acroff.dl im appdata/roaming verzeichnis

Drokkahl · 01.12.2011, 14:59

Hallo liebe Community, ich habe seit ca. 4-5 Tagen ein Problem mit offensichtliche Malware. Mein seit Jahrtausenden nicht mehr geupdatetes Avira 9 (welches ich einfach nicht runterbekomme vom PC) meldet sekündlich quasi Virusfunde im Verzeichnis User/Appdata/Roaming/50xx/acroff, das merkwürdige ist das mein AVG Antivirus welches ich benutze nicht wirklich was findet wenn ich den Appdataordner scanne, bin jetzt etwas besorgt weil ich nicht weiß ob ich mir nun Trojaner eingefangen hab oder nicht.

Mache Onlinebanking auf meinem Rechner und diverse andere Sachen wo Kennwörter ausgelesen werden könnten, würde gerne meinen Rechner aber nicht komplett killen sondern erstmal hier versuchen ob mir jemand helfen kann.

Vielen Dank im Vorraus

Drokkahl · 01.12.2011, 15:05

Vergessen die Logfiles zu machen,wird sofort nachgeholt und gleich hier gepostet.

Drokkahl · 01.12.2011, 16:06

Defogger ausgeführt zwecks Daemon Tools, OTL.exe ausgeführt und habe keine Extra.txt file bekommen, nur die normale OTL.txt File.

Code:

ATTFilter

OTL logfile created on: 01.12.2011 15:16:38 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\KexxZ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,46% Memory free
6,20 Gb Paging File | 4,77 Gb Available in Paging File | 76,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 47,39 Gb Free Space | 20,35% Space Free | Partition Type: NTFS
Drive D: | 223,12 Gb Total Space | 221,08 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Drive E: | 336,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KEXXZ-PC | User Name: KexxZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KexxZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\honestech Audio Recorder 2.0 Deluxe\HTARLauncher.exe (Honest Technology)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe (Cognizance Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\KexxZ\AppData\Roaming\5052\components\AcroFF052.dll ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (a2acc) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (VCam_WDM) -- C:\Windows\System32\drivers\VCam_WDM.sys (e2eSoft)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090303.002\IDSvix86.sys (Symantec Corporation)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 48 27 D2 0C AF CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KexxZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.11.09 12:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 11:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.11 11:19:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\KexxZ\AppData\Roaming\5052 [2011.12.01 12:32:10 | 000,000,000 | ---D | M]
 
[2011.11.28 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KexxZ\AppData\Roaming\mozilla\Extensions
[2011.11.30 19:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KexxZ\AppData\Roaming\mozilla\Firefox\Profiles\fii1ejrd.default\extensions
[2011.11.29 19:22:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\KexxZ\AppData\Roaming\mozilla\Firefox\Profiles\fii1ejrd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.24 19:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.09.20 15:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.31 10:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.29 23:15:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.09 12:49:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011.12.01 12:32:10 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\KEXXZ\APPDATA\ROAMING\5052
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 00:18:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 00:18:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 00:18:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 00:18:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 00:18:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\KexxZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05EA5CF8-DECD-42E2-AF16-0DD240942CA9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C15A586-7BFC-4517-8159-AE2090321B7D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHOOK.DLL) -C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0df4eab6-c029-11de-bddc-00235472289f}\Shell - "" = AutoRun
O33 - MountPoints2\{0df4eab6-c029-11de-bddc-00235472289f}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f723e35b-a8eb-11dd-aa08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f723e35b-a8eb-11dd-aa08-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2010.08.05 16:19:06 | 000,393,080 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.01 12:32:17 | 000,326,608 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\KexxZ\AppData\Roaming\AcroIEHelpe054.dll
[2011.12.01 12:32:08 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\5052
[2011.11.29 21:10:44 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\skypePM
[2011.11.29 21:10:43 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\UAs
[2011.11.29 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Skype
[2011.11.28 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\kock
[2011.11.28 18:13:42 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\5051
[2011.11.28 14:38:28 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\TS3Client
[2011.11.28 10:10:37 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Phase6
[2011.11.28 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Macromedia
[2011.11.28 10:07:52 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Adobe
[2011.11.28 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{A22D662C-A796-4527-8597-32BF267357BB}
[2011.11.28 10:07:09 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{FA8A7244-605D-4FA8-B11C-EC28EA3545D6}
[2011.11.28 10:06:42 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Apple Computer
[2011.11.28 10:06:20 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\ManyCam
[2011.11.28 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\ICQ
[2011.11.28 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\xmldm
[2011.11.24 14:10:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.11.23 10:50:11 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Dcomponents
[2011.11.23 10:50:11 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\D
[2011.11.18 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{81C05EA6-4A2E-409D-A7A9-7C23F3D84006}
[2011.11.18 15:05:46 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{38B6CAB3-1098-4DD5-86DF-BFD0872D8719}
[2011.11.17 13:03:37 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{63105DFA-5917-4CDB-9C6A-C39078D094B9}
[2011.11.17 13:03:04 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{65981DB8-86D6-4AC6-B95C-389E373B5E1B}
[2011.11.16 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\Desktop\Gotye-Making_Mirrors-2011-OZM
[2011.11.13 10:29:37 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{FC5F64B0-9526-404D-8B57-C54B85FE717E}
[2011.11.13 10:29:34 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Local\{48A9340B-9D86-4EF5-B816-374202C32451}
[2011.11.10 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\.phase-6
[2011.11.10 19:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
[2011.11.10 19:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6
[2011.11.10 19:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\phase-6
[2011.11.09 20:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.09 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.11.09 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2011.11.09 20:11:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\KexxZ\Desktop\OTL.exe
[2011.11.09 18:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
[2011.11.09 18:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Solutions
[2011.11.09 12:53:55 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\AVG2012
[2011.11.09 12:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.11.09 12:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.11.09 12:47:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.11.09 12:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.11.01 20:11:59 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.11.01 20:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.11.01 20:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011.11.01 20:02:01 | 000,000,000 | ---D | C] -- C:\Users\KexxZ\Desktop\SA-Emoticons
[2008.06.03 22:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007.07.04 10:28:51 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KexxZ\AppData\Roaming\*.tmp files -> C:\Users\KexxZ\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 15:16:21 | 000,000,072 | ---- | M] () -- C:\Users\KexxZ\AppData\Roaming\blckdom.res
[2011.12.01 15:10:53 | 000,138,795 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.01 15:10:53 | 000,138,795 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.01 15:10:03 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.12.01 15:09:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 15:09:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 15:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 15:09:23 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.01 15:08:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.01 15:07:30 | 000,000,176 | ---- | M] () -- C:\Users\KexxZ\defogger_reenable
[2011.12.01 12:30:55 | 111,175,485 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.11.28 17:31:24 | 000,121,221 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.11.24 18:50:27 | 000,230,301 | ---- | M] () -- C:\Users\KexxZ\Documents\ts3_clientui-win32-12815-2011-11-24 18_50_25.829000.dmp
[2011.11.24 14:08:51 | 001,162,192 | ---- | M] () -- C:\Users\KexxZ\AppData\Roaming\AcroFF049.dll
[2011.11.22 16:21:54 | 000,066,291 | ---- | M] () -- C:\Users\KexxZ\Desktop\image201111220001.jpg
[2011.11.22 16:10:56 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.11.17 13:08:47 | 000,690,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.17 13:08:47 | 000,632,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.17 13:08:47 | 000,150,738 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.17 13:08:47 | 000,118,746 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 23:37:41 | 000,000,000 | ---- | M] () -- C:\Users\KexxZ\AppData\Local\prvlcl.dat
[2011.11.16 08:45:29 | 000,070,816 | ---- | M] () -- C:\Users\KexxZ\Desktop\skyrim.jpg
[2011.11.16 08:44:09 | 000,069,361 | ---- | M] () -- C:\Users\KexxZ\Desktop\image201111160001.jpg
[2011.11.10 19:13:07 | 000,001,156 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2011.11.10 19:13:05 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\phase-6 basic.lnk
[2011.11.09 20:16:41 | 000,001,819 | ---- | M] () -- C:\Users\KexxZ\Desktop\CrystalDiskInfo.lnk
[2011.11.09 20:11:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\KexxZ\Desktop\OTL.exe
[2011.11.09 18:31:41 | 000,001,944 | ---- | M] () -- C:\Users\KexxZ\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2011.11.09 18:31:39 | 000,001,177 | ---- | M] () -- C:\Users\KexxZ\Desktop\Smart Data Recovery.lnk
[2011.11.06 23:50:56 | 000,013,277 | ---- | M] () -- C:\Users\KexxZ\Desktop\lolwas1234.jpg
[2011.11.01 17:41:26 | 000,006,899 | ---- | M] () -- C:\Users\KexxZ\Desktop\MussoliniAlbertP.jpg
[2011.11.01 17:40:51 | 000,261,616 | ---- | M] () -- C:\Users\KexxZ\Desktop\MussoliniAlbertP.png
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KexxZ\AppData\Roaming\*.tmp files -> C:\Users\KexxZ\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.01 15:07:06 | 000,000,176 | ---- | C] () -- C:\Users\KexxZ\defogger_reenable
[2011.12.01 12:30:55 | 111,175,485 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.11.28 17:31:24 | 000,121,221 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.11.28 10:05:47 | 000,000,072 | ---- | C] () -- C:\Users\KexxZ\AppData\Roaming\blckdom.res
[2011.11.24 18:50:25 | 000,230,301 | ---- | C] () -- C:\Users\KexxZ\Documents\ts3_clientui-win32-12815-2011-11-24 18_50_25.829000.dmp
[2011.11.24 14:08:50 | 001,162,192 | ---- | C] () -- C:\Users\KexxZ\AppData\Roaming\AcroFF049.dll
[2011.11.22 16:21:54 | 000,066,291 | ---- | C] () -- C:\Users\KexxZ\Desktop\image201111220001.jpg
[2011.11.16 08:45:29 | 000,070,816 | ---- | C] () -- C:\Users\KexxZ\Desktop\skyrim.jpg
[2011.11.16 08:44:09 | 000,069,361 | ---- | C] () -- C:\Users\KexxZ\Desktop\image201111160001.jpg
[2011.11.10 19:13:07 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
[2011.11.10 19:13:05 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\phase-6 basic.lnk
[2011.11.09 20:16:41 | 000,001,819 | ---- | C] () -- C:\Users\KexxZ\Desktop\CrystalDiskInfo.lnk
[2011.11.09 18:31:41 | 000,001,944 | ---- | C] () -- C:\Users\KexxZ\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2011.11.09 18:31:39 | 000,001,177 | ---- | C] () -- C:\Users\KexxZ\Desktop\Smart Data Recovery.lnk
[2011.11.09 12:49:38 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.11.06 23:50:56 | 000,013,277 | ---- | C] () -- C:\Users\KexxZ\Desktop\lolwas1234.jpg
[2011.11.01 17:41:26 | 000,006,899 | ---- | C] () -- C:\Users\KexxZ\Desktop\MussoliniAlbertP.jpg
[2011.11.01 17:40:49 | 000,261,616 | ---- | C] () -- C:\Users\KexxZ\Desktop\MussoliniAlbertP.png
[2011.03.09 11:53:00 | 000,000,000 | ---- | C] () -- C:\Users\KexxZ\AppData\Local\prvlcl.dat
[2010.08.06 14:58:27 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.09 08:35:48 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010.05.27 11:22:30 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.27 11:22:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.05.27 11:22:23 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.05.27 11:22:23 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.27 11:22:23 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.27 11:22:19 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.03.24 07:27:00 | 000,000,680 | ---- | C] () -- C:\Users\KexxZ\AppData\Local\d3d9caps.dat
[2009.11.22 13:57:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.09.24 17:56:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 17:56:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.16 12:49:42 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.04 16:57:33 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.05.30 10:29:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.05.30 10:29:39 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.05.29 12:45:26 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.04.08 20:40:07 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.07 16:15:43 | 000,097,792 | ---- | C] () -- C:\Users\KexxZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.07 15:47:44 | 000,138,795 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.03.07 15:47:42 | 000,138,795 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.09 16:23:13 | 000,050,744 | ---- | C] () -- C:\Users\KexxZ\AppData\Roaming\appconf32.exe
[2008.11.02 16:19:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.11.02 14:57:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.02 14:17:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.30 02:33:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.13 07:35:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.04.16 12:11:34 | 000,690,562 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 12:11:34 | 000,150,738 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.05.09 08:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.16 12:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,389,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,632,978 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,118,746 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.05.19 04:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.03 15:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.05.06 20:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2011.11.28 18:13:46 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\5051
[2011.12.01 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\5052
[2011.11.09 12:53:55 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\AVG2012
[2010.09.20 11:37:38 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\Braid
[2009.07.16 23:20:30 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\CasualForge
[2011.11.23 10:50:11 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\D
[2009.10.24 00:13:24 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\DAEMON Tools Lite
[2011.03.12 01:36:32 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\DarksporeData
[2011.11.23 10:50:11 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\Dcomponents
[2009.06.01 16:55:57 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\DreamDale
[2011.02.15 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.02 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\dyyno-vlc
[2010.10.25 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\EurekaLog
[2009.10.11 00:45:14 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\GetRightToGo
[2011.12.01 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\ICQ
[2011.11.28 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\kock
[2010.07.10 12:21:43 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\LolClient
[2010.01.11 22:27:09 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.11.28 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\ManyCam
[2011.11.28 10:10:37 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\Phase6
[2011.11.28 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\TS3Client
[2011.11.30 04:05:12 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\UAs
[2011.11.30 04:06:05 | 000,000,000 | ---D | M] -- C:\Users\KexxZ\AppData\Roaming\xmldm
[2011.12.01 15:08:11 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.24 14:10:26 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.05.27 08:42:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.11.02 16:10:35 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2011.03.10 15:47:12 | 000,000,000 | ---D | M] -- C:\BDS
[2009.12.01 18:07:24 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.14 16:52:50 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.12.22 09:16:18 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.02.12 03:30:09 | 000,000,000 | -HSD | M] -- C:\found.001
[2011.01.12 19:15:28 | 000,000,000 | ---D | M] -- C:\Fraps
[2008.11.02 13:36:42 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.04.28 13:32:14 | 000,000,000 | R--D | M] -- C:\Need For Speed Carbon
[2010.08.06 18:12:40 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.10 19:12:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.10 19:13:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.06 12:10:02 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.12.01 15:20:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.25 20:13:54 | 000,000,000 | ---D | M] -- C:\Temp
[2009.03.07 14:18:31 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.09 12:08:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 02:03:51
 
<           >

< End of report >

gmer.txt folgt gleich

Drokkahl · 01.12.2011, 16:40

Gmer.txt als ZIP

acroff.dl im appdata/roaming verzeichnis

Log-Analyse und Auswertung: acroff.dl im appdata/roaming verzeichnis