| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm nach dem Neustart/einmalige Meldung von BundespolzeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.05.2013, 18:26
| #1 |
 |  Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Hallo liebes Trojanerboard, Nach dem Starten von Windows bleibt der bildschirm einfach weiß. Kann daher auch keine OTL.exe usw. drüberlaufen lassen. Könnt ihr mir dabei helfen? Ich benutzt Win7, home, 64bit Wenn es hilft, ich habe einen Laptop wo alles normal funktioniert zwecks Internet usw. Ich hoffe ihr könnt mir weiterhelfen. |
|
14.05.2013, 18:27
| #2 |
| /// Malware-holic   | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei hi,
__________________kommst du an nen pc mit brenner? download: http://filepony.de/download-isoburner/ isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
14.05.2013, 18:29
| #3 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Sobald ich den PC starte kommt ein weißer Bildschirm. Kann daher das Program nicht downloaden bzw. durchlaufen lassen.
__________________Geht das irgendwie vom usb stick aus? Danke! Ja kommt zu einem Brenner. Werd das machen. Danke |
|
14.05.2013, 18:55
| #4 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei brennen etc halt von nem andern PC aus :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 19:00
| #5 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Hallo Markusg! Hab den PC von der CD aus gestartet. -Erste Meldung war Startet Reatogo-X-PE Dann kam folgende blaue Fehlermeldung: A problem has been detected and windows ahs been shut down to prevent damage to your computer. If this is the first time you have been seen this stop error scree, restar your computer. If this screen appears again, follow these steps: Check for virus on your compter. Remove any newly installed hard drives or hard drive controlles. Check your hard dirve to make sure ti is proberly configured and terminated. Run CHKDSK / F to check for hard drive corruption and then restart your computer Technical information: ***STOP: 0x0000007B (0xF78DA528, 0xC0000034,0x00000000,0x00000000) |
|
14.05.2013, 19:05
| #6 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei hi gehe ins bios, bei pc start meist über entf dort suche die Option ide bzw AHCY mode, konfiguriere jeweils den gegenteiligen und versuchs noch mal. sollte dann ein Fenster, browse for folder, kommen, dann gehe auf bot, klappe den Ordner auf, und klicke auf windows bzw wind
__________________ --> Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei |
|
14.05.2013, 20:18
| #7 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei ok otl ist durch... otl.txt dateien seh ich.. jetzt hab ich nur wieder ein problem...die maus funktioniert nicht und ich kann die dateien nicht auf usb speichern und hier einfügen. |
|
14.05.2013, 20:22
| #8 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei dann mal usb stick raus, neustart, stick rein und dann die Textdatei posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 20:41
| #9 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von BundespolzeiCode:
ATTFilter OTL logfile created on: 5/15/2013 12:00:24 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 65.38 Mb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive G: | 1831.92 Gb Total Space | 1772.77 Gb Free Space | 96.77% Space Free | Partition Type: NTFS
Drive H: | 30.00 Gb Total Space | 18.10 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/25 12:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto] -- G:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- G:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/25 07:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- G:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto] -- G:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/17 22:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- G:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/16 08:13:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- G:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 08:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 08:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/25 08:24:16 | 000,990,896 | ---- | M] () [Auto] -- G:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/03/25 06:59:38 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 01:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 03:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 03:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/06 03:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- G:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- G:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/04 08:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 20:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- G:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/25 08:24:16 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System] -- G:\Windows\System32\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/20 21:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- G:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/07 23:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/07 23:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- G:\Windows\System32\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/07 23:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- G:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/07 23:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- G:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/07 23:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/10/01 03:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 03:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 03:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 03:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/12/17 05:57:03 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/12/17 05:55:56 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\System32\Drivers\qd262x64.sys -- (ioatdma2) Intel(R)
DRV:64bit: - [2010/12/17 05:55:55 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\System32\Drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2010/12/17 05:55:50 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
DRV:64bit: - [2010/12/17 05:55:50 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
DRV:64bit: - [2010/11/19 14:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 14:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/21 04:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/16 13:33:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/09/07 16:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/31 05:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/06 10:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- G:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Franz_Pfeifer_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Franz_Pfeifer_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche
IE - HKU\Franz_Pfeifer_ON_G\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Franz_Pfeifer_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Franz_Pfeifer_ON_G\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Franz_Pfeifer_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.kappl.at"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: G:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: G:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: G:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: G:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: G:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: G:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: G:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: G:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.0.0.2 [2013/03/25 08:24:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/16 08:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/20 07:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/16 08:13:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/05/10 05:18:58 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Franz Pfeifer\AppData\Roaming\Mozilla\Extensions
[2011/05/10 05:18:58 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Franz Pfeifer\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/25 05:12:24 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Franz Pfeifer\AppData\Roaming\Mozilla\Firefox\Profiles\ovw3zs6e.default-1364202675281\extensions
[2013/04/16 08:13:14 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2013/03/25 08:24:23 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- G:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.0.0.2
() (No name found) -- G:\USERS\FRANZ PFEIFER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OVW3ZS6E.DEFAULT-1364202675281\EXTENSIONS\{99B98C2C-7274-45A3-A640-D9DF1A1C8460}.XPI
[2013/04/16 08:13:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- G:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/25 09:28:56 | 000,001,392 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/03/25 08:24:23 | 000,003,714 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/25 09:28:56 | 000,002,465 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/25 09:28:56 | 000,001,153 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/25 09:28:56 | 000,006,805 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/25 09:28:56 | 000,001,178 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/25 09:28:56 | 000,001,105 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\Franz_Pfeifer_ON_G\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - G:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Franz_Pfeifer_ON_G\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] G:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] G:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] G:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] G:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] G:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [vProt] G:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\LocalService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Franz_Pfeifer_ON_G\..Trusted Domains: blank ([]about in Lokales Intranet)
O15:64bit: - Franz_Pfeifer_ON_G\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15:64bit: - Franz_Pfeifer_ON_G\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Franz_Pfeifer_ON_G Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Franz_Pfeifer_ON_G Winlogon: Shell - (C:\Users\Franz Pfeifer\AppData\Roaming\skype.dat) - G:\Users\Franz Pfeifer\AppData\Roaming\skype.dat (Sftware )
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
========== Files/Folders - Created Within 30 Days ==========
[2013/05/10 03:37:08 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/16 08:13:14 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Mozilla Firefox
[2012/01/12 15:59:54 | 000,130,560 | ---- | C] (Sftware ) -- G:\Users\Franz Pfeifer\AppData\Roaming\skype.dat
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/14 13:43:28 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013/05/14 13:43:25 | 3206,787,072 | -HS- | M] () -- G:\hiberfil.sys
[2013/05/14 13:32:13 | 000,015,984 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 13:32:13 | 000,015,984 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 13:32:12 | 000,001,110 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/14 13:31:28 | 000,000,004 | ---- | M] () -- G:\Users\Franz Pfeifer\AppData\Roaming\skype.ini
[2013/05/14 13:28:04 | 000,001,106 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/14 12:54:17 | 000,672,692 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013/05/14 12:54:17 | 000,623,678 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013/05/14 12:54:17 | 000,135,782 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013/05/14 12:54:17 | 000,111,548 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013/05/13 09:32:50 | 001,528,528 | ---- | M] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/13 03:58:13 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/10 03:37:08 | 000,000,985 | ---- | M] () -- G:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/10 03:37:08 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/30 07:39:36 | 000,001,106 | ---- | M] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/04/30 07:39:36 | 000,001,094 | ---- | M] () -- G:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/04/24 04:02:32 | 000,001,117 | ---- | M] () -- G:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/24 04:02:32 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[1 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/13 03:55:23 | 000,000,004 | ---- | C] () -- G:\Users\Franz Pfeifer\AppData\Roaming\skype.ini
[2011/05/10 05:03:49 | 001,528,528 | ---- | C] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 12:14:03 | 000,008,192 | ---- | C] () -- G:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/12/03 15:07:26 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2010/12/03 14:59:01 | 000,002,888 | ---- | C] () -- G:\Windows\SysWow64\atipblag.dat
[2009/08/03 19:07:42 | 000,403,816 | ---- | C] () -- G:\Windows\SysWow64\OGACheckControl.DLL
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- G:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- G:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- G:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- G:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2013/03/25 08:24:23 | 000,000,000 | ---D | M] -- G:\ProgramData\AVG Secure Search
[2012/07/04 04:57:22 | 000,000,000 | ---D | M] -- G:\ProgramData\AVG2012
[2013/03/25 08:24:46 | 000,000,000 | ---D | M] -- G:\ProgramData\AVG2013
[2013/03/25 07:33:32 | 000,000,000 | ---D | M] -- G:\ProgramData\CA9BF7A91A61A2890000CA9B2D18AD49
[2012/01/02 08:40:24 | 000,000,000 | -H-D | M] -- G:\ProgramData\Common Files
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2010/12/03 11:34:54 | 000,000,000 | ---D | M] -- G:\ProgramData\Downloaded Installations
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2011/05/17 08:35:59 | 000,000,000 | ---D | M] -- G:\ProgramData\m2backup
[2011/05/17 07:00:08 | 000,000,000 | ---D | M] -- G:\ProgramData\m2portal
[2013/05/14 13:09:24 | 000,000,000 | ---D | M] -- G:\ProgramData\MFAData
[2011/05/17 07:00:09 | 000,000,000 | ---D | M] -- G:\ProgramData\mquadr.at
[2011/07/04 07:32:38 | 000,000,000 | ---D | M] -- G:\ProgramData\Partner
[2011/07/19 12:05:09 | 000,000,000 | ---D | M] -- G:\ProgramData\PC Drivers HeadQuarters
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2010/11/09 16:44:15 | 000,000,000 | ---D | M] -- G:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2011/05/10 04:38:55 | 000,000,000 | ---D | M] -- G:\ProgramData\TP-LINK
[2011/05/11 12:43:48 | 000,000,000 | ---D | M] -- G:\ProgramData\VirtualizedApplications
[2011/05/17 07:33:33 | 000,000,000 | -H-D | M] -- G:\ProgramData\{4E684805-4C70-4570-B57A-1332B65E995E}
[2011/05/17 07:55:31 | 000,000,000 | -H-D | M] -- G:\ProgramData\{97A66005-421F-474D-ACE1-CF35FDC12CE8}
[2011/05/17 06:59:40 | 000,000,000 | -H-D | M] -- G:\ProgramData\{DEC678D1-B2BE-43DD-B123-21503011D8C9}
[2013/04/29 15:29:24 | 000,032,632 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< netsevcs >
< %SYSTEMDRIVE%\*. >
[2013/03/25 08:22:15 | 000,000,000 | -H-D | M] -- G:\$AVG
[2011/05/10 04:12:36 | 000,000,000 | -HSD | M] -- G:\$RECYCLE.BIN
[2011/05/10 04:09:22 | 000,000,000 | -HSD | M] -- G:\Documents and Settings
[2011/06/17 02:13:06 | 000,000,000 | ---D | M] -- G:\f6fe5f9810f5fd44b7c63700efe8be
[2013/01/12 15:49:50 | 000,000,000 | -HSD | M] -- G:\found.000
[2010/11/09 17:09:16 | 000,000,000 | ---D | M] -- G:\Intel
[2011/06/17 02:10:07 | 000,000,000 | RH-D | M] -- G:\MSOCache
[2013/03/25 06:56:40 | 000,000,000 | R--D | M] -- G:\Program Files
[2013/05/11 01:27:48 | 000,000,000 | R--D | M] -- G:\Program Files (x86)
[2013/03/25 09:16:25 | 000,000,000 | -H-D | M] -- G:\ProgramData
[2011/05/10 04:09:22 | 000,000,000 | -HSD | M] -- G:\Recovery
[2013/05/13 04:05:41 | 000,000,000 | -HSD | M] -- G:\System Volume Information
[2011/05/10 04:12:25 | 000,000,000 | R--D | M] -- G:\Users
[2013/05/13 08:24:14 | 000,000,000 | ---D | M] -- G:\Windows
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- G:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- G:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- G:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- G:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- G:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- G:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- G:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- G:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- G:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- G:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- G:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- G:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- G:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- G:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- G:\Windows\System32\drivers\iaStor.sys
[2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- G:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- G:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- G:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- G:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- G:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- G:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2010/05/12 04:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- G:\Windows\System32\drivers\nvstor.sys
[2010/05/12 04:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 04:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- G:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 04:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- G:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- G:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- G:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- G:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- G:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- G:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- G:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- G:\Windows\System32\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- G:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- G:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- G:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- G:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- G:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- G:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- G:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- G:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- G:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- G:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- G:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 08:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- G:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- G:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- G:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- G:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys/ /lockedfiles >
Invalid Switch:
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\LocalSettings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
14.05.2013, 20:45
| #10 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Hi, auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Franz_Pfeifer_ON_G Winlogon: Shell - (C:\Users\Franz Pfeifer\AppData\Roaming\skype.dat) - G:\Users\Franz Pfeifer\AppData\Roaming\skype.dat (Sftware
)
[2013/05/14 13:31:28 | 000,000,004 | ---- | M] () -- G:\Users\Franz Pfeifer\AppData\Roaming\skype.ini
:Files
C:\Users\Franz Pfeifer\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 20:57
| #11 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei pc wurde nicht neu gestartet... die meldung hab ich bekommen Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Franz_Pfeifer_ON_G\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Franz Pfeifer\AppData\Roaming\skype.dat deleted successfully.
G:\Users\Franz Pfeifer\AppData\Roaming\skype.dat moved successfully.
G:\Users\Franz Pfeifer\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
File\Folder C:\Users\Franz Pfeifer\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Franz Pfeifer
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
User: Default User
User: Franz Pfeifer
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 516755000 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
Total Files Cleaned = 493.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 05152013_015421
|
|
14.05.2013, 21:19
| #12 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei dann man manuell neustarten, cd raus und wenns läuft, upload machen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 07:18
| #13 |
| | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Schönen guten Morgen! Hab so eben den upload gemacht. Danke für die Hilfe  |
|
15.05.2013, 12:03
| #14 |
| /// Malware-holic | Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei danke fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 12:20
| #15 |
| |  Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei Hallo Markus! Laut Tdsskiller Programm: no threats found logfile ist zu groß kann ich leider nicht anhängen Geändert von gstreinaldo (15.05.2013 um 12:28 Uhr) |
|
| Themen zu Weißer Bildschirm nach dem Neustart/einmalige Meldung von Bundespolzei |
| arten, bildschirm, einfach, funktionier, funktioniert, hilft, hoffe, home, inter, interne, internet, laptop, meldung, otl.exe, starte, starten, troja, trojanerboard, weiterhelfen, weißer, weißer bildschirm, win7, windows, zwecks |
Linear-Darstellung
