AutoRun\command - "" = O:\Startme.exe
O33 - MountPoints2\{eae5e937-a93a-11e0-a864-4061865ee25c}\Shell - "" = AutoRun
O33 - MountPoints2\{eae5e937-a93a-11e0-a864-4061865ee25c}\Shell\AutoRun\command - "" = O:\USBAutoRun.exe
[2012.02.01 16:26:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.01 15:33:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.incredimail.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
[2011.04.08 19:46:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.12 21:57:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.13 20:05:12 | 000,000,000 | ---D | M] ("Ewock Toolbar">) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\qru83kee.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54}
[2008.11.25 10:36:28 | 000,000,681 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\ask.xml
[2009.06.21 12:06:02 | 000,000,884 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\conduit.xml
[2009.01.06 19:38:36 | 000,000,523 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\daemon-search.xml
[2008.11.07 17:47:16 | 000,005,310 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\footiefox.xml
[2008.11.25 14:50:56 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-2.xml
[2008.12.18 19:38:50 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-3.xml
[2010.04.03 09:53:24 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-4.xml
[2010.05.07 11:55:18 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-5.xml
[2011.08.05 21:32:46 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-6.xml
[2011.11.27 15:25:09 | 000,000,950 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin-7.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\icqplugin.xml
[2010.05.07 12:15:54 | 000,002,149 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\MyStart Search.xml
[2010.03.22 18:43:44 | 000,000,266 | ---- | M] () -- C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\qru83kee.default\searchplugins\Search.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

:Commands
[purity]
[emptytemp]

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

klaus.k 01.02.2012 20:09
Hi kira,


vielen danke erstmal für Deine Antwort.
Ich stehe momentan etwas unter Zeitdruck, da mir ein Notfall dazwischen gekommen ist.
Ich werde die Schritte befolgen, sobald ich Zeit habe - damit ich das in Ruhe machen kann, ist für mich jetzt erstmal wichtig - sind meine Daten in unmittelbarer Gefahr, wenn ich den Rechner auslasse?

Ansonsten muss ich irgendwie zusehen, wie ich es auf die Reihe bekomme.

Viele Grüße

kira 10.02.2012 09:37
kannst mir dann gerne ne PN schicken :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55