Windows gesperrt, Zahlungsaufforderung

roland_m · 16.12.2011, 20:08

Hallo! Habe auch das Problem, dass mein Windows gesperrt wurde und ich nun 50 Euro zahlen soll.
Habe jetz die Scans mit OTL.exe durchgeführt.

Hier der Inhalt der OTL.Txt Datei:

Code:

ATTFilter

OTL logfile created on: 16.12.2011 19:47:13 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Roland\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,17% Memory free
6,19 Gb Paging File | 5,90 Gb Available in Paging File | 95,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 31,18 Gb Free Space | 26,77% Space Free | Partition Type: NTFS
Drive E: | 114,98 Gb Total Space | 109,30 Gb Free Space | 95,06% Space Free | Partition Type: NTFS
 
Computer Name: ROLAND-PC | User Name: Roland | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.16 18:46:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Roland\Downloads\OTL.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (TOSHIBA Bluetooth Service)
SRV - [2011.07.02 16:42:53 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.04.27 21:57:25 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.08.19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.08.18 22:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008.07.15 15:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.07.10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.02 16:42:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 16:42:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.08 19:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.12.07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.10.12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.19 21:01:44 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.08.07 16:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.01 01:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.05.07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.02.06 23:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.21 03:23:23 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.14 10:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?ref=home"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.168.1.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "192.168.1.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.1.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.01.24 18:44:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.12 20:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.14 17:15:30 | 000,000,000 | ---D | M]
 
[2009.01.24 18:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\mozilla\Extensions
[2011.12.07 19:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions
[2010.08.07 00:39:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.25 12:11:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.28 16:18:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.06 15:14:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.23 20:46:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.29 15:50:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\engine@conduit.com
[2011.12.07 19:24:54 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Roland\AppData\Roaming\mozilla\Firefox\Profiles\zrmvkzyp.default\extensions\support@predictad.com
[2011.12.16 16:14:10 | 000,001,056 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\zrmvkzyp.default\searchplugins\icqplugin.xml
[2011.11.12 20:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 14:17:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.12 20:23:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 15:40:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 15:40:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.30 15:40:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 15:40:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 15:40:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 15:40:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [firefox.exe] C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Roland\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Roland\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A4C0B6-7421-4C97-84E5-250D8CEB3D0B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09F9935D-F62F-466A-B82E-0B96B2C696AC}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FE20B1-DFD5-43DE-9B7F-2ADB5F4E3280}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7796E0E7-1E0B-4652-A511-EDE4E42D36C1}: DhcpNameServer = 83.169.184.161 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84623536-8843-4680-B049-D979E1C74C57}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03CAC9A-26BB-47DE-BE26-3826523B7277}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23A339D-D469-4C41-B649-0E173205AB6F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Roland\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Roland\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2138c02e-bf0c-11df-b84f-00235a01a012}\Shell - "" = AutoRun
O33 - MountPoints2\{2138c02e-bf0c-11df-b84f-00235a01a012}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2138c03c-bf0c-11df-b84f-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{2138c03c-bf0c-11df-b84f-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2138c088-bf0c-11df-b84f-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2138c088-bf0c-11df-b84f-001e101f36d9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2b4bd259-5a99-11e0-b7c6-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b4bd259-5a99-11e0-b7c6-001e101fe5e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{71dbb0ab-bbce-11df-9105-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{71dbb0ab-bbce-11df-9105-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{71dbb0b5-bbce-11df-9105-00235a01a012}\Shell - "" = AutoRun
O33 - MountPoints2\{71dbb0b5-bbce-11df-9105-00235a01a012}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{71dbb0c3-bbce-11df-9105-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{71dbb0c3-bbce-11df-9105-001e101f21c1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{71dbb0d6-bbce-11df-9105-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{71dbb0d6-bbce-11df-9105-001e101f2c0e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b459aac2-bb46-11df-96dc-00235a01a012}\Shell - "" = AutoRun
O33 - MountPoints2\{b459aac2-bb46-11df-96dc-00235a01a012}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b459aad1-bb46-11df-96dc-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{b459aad1-bb46-11df-96dc-001e101fb681}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b459aadd-bb46-11df-96dc-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{b459aadd-bb46-11df-96dc-001e101f8ed0}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c32c48c3-bea0-11df-8b9a-001e101f7fb6}\Shell - "" = AutoRun
O33 - MountPoints2\{c32c48c3-bea0-11df-8b9a-001e101f7fb6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e88417f8-5531-11e0-9f4a-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{e88417f8-5531-11e0-9f4a-001e101f9843}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f4f4a7c2-fb91-11df-9ffe-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{f4f4a7c2-fb91-11df-9ffe-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.07 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\AutocompletePro
[2011.12.07 19:24:48 | 000,000,000 | ---D | C] -- C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free WAV to MP3 Converter
[2011.12.07 19:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Free WAV to MP3 Converter
[2011.11.29 19:46:31 | 000,000,000 | ---D | C] -- C:\Users\Roland\Desktop\Bewerbung
[2011.11.24 21:00:49 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2011.11.24 20:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2009.10.25 11:21:06 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe208A.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 19:43:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 19:40:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 19:40:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 19:40:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 17:28:59 | 000,002,597 | ---- | M] () -- C:\Users\Roland\Desktop\Word.lnk
[2011.12.16 17:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.09 14:55:29 | 000,000,954 | ---- | M] () -- C:\Users\Roland\AppData\Roaming\wklnhst.dat
[2011.12.08 19:41:31 | 000,043,363 | ---- | M] () -- C:\Users\Roland\Desktop\tamara.jpg
[2011.12.07 19:24:48 | 000,000,893 | ---- | M] () -- C:\Users\Roland\Desktop\Free WAV to MP3 Converter.lnk
[2011.12.03 12:06:51 | 290,560,314 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.02 14:29:10 | 000,007,728 | ---- | M] () -- C:\Users\Roland\AppData\Local\d3d9caps.dat
[2011.11.25 18:10:02 | 000,075,264 | ---- | M] () -- C:\Users\Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.25 15:43:54 | 000,002,625 | ---- | M] () -- C:\Users\Roland\Desktop\Excel.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.08 19:40:27 | 000,043,363 | ---- | C] () -- C:\Users\Roland\Desktop\tamara.jpg
[2011.12.07 19:24:48 | 000,000,893 | ---- | C] () -- C:\Users\Roland\Desktop\Free WAV to MP3 Converter.lnk
[2010.10.25 15:45:37 | 000,000,202 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2010.01.23 16:46:34 | 000,004,096 | -H-- | C] () -- C:\Users\Roland\AppData\Local\keyfile3.drm
[2009.08.20 11:58:46 | 000,007,728 | ---- | C] () -- C:\Users\Roland\AppData\Local\d3d9caps.dat
[2009.02.10 22:31:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.02 20:39:02 | 000,075,264 | ---- | C] () -- C:\Users\Roland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.28 16:59:40 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.01.27 18:42:00 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.01.25 13:29:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009.01.24 21:12:36 | 000,000,954 | ---- | C] () -- C:\Users\Roland\AppData\Roaming\wklnhst.dat
[2009.01.24 16:18:06 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.01.24 16:18:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.01.24 16:18:06 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.01.24 16:18:06 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009.01.24 16:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.22 14:44:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.09.22 14:44:21 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.09.22 14:44:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.09.22 14:44:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.09.22 14:44:21 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.09.22 14:44:21 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.09.22 14:36:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.09.22 14:27:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008.09.22 14:18:41 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC.dat
[2008.09.22 14:18:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.09.22 14:18:41 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.09.22 14:18:41 | 000,000,160 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.09.22 14:18:28 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.09.22 14:18:28 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.09.22 14:18:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.22 14:18:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.09.22 14:18:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.09.22 14:18:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.09.22 14:05:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.22 14:05:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.24 08:08:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,397,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.06.11 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Ashampoo
[2009.01.24 22:42:52 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Canneverbe_Limited
[2011.09.16 13:33:32 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\DVDVideoSoft
[2011.04.17 14:46:19 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.22 14:53:45 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\gtk-2.0
[2011.11.22 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\ICQ
[2009.01.28 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\IrfanView
[2009.01.24 19:00:19 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\myphotobook
[2009.01.25 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\OpenOffice.org
[2009.10.25 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Sony
[2009.01.24 21:12:36 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Template
[2009.01.25 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\TOSHIBA
[2009.01.28 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\Roland\AppData\Roaming\Ulead Systems
[2011.12.15 19:51:07 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.01.24 17:34:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.09.22 13:20:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.24 17:24:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.08.21 11:56:21 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.09.22 14:15:10 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.07 19:24:50 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.24 21:09:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.24 17:24:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.16 13:54:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.01.24 18:44:28 | 000,000,000 | ---D | M] -- C:\temp
[2009.01.24 17:35:07 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.01.24 17:27:52 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.16 18:41:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2009.05.22 14:53:45 | 000,000,870 | ---- | M] () -- C:\Users\Roland\.recently-used.xbel
[2011.12.16 19:57:46 | 002,883,584 | -HS- | M] () -- C:\Users\Roland\ntuser.dat
[2011.12.16 19:57:46 | 000,262,144 | -H-- | M] () -- C:\Users\Roland\ntuser.dat.LOG1
[2011.03.05 11:50:16 | 000,262,144 | -H-- | M] () -- C:\Users\Roland\ntuser.dat.LOG2
[2011.12.16 19:39:16 | 000,065,536 | -HS- | M] () -- C:\Users\Roland\ntuser.dat{0cc04877-6f30-11e0-9a01-00235a01a012}.TM.blf
[2011.12.16 19:39:16 | 000,524,288 | -HS- | M] () -- C:\Users\Roland\ntuser.dat{0cc04877-6f30-11e0-9a01-00235a01a012}.TMContainer00000000000000000001.regtrans-ms
[2011.04.25 12:35:50 | 000,524,288 | -HS- | M] () -- C:\Users\Roland\ntuser.dat{0cc04877-6f30-11e0-9a01-00235a01a012}.TMContainer00000000000000000002.regtrans-ms
[2011.04.24 22:45:39 | 000,065,536 | -HS- | M] () -- C:\Users\Roland\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.04.24 22:45:39 | 000,524,288 | -HS- | M] () -- C:\Users\Roland\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.01.24 17:36:45 | 000,524,288 | -HS- | M] () -- C:\Users\Roland\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.01.24 17:27:53 | 000,000,020 | -HS- | M] () -- C:\Users\Roland\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Ich habe allerdings keine Extra.txt Datei bekommen.

Ich hoffe ihr könnt mir weiterhelfen, ich bin echt verzweifelt..

markusg · 16.12.2011, 20:13

hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

roland_m · 16.12.2011, 20:25

Danke!! Ihr habt mir meinen Tag gerettet.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\firefox.exe deleted successfully.
C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\firefox.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 41 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Roland
->Flash cache emptied: 145156 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Roland
->Temp folder emptied: 3326089746 bytes
->Temporary Internet Files folder emptied: 94431031 bytes
->Java cache emptied: 3797741 bytes
->FireFox cache emptied: 38155067 bytes
->Google Chrome cache emptied: 15145309 bytes
->Apple Safari cache emptied: 3447808 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664795804 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 279610 bytes
RecycleBin emptied: 61285791 bytes
 
Total Files Cleaned = 4.013,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12162011_201506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 17.12.2011, 14:34

ok ich warte auf den upload, bitte bis zu ende lesen und arbeiten.

17.12.2011, 14:34	#4
markusg /// Malware-holic	Windows gesperrt, Zahlungsaufforderung ok ich warte auf den upload, bitte bis zu ende lesen und arbeiten. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Windows gesperrt, Zahlungsaufforderung

Log-Analyse und Auswertung: Windows gesperrt, Zahlungsaufforderung