Moin Moin ich habe seit kurzem die Meldung - aus sicherheitsgründen wurde ihr Pc gesperrt - bitte überweisen sie sofort 50 €, bin am verzweifeln bin schon 5 stunden dabei mit allmöglichen Antiviren Programme den Trojaner zu finden , aber keine Chance, lass grade das programm Anti Malware durchlaufen . soll ich das Protokoll einfach ma posten ?

danke im Vorraus und liebe grüße

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.06

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
k :: K-PC [Administrator]

26.01.2012 22:51:43
mbam-log-2012-01-26 (23-32-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 171086
Laufzeit: 4 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.FakeMS) -> Daten: C:\Users\k\AppData\Local\Mozilla\Firefox\firefox.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\k\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\k\AppData\Local\Temp\0.7102438890562223.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\k\c1df039c-5691.exe (Heuristics.Shuriken) -> Keine Aktion durchgeführt.

(Ende)

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 26.01.2012 23:31:41 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\k\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,19% Memory free
4,23 Gb Paging File | 3,76 Gb Available in Paging File | 88,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 23,37 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
 
Computer Name: K-PC | User Name: k | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\k\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (vToolbarUpdater) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1109000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1109000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ccHP) -- C:\Windows\system32\drivers\NAV\1109000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101222.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101222.025\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101222.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1109000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1109000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1109000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1109000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (WRfiltv) -- C:\Windows\System32\drivers\WRfiltv.sys (Creative Technology Ltd.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (FUS2BASE) -- C:\Windows\System32\drivers\fus2base.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.01.26 22:38:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012.01.26 22:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2011.11.18 12:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\jz35cs68.default\extensions
[2010.01.27 16:53:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\k\AppData\Roaming\mozilla\Firefox\Profiles\jz35cs68.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.15 18:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.02 20:21:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.08.02 20:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.06.21 18:17:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\k\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Firefox helper] C:\Users\k\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052C881E-CCF3-4BC7-BBA6-E836A6FFE930}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\k\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\k\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{005a3323-2100-11df-85cf-001e3dee8d2b}\Shell - "" = AutoRun
O33 - MountPoints2\{005a3323-2100-11df-85cf-001e3dee8d2b}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{17451423-090d-11df-ace0-001dba1d8c81}\Shell - "" = AutoRun
O33 - MountPoints2\{17451423-090d-11df-ace0-001dba1d8c81}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4ef49c9d-449b-11e0-9864-b8be24b122d3}\Shell - "" = AutoRun
O33 - MountPoints2\{4ef49c9d-449b-11e0-9864-b8be24b122d3}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{813e8328-845f-11e0-9fb6-c6217055a184}\Shell - "" = AutoRun
O33 - MountPoints2\{813e8328-845f-11e0-9fb6-c6217055a184}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a261d05d-f1b8-11df-b5c3-bef3110dee82}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{a4da8440-b509-11e0-b923-bbfd70d1ee9d}\Shell - "" = AutoRun
O33 - MountPoints2\{a4da8440-b509-11e0-b923-bbfd70d1ee9d}\Shell\AutoRun\command - "" = F:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\{b27da73b-0741-11df-bac5-001dba1d8c81}\Shell - "" = AutoRun
O33 - MountPoints2\{b27da73b-0741-11df-bac5-001dba1d8c81}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{bb11dc82-096c-11df-b8a0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bb11dc82-096c-11df-b8a0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bd424fa4-0908-11df-821f-001e3dee8d2b}\Shell - "" = AutoRun
O33 - MountPoints2\{bd424fa4-0908-11df-821f-001e3dee8d2b}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bd42503e-0908-11df-821f-001e3dee8d2b}\Shell - "" = AutoRun
O33 - MountPoints2\{bd42503e-0908-11df-821f-001e3dee8d2b}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bfa5a926-090a-11df-af23-001dba1d8c81}\Shell - "" = AutoRun
O33 - MountPoints2\{bfa5a926-090a-11df-af23-001dba1d8c81}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d147a3b5-d54a-11e0-a952-e9afade039bd}\Shell - "" = AutoRun
O33 - MountPoints2\{d147a3b5-d54a-11e0-a952-e9afade039bd}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d147a3b6-d54a-11e0-a952-e9afade039bd}\Shell - "" = AutoRun
O33 - MountPoints2\{d147a3b6-d54a-11e0-a952-e9afade039bd}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d147a3b7-d54a-11e0-a952-e9afade039bd}\Shell - "" = AutoRun
O33 - MountPoints2\{d147a3b7-d54a-11e0-a952-e9afade039bd}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 23:29:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\k\Desktop\OTL.exe
[2012.01.26 22:51:20 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\AVG2012
[2012.01.26 22:51:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.01.26 22:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.01.26 22:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.01.26 22:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.01.26 22:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.01.26 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.01.26 22:37:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.01.26 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.01.26 22:24:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.01.26 22:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.01.26 20:13:07 | 002,002,416 | ---- | C] (Trend Micro Inc.) -- C:\Users\k\Desktop\HousecallLauncher.exe
[2012.01.26 20:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2012.01.26 20:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2012.01.26 19:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.01.26 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\k\Documents\Simply Super Software
[2012.01.26 19:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.01.26 19:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.01.26 19:51:59 | 000,000,000 | ---D | C] -- C:\Users\k\AppData\Roaming\Simply Super Software
[2012.01.26 19:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.01.26 19:51:07 | 010,488,608 | ---- | C] (Simply Super Software                                       ) -- C:\Users\k\Desktop\trjsetup682.exe
[2012.01.26 18:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.01.26 18:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.01.26 18:42:23 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Users\k\Desktop\gtk2116-setup.exe
[2012.01.26 18:31:34 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012.01.04 15:28:36 | 000,016,128 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\gtkdrv.sys
[2 C:\Users\k\Desktop\*.tmp files -> C:\Users\k\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 23:29:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\k\Desktop\OTL.exe
[2012.01.26 22:55:08 | 056,819,155 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.01.26 22:55:08 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012.01.26 22:51:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.01.26 22:51:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 22:38:31 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.26 22:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 22:32:22 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.26 22:31:32 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 22:31:31 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 22:17:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 21:58:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 21:38:27 | 000,278,667 | ---- | M] () -- C:\Users\k\AppData\Local\census.cache
[2012.01.26 21:38:18 | 000,181,509 | ---- | M] () -- C:\Users\k\AppData\Local\ars.cache
[2012.01.26 20:23:32 | 000,000,394 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2012.01.26 20:22:23 | 000,007,728 | ---- | M] () -- C:\Users\k\AppData\Local\d3d9caps.dat
[2012.01.26 20:21:30 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2012.01.26 20:13:15 | 000,000,036 | ---- | M] () -- C:\Users\k\AppData\Local\housecall.guid.cache
[2012.01.26 20:13:09 | 002,002,416 | ---- | M] (Trend Micro Inc.) -- C:\Users\k\Desktop\HousecallLauncher.exe
[2012.01.26 20:09:25 | 000,000,808 | ---- | M] () -- C:\Users\k\Desktop\Trojancheck.lnk
[2012.01.26 20:03:21 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.01.26 19:51:32 | 010,488,608 | ---- | M] (Simply Super Software                                       ) -- C:\Users\k\Desktop\trjsetup682.exe
[2012.01.26 18:43:36 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.26 18:43:17 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Users\k\Desktop\gtk2116-setup.exe
[2012.01.24 16:53:21 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.01.23 17:53:45 | 000,035,328 | -HS- | M] () -- C:\Users\k\c1df039c-5691.exe
[2012.01.04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\gtkdrv.sys
[2 C:\Users\k\Desktop\*.tmp files -> C:\Users\k\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.26 22:55:08 | 056,819,155 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.01.26 22:55:08 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012.01.26 22:51:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.26 22:38:31 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.26 20:23:32 | 000,000,394 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2012.01.26 20:21:30 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2012.01.26 20:20:48 | 000,278,667 | ---- | C] () -- C:\Users\k\AppData\Local\census.cache
[2012.01.26 20:20:43 | 000,181,509 | ---- | C] () -- C:\Users\k\AppData\Local\ars.cache
[2012.01.26 20:13:15 | 000,000,036 | ---- | C] () -- C:\Users\k\AppData\Local\housecall.guid.cache
[2012.01.26 20:09:25 | 000,000,808 | ---- | C] () -- C:\Users\k\Desktop\Trojancheck.lnk
[2012.01.26 19:52:43 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.01.26 19:52:00 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.01.26 19:52:00 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.01.26 19:52:00 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.01.26 19:52:00 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.01.26 18:43:36 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.01.23 17:53:46 | 000,035,328 | -HS- | C] () -- C:\Users\k\c1df039c-5691.exe
[2011.02.28 20:17:29 | 000,146,291 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.06.14 08:35:03 | 000,022,528 | ---- | C] () -- C:\Users\k\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.02 15:18:49 | 000,030,688 | ---- | C] () -- C:\Windows\System32\xfiWR.ini
[2010.02.10 16:19:03 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.02.01 19:31:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.30 21:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.01.24 11:53:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.01.24 11:53:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.01.22 15:52:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.22 11:42:51 | 000,007,728 | ---- | C] () -- C:\Users\k\AppData\Local\d3d9caps.dat
[2010.01.22 11:37:44 | 000,000,836 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.05.14 22:22:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2008.10.29 17:13:34 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 08:15:58 | 000,661,242 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,137,182 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.01 00:41:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,255,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,606,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,113,902 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.25 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\.purple
[2010.01.23 09:11:48 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Acreon
[2012.01.26 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\AVG2012
[2011.10.21 09:48:03 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\DVDVideoSoft
[2011.10.21 09:45:19 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.18 12:17:10 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\FRITZ!
[2011.02.28 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Image Zone Express
[2011.06.21 18:25:15 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\OpenOffice.org
[2011.12.17 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Opera
[2011.02.14 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\PhotoScape
[2011.02.28 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Printer Info Cache
[2012.01.26 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Simply Super Software
[2011.12.28 10:11:26 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\SoftGrid Client
[2011.11.18 12:51:51 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\SpieleEntwicklungsKombinat
[2011.06.21 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\TP
[2012.01.26 18:10:42 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\TS3Client
[2010.01.24 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\Vodafone
[2011.06.21 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\k\AppData\Roaming\{90140011-0062-0407-0000-0000000FF1CE}
[2010.02.03 06:33:37 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2012.01.26 22:32:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.16 17:22:29 | 000,000,410 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F7D44051-2921-4574-BC34-CCF265D2BB8D}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         

--- --- ---