Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

"Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"


Log-Analyse und Auswertung: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.02.2012, 14:28   #5
Tzentch
 
"Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - Standard

"Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"


so hoffe das ist so korrekt:

Code:
ATTFilter
OTL logfile created on: 09.02.2012 14:17:36 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 5,30 Gb Available Physical Memory | 88,52% Memory free
11,96 Gb Paging File | 11,31 Gb Available in Paging File | 94,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1356,17 Gb Total Space | 1224,61 Gb Free Space | 90,30% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,44 Gb Free Space | 53,60% Space Free | Partition Type: NTFS
 
Computer Name: ALPHA-PC | User Name: Alpha | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.09 14:08:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.01.30 16:46:24 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.11.21 20:15:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.01 09:13:13 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.05 00:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.05 00:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.09.14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.02.06 15:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.02 21:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.10.27 10:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alpha\AppData\Roaming\mozilla\Extensions
[2011.11.28 20:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\bvsp4n3d.default\extensions
[2011.11.28 20:41:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\bvsp4n3d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.27 10:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.02 21:01:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Alpha\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch Systems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - Startup: C:\Users\Alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alpha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alpha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alpha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FC1C4C-FFBD-4CD5-A278-8E060C677A59}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D68A65E2-BF16-41A8-BB50-0F8DE9940898}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71F8F74-DA02-49A8-AD99-30D6027FB2F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9787eeaa-1451-11e1-91c5-8c89a5592212}\Shell - "" = AutoRun
O33 - MountPoints2\{9787eeaa-1451-11e1-91c5-8c89a5592212}\Shell\AutoRun\command - "" = H:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Alpha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Alpha\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.08 21:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.02.08 21:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012.02.08 10:55:33 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{FA7E8375-6C58-42EE-9EFB-6FCDD13ECB34}
[2012.02.08 10:55:22 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{375705D0-C979-4F06-A32C-096B9EE9953A}
[2012.02.07 14:15:35 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{0D9968E5-37E1-4E42-8CE5-029FBC219FD3}
[2012.02.07 14:15:22 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{487BA68B-C6DA-4A67-806E-D0FAE4FC7B18}
[2012.02.06 10:39:52 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{37AB9782-5AD7-486C-AC07-40CCD7C5DE1D}
[2012.02.06 10:39:42 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{DD90F9E5-36CB-41EF-96C3-9AFE64A8F313}
[2012.02.05 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{94A7CBBD-706F-4B7B-8E4F-14B6781DA693}
[2012.02.05 17:40:49 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{E87215EC-1CEA-4BBF-AF62-6A088988895C}
[2012.02.03 14:05:58 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{472F5D0B-EC2A-4661-B5CB-38DDCC8C1B4B}
[2012.02.03 14:05:46 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{D8F83BDF-1715-454E-A630-3A8582B9D5F4}
[2012.02.02 14:35:10 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{885AF561-0113-4E20-9C78-5BF2DE3F7F67}
[2012.02.02 14:35:00 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{21B34672-816D-4BF8-A12B-C0359301CBB2}
[2012.02.01 14:23:30 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{9359A2C9-04B2-4D4D-B2C1-704D79C56176}
[2012.02.01 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{5655B8C5-636E-44D7-AC25-73FE969994EF}
[2012.01.31 13:51:19 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{9DD22AAA-2416-4A14-A550-61D2A6A8B250}
[2012.01.31 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{C317F597-7428-4F35-A04D-C4BBD497501E}
[2012.01.30 21:06:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.30 12:34:33 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{876C1B33-0BE1-41BC-9DCF-9863E380CC30}
[2012.01.30 12:34:22 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{A61C71BF-0CCC-4729-9714-4E49E6A40A90}
[2012.01.29 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{142B0D49-CE87-4577-B4D6-24F761D51D63}
[2012.01.29 14:40:12 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{10E92462-4562-4191-86C7-4778048115DD}
[2012.01.27 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Roaming\Avira
[2012.01.27 14:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.27 14:54:20 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.01.27 14:54:20 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.01.27 14:54:20 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.01.27 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.27 14:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.27 09:58:31 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{2A2940D9-3E7C-4333-B944-57C66D2CF2E1}
[2012.01.27 09:58:20 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{53254E67-E5AC-4487-BF60-29A7B9400243}
[2012.01.26 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{BEEFB1C6-4BF7-4DD1-AD41-53DA2F32CAD5}
[2012.01.26 16:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{4A7032D2-368F-49FB-82E6-5F6B7657E0DC}
[2012.01.25 15:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{C502BA3B-BD40-4250-8A6A-77FD0A63CD94}
[2012.01.25 15:08:29 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{63BADFC2-DC88-4291-86A0-62DE4BB148FD}
[2012.01.24 13:20:56 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{29D6139B-2CD7-45DF-B953-36C10D44D494}
[2012.01.24 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{F3EC7906-9DFC-4CAD-B0E7-EA02656AA541}
[2012.01.23 14:06:13 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{95BFAE04-F7B6-4830-86E6-7ACFC6DF1C77}
[2012.01.23 14:06:03 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{1B5CBFB0-9860-401D-B39B-3C63066D967A}
[2012.01.22 13:59:46 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{6CE75B60-922F-4540-A286-B2AE055FA6D8}
[2012.01.22 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{4216FFD1-4CA8-4AFB-8678-1E29C08D5D43}
[2012.01.21 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{9291E0E7-2095-466D-9443-582996E2FB49}
[2012.01.21 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{7C7B2CBB-3B5A-490D-B015-A96B5EFC798C}
[2012.01.21 09:06:54 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{23077190-2E6B-4CF7-9DEC-E5495966D491}
[2012.01.20 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{946340BC-410C-4441-8839-DA9A610F9FB6}
[2012.01.20 20:40:11 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{D8765B46-61A3-451E-AB1C-78E2376A5B61}
[2012.01.20 06:34:46 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{66241CE7-CE95-4EF4-A05A-F402299AF11F}
[2012.01.20 06:34:33 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{0724E379-54E1-42AF-9963-C4D5D554F8FB}
[2012.01.19 16:28:57 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{947CD6F9-8909-4676-B26B-C4701C31D2AB}
[2012.01.19 16:28:47 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{73E24D93-ACE2-4295-987D-B3923E12ABF8}
[2012.01.18 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{E490B016-21BD-483C-A0AE-51D2AB68D385}
[2012.01.18 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{49149CBD-A22F-415F-8AAF-6EA71F8864F0}
[2012.01.17 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Roaming\Windows Live Writer
[2012.01.17 18:01:24 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\Windows Live Writer
[2012.01.17 16:55:13 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{ACFE50D5-D55F-424B-81D9-AA228395CD45}
[2012.01.17 16:55:03 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{22588167-3CAD-4A26-9792-AAE17085C94A}
[2012.01.16 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{0AD86D79-D64C-46B7-9C24-6A90148A74C7}
[2012.01.16 09:12:34 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{1EF534F8-D2EA-44B9-8E5D-0A545BB70DA1}
[2012.01.15 19:52:38 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{5D8B1DE3-9CCC-4156-B185-2074D7719DAA}
[2012.01.15 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{5AFC94D2-CA58-4DAE-9023-545A9DAC98AE}
[2012.01.13 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{DACB2C3F-E3EF-4A0B-90EC-2B554206AACF}
[2012.01.13 20:08:26 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{80539772-C51E-4601-928D-9E195B192DEC}
[2012.01.12 22:12:17 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{9730779C-A6E5-4D31-B26A-A20756C637E0}
[2012.01.12 22:12:07 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{C3FC57EA-2ED1-4CC2-B4D1-4B6D2D1BA4E9}
[2012.01.11 14:34:47 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{996C6315-96EA-4F08-9881-E42A9918ADCA}
[2012.01.11 14:34:34 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{92AD1662-8416-48AD-948D-41D81BEFE66A}
[2012.01.10 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{2D2D9E82-44B9-448F-AF65-4D467AA0D728}
[2012.01.10 14:40:09 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Local\{70B84465-70DF-4773-B8EB-B0AF277AF3CE}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 13:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 13:40:40 | 522,420,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.08 22:37:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 22:37:23 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 21:43:47 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.01 21:48:16 | 000,001,021 | ---- | M] () -- C:\Users\Alpha\Desktop\Dropbox.lnk
[2012.02.01 21:48:16 | 000,001,001 | ---- | M] () -- C:\Users\Alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.01 16:57:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.02.01 15:04:06 | 000,039,056 | -HS- | M] () -- C:\Users\Alpha\Desktop\Folder.jpg
[2012.02.01 15:04:06 | 000,008,546 | -HS- | M] () -- C:\Users\Alpha\Desktop\AlbumArtSmall.jpg
[2012.01.30 16:46:24 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.30 16:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.01.30 16:46:12 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.30 16:42:09 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.01.30 14:13:56 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.01.30 14:01:19 | 002,874,085 | ---- | M] () -- C:\Users\Alpha\Desktop\König der Löwen- Kann es wirklich Liebe sein (Musical).mp3
[2012.01.30 13:59:19 | 004,880,925 | ---- | M] () -- C:\Users\Alpha\Desktop\17 Er Lebt In Dir - Der König der Löwen Musical.mp3
[2012.01.29 17:09:14 | 000,027,194 | ---- | M] () -- C:\Users\Alpha\Desktop\piloten-370x155.jpg
[2012.01.29 14:58:01 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.01.27 15:07:18 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 15:07:18 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.27 15:07:18 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 15:07:18 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.27 15:07:18 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 15:05:54 | 000,207,452 | ---- | M] () -- C:\Users\Alpha\Documents\1
[2012.01.27 14:54:24 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.18 12:34:08 | 000,000,672 | ---- | M] () -- C:\Users\Alpha\Desktop\OnlineCodexWHFB(2).lnk
[2012.01.10 15:17:55 | 000,320,160 | ---- | M] () -- C:\Users\Alpha\Desktop\Unbenannt5.png
[2012.01.10 15:17:40 | 000,316,332 | ---- | M] () -- C:\Users\Alpha\Desktop\Unbenannt4.png
[2012.01.10 15:17:28 | 000,292,526 | ---- | M] () -- C:\Users\Alpha\Desktop\Unbenannt3.png
[2012.01.10 15:17:16 | 000,306,522 | ---- | M] () -- C:\Users\Alpha\Desktop\Unbenannt2.png
[2012.01.10 15:17:02 | 000,438,336 | ---- | M] () -- C:\Users\Alpha\Desktop\Unbenannt.png
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.08 21:43:47 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.02.01 16:57:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.02.01 15:04:06 | 000,039,056 | -HS- | C] () -- C:\Users\Alpha\Desktop\Folder.jpg
[2012.02.01 15:04:06 | 000,008,546 | -HS- | C] () -- C:\Users\Alpha\Desktop\AlbumArtSmall.jpg
[2012.01.30 14:13:56 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.01.30 14:01:14 | 002,874,085 | ---- | C] () -- C:\Users\Alpha\Desktop\König der Löwen- Kann es wirklich Liebe sein (Musical).mp3
[2012.01.30 13:59:09 | 004,880,925 | ---- | C] () -- C:\Users\Alpha\Desktop\17 Er Lebt In Dir - Der König der Löwen Musical.mp3
[2012.01.29 17:09:13 | 000,027,194 | ---- | C] () -- C:\Users\Alpha\Desktop\piloten-370x155.jpg
[2012.01.29 14:58:01 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.01.27 14:54:24 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.15 22:05:37 | 000,000,672 | ---- | C] () -- C:\Users\Alpha\Desktop\OnlineCodexWHFB(2).lnk
[2012.01.10 15:17:55 | 000,320,160 | ---- | C] () -- C:\Users\Alpha\Desktop\Unbenannt5.png
[2012.01.10 15:17:40 | 000,316,332 | ---- | C] () -- C:\Users\Alpha\Desktop\Unbenannt4.png
[2012.01.10 15:17:28 | 000,292,526 | ---- | C] () -- C:\Users\Alpha\Desktop\Unbenannt3.png
[2012.01.10 15:17:15 | 000,306,522 | ---- | C] () -- C:\Users\Alpha\Desktop\Unbenannt2.png
[2012.01.10 15:17:02 | 000,438,336 | ---- | C] () -- C:\Users\Alpha\Desktop\Unbenannt.png
[2011.11.08 21:31:53 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.26 17:04:14 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.26 17:04:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.11.13 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\.minecraft
[2011.10.28 12:22:02 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\DarksporeData
[2012.02.08 22:38:46 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\Dropbox
[2011.11.28 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\DVDVideoSoft
[2011.11.28 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.06 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\HTC
[2012.01.06 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.10.25 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\LolClient
[2011.10.27 07:55:56 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\Origin
[2012.01.10 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\SoftGrid Client
[2011.11.08 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\TP
[2011.12.30 13:37:09 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\Ubisoft
[2012.01.17 18:01:24 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\Windows Live Writer
[2012.02.07 14:14:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.11.25 19:56:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.01.30 21:08:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.10.24 18:15:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.15 01:33:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.11.08 21:31:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.08 21:43:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.30 21:07:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.24 18:15:22 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.25 04:45:08 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.02.08 22:15:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.24 18:19:49 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.08 21:22:51 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.02.09 14:20:36 | 001,572,864 | -HS- | M] () -- C:\Users\Alpha\NTUSER.DAT
[2012.02.09 14:20:36 | 000,262,144 | -HS- | M] () -- C:\Users\Alpha\ntuser.dat.LOG1
[2011.10.24 18:19:50 | 000,000,000 | -HS- | M] () -- C:\Users\Alpha\ntuser.dat.LOG2
[2011.10.24 18:19:50 | 000,065,536 | -HS- | M] () -- C:\Users\Alpha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.10.24 18:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Alpha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.10.24 18:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\Alpha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.10.24 18:19:50 | 000,000,020 | -HS- | M] () -- C:\Users\Alpha\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >


 

Themen zu "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
achtung, achtung!, anderen, antworten, blockiert, downloaden, einfach, erfahrung, euren, folge, folgen, frage, gelöscht, gen, guten, meldung, namens, neu, scan, scanne, scannen, seite, soft, starte, trojaner, trojaner-achtung-50 euro, worte, wurde ihr


« Userinit.exe ist ein Trojaner und WebCheck ein Wurm...HILFE !!! | Firefox öffnet keine Google-Links mehr »


Ähnliche Themen: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"


  1. Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (11)
  2. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  4. Windows (Task-Manager, etc.) blockiert; "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem..."
    Log-Analyse und Auswertung - 08.03.2012 (12)
  5. "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" OTL Log
    Log-Analyse und Auswertung - 06.03.2012 (12)
  6. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  7. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  8. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (54)
  9. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT
    Log-Analyse und Auswertung - 06.02.2012 (23)
  10. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  11. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  12. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Log-Analyse und Auswertung - 16.01.2012 (9)
  13. "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert.", schwarz-rot-gold, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (5)
  14. Trojaner: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.01.2012 (24)
  15. TROJANER - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 06.01.2012 (11)
  16. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  17. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - so hoffe das ist so korrekt: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 09.02.2012 14:17:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\ 64bit- - "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"...
Archiv
Du betrachtest: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27