| |
| |||||||
Log-Analyse und Auswertung: Weißer Bildschirm beim Start von Windows 7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.10.2013, 10:46
| #1 |
| |  Weißer Bildschirm beim Start von Windows 7 Hallo erstmal! Zunächst: Ich habe mich soweit ich mich auskenne informiert und habe den gleichen Virus wie Michael (http://www.trojaner-board.de/134540-...ndows-7-a.html) und habe soweit alles erledigt wie es identisch zu erledigen war. Mir ist exakt dasselbe passiert wie ihm, ich habe den Trojaner im abgesicherten Modus entfernt und auch den XSplitBroadcaster in der Hoffnung, dass damit das Fenster am Anfang nicht mehr erscheinen würde aber so leicht war es dann doch nicht. Mit der OTLPE-CD habe ich den Scan durchgeführt allerdings die beiden Text Dokumente nicht gefunden, sie waren nicht wie angegeben in C:\ und ich konnte sie auch nicht über "suchen" finden. Deshalb habe ich hier nur eine Datei, nämlich die, die sich nach em Scan geöffnet hat:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/29/2013 11:25:41 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Enterprise Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 65.86 Mb Free Space | 65.87% Space Free | Partition Type: NTFS
Drive G: | 931.41 Gb Total Space | 472.99 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Disabled] -- G:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/10 02:53:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 16:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- G:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/01 09:51:14 | 002,746,704 | ---- | M] (LogMeIn Inc.) [Disabled] -- G:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/09/25 15:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- G:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/17 18:28:16 | 000,878,888 | ---- | M] (AnchorFree Inc.) [Disabled] -- G:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/09/17 18:27:50 | 000,556,840 | ---- | M] () [Disabled] -- G:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/09/17 16:35:24 | 000,078,512 | ---- | M] () [Disabled] -- G:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [Disabled] -- G:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/05 04:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled] -- G:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/28 17:57:43 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Disabled] -- G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/08/18 18:25:42 | 000,076,888 | ---- | M] () [Auto] -- G:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/18 10:39:40 | 000,762,192 | ---- | M] (Nero AG) [Disabled] -- G:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- G:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 17:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- G:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/15 20:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled] -- G:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/25 15:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- G:\Windows\System32\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/17 16:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System] -- G:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/09/08 16:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 04:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- G:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 04:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 04:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 04:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- G:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 16:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- G:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/12 19:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/08/01 10:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- G:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/26 02:31:15 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System] -- G:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/18 07:59:44 | 000,633,680 | ---- | M] (Paragon) [Kernel | System] -- G:\Windows\System32\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2013/02/18 07:59:44 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System] -- G:\Windows\System32\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2013/02/18 07:59:42 | 000,390,352 | ---- | M] (Paragon) [Kernel | System] -- G:\Windows\System32\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/01 04:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- G:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/25 00:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/08/19 13:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/09/30 13:14:22 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- G:\Windows\System32\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2009/09/23 12:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- G:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\hamachi.sys -- (hamachi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.search.us.com/v/2/?guid={6FE80E30-F407-45EA-97D8-1D2D40802996}&serpv=5
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = (1) Search
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.search.us.com/v/2/?guid={6FE80E30-F407-45EA-97D8-1D2D40802996}&serpv=5
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Georg_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 3E FC 3F 96 12 CE 01 [binary data]
IE - HKU\Georg_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://start.search.us.com/v/2/?guid={6FE80E30-F407-45EA-97D8-1D2D40802996}&serpv=5"
FF - user.js..browser.startup.homepage: 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref("browser.startup.homepage", "hxxp://start.search.us.com/v/2/?guid={6FE80E30-F407-45EA-97D8-1D2D40802996}&serpv=5"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: G:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0: G:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: G:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: G:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: G:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM: G:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: G:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: G:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: G:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@raidcall.en/RCplugin: G:\Users\Georg\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: G:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: G:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/24 16:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/02/24 16:40:47 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Georg\AppData\Roaming\Mozilla\Extensions
[2013/10/21 16:48:45 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\14v5iasj.default\extensions
[2013/10/04 12:52:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- G:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\14v5iasj.default\extensions\ich@maltegoetz.de
[2013/09/22 08:32:15 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/22 08:32:15 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- G:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.com
File not found (No name found) --
() (No name found) -- G:\USERS\GEORG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\14V5IASJ.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2013/02/15 20:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- G:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/16 00:15:47 | 000,001,392 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/16 00:15:47 | 000,002,465 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 00:15:47 | 000,001,153 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/16 00:15:47 | 000,006,805 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/16 00:15:47 | 000,001,178 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/16 00:15:47 | 000,001,105 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Kozaka) - {a45e3fa8-5048-4372-94ad-c6661671f7fc} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O4 - HKU\LocalService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_G..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_G..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Georg_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Georg_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Georg_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Georg_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Georg_ON_G\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Georg_ON_G\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Georg_ON_G\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: sony.com ([]* in )
O15:64bit: - UpdatusUser_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - UpdatusUser_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - UpdatusUser_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - UpdatusUser_ON_G\..Trusted Domains: sony.com ([]* in )
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Georg\AppData\Local\Temp\MSDCSC\msdcsc.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Georg\AppData\Local\Temp\MSDCSC\msdcsc.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Georg_ON_G Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Georg_ON_G Winlogon: Shell - (C:\Users\Georg\AppData\Roaming\cache.dat) - G:\Users\Georg\AppData\Roaming\cache.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/15 12:20:30 | 000,000,000 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/10/26 14:27:27 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\ExpressFiles
[2013/10/25 04:56:01 | 000,000,000 | -HSD | C] -- G:\Config.Msi
[2013/10/21 16:48:37 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\GoforFiles
[2013/10/21 04:42:32 | 000,000,000 | ---D | C] -- G:\Windows\pss
[2013/10/20 19:21:13 | 000,000,000 | ---D | C] -- G:\Users\Georg\Desktop\Neuer Ordner
[2013/10/20 18:49:43 | 000,000,000 | ---D | C] -- G:\Users\Georg\Desktop\Emulator
[2013/10/20 13:59:27 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\Blizzard Entertainment
[2013/10/20 11:47:02 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\WhatPulse
[2013/10/20 11:47:02 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\CrashRpt
[2013/10/20 11:46:41 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2013/10/20 11:46:39 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\WhatPulse2
[2013/10/20 10:24:48 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/10/20 10:24:48 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\World of Warcraft
[2013/10/20 10:24:48 | 000,000,000 | ---D | C] -- G:\ProgramData\Blizzard Entertainment
[2013/10/20 10:24:48 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/10/20 10:23:34 | 000,000,000 | ---D | C] -- G:\ProgramData\Battle.net
[2013/10/20 04:53:23 | 000,000,000 | ---D | C] -- G:\Users\Georg\Documents\NeroVideo
[2013/10/20 04:53:23 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\Nero
[2013/10/20 04:52:36 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\Nero
[2013/10/20 04:50:10 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Nero
[2013/10/20 04:50:01 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/10/20 04:50:01 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Nero
[2013/10/20 04:49:50 | 000,000,000 | ---D | C] -- G:\ProgramData\Nero
[2013/10/20 04:48:54 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\MSXML 4.0
[2013/10/20 04:29:05 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\Publish Providers
[2013/10/20 04:28:56 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\Sony
[2013/10/20 04:24:18 | 000,000,000 | ---D | C] -- G:\Windows\en
[2013/10/20 04:24:05 | 000,000,000 | ---D | C] -- G:\Windows\de
[2013/10/20 04:23:40 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/10/20 04:22:15 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Windows Live
[2013/10/20 04:18:11 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\Windows Live
[2013/10/20 04:17:58 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Windows Live
[2013/10/19 16:21:24 | 000,000,000 | ---D | C] -- G:\ProgramData\restore
[2013/10/19 05:15:00 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\WinRAR
[2013/10/19 05:14:52 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/10/19 05:14:52 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/10/19 05:14:40 | 000,000,000 | ---D | C] -- G:\Program Files\WinRAR
[2013/10/17 10:55:35 | 000,000,000 | ---D | C] -- G:\ProgramData\Oracle
[2013/10/17 10:52:48 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Java
[2013/10/17 10:52:40 | 000,264,616 | ---- | C] (Oracle Corporation) -- G:\Windows\SysWow64\javaws.exe
[2013/10/17 10:52:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- G:\Windows\SysWow64\java.exe
[2013/10/17 10:52:34 | 000,096,168 | ---- | C] (Oracle Corporation) -- G:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/17 10:51:34 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/16 07:37:16 | 000,000,000 | ---D | C] -- G:\Windows\SysWow64\Hotspot Shield
[2013/10/14 15:02:27 | 000,000,000 | ---D | C] -- G:\ProgramData\TuneUp Software
[2013/10/14 15:01:51 | 000,000,000 | -HSD | C] -- G:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/10/11 16:33:08 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/10/11 10:31:09 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/10 03:48:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ieui.dll
[2013/10/10 03:48:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ieui.dll
[2013/10/10 03:48:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\iesysprep.dll
[2013/10/10 03:48:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\RegisterIEPKEYs.exe
[2013/10/10 03:48:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 03:48:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesetup.dll
[2013/10/10 03:48:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\iesetup.dll
[2013/10/10 03:48:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ie4uinit.exe
[2013/10/10 03:48:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iernonce.dll
[2013/10/10 03:48:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\iernonce.dll
[2013/10/10 03:48:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\iesysprep.dll
[2013/10/10 03:48:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\msfeeds.dll
[2013/10/10 03:48:03 | 000,493,056 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\msfeeds.dll
[2013/10/10 03:48:02 | 003,959,296 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript9.dll
[2013/10/10 03:48:02 | 002,876,928 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\jscript9.dll
[2013/10/10 03:48:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\jscript.dll
[2013/10/10 03:48:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\jscript.dll
[2013/10/10 02:42:35 | 000,633,856 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\comctl32.dll
[2013/10/10 02:42:33 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- G:\Windows\System32\atmfd.dll
[2013/10/10 02:42:33 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\atmfd.dll
[2013/10/10 02:42:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\fontsub.dll
[2013/10/10 02:42:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\fontsub.dll
[2013/10/10 02:42:33 | 000,046,080 | ---- | C] (Adobe Systems) -- G:\Windows\System32\atmlib.dll
[2013/10/10 02:42:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\lpk.dll
[2013/10/10 02:42:33 | 000,034,304 | ---- | C] (Adobe Systems) -- G:\Windows\SysWow64\atmlib.dll
[2013/10/10 02:42:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\dciman32.dll
[2013/10/10 02:42:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\dciman32.dll
[2013/10/10 02:42:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\drivers\hidclass.sys
[2013/10/10 02:42:31 | 000,032,896 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\drivers\hidparse.sys
[2013/10/10 02:42:30 | 000,102,400 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\davclnt.dll
[2013/10/10 02:42:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\davclnt.dll
[2013/10/10 02:42:23 | 005,549,504 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntoskrnl.exe
[2013/10/10 02:42:22 | 003,969,472 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 02:42:22 | 000,878,080 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\advapi32.dll
[2013/10/10 02:42:22 | 000,859,648 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\tdh.dll
[2013/10/10 02:42:21 | 003,914,176 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 02:42:21 | 001,732,032 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntdll.dll
[2013/10/10 02:42:21 | 000,619,520 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\tdh.dll
[2013/10/10 02:42:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\wow64.dll
[2013/10/10 02:42:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\setup16.exe
[2013/10/10 02:42:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 02:42:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\instnm.exe
[2013/10/10 02:42:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\wow32.dll
[2013/10/10 02:42:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\user.exe
[2013/10/10 02:42:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 02:42:16 | 000,124,112 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 02:42:13 | 000,461,312 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\scavengeui.dll
[2013/10/07 05:55:28 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/10/07 05:55:13 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\Sony
[2013/10/07 05:55:13 | 000,000,000 | ---D | C] -- G:\ProgramData\Sony
[2013/10/07 05:55:13 | 000,000,000 | ---D | C] -- G:\Program Files\Sony
[2013/10/07 05:55:13 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Sony
[2013/10/05 21:13:10 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/10/05 21:13:10 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\LogMeIn Hamachi
[2013/10/05 06:08:53 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\LogMeIn
[2013/10/05 06:08:53 | 000,000,000 | ---D | C] -- G:\ProgramData\LogMeIn
[2013/10/05 06:03:58 | 000,000,000 | ---D | C] -- G:\Users\Georg\AppData\Local\LogMeIn Hamachi
[2013/02/26 14:00:07 | 001,178,624 | ---- | C] (CPUID) -- G:\Users\Georg\AppData\Roaming\siw_sdk.dll
[2 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/29 04:55:54 | 000,000,004 | ---- | M] () -- G:\Users\Georg\AppData\Roaming\cache.ini
[2013/10/29 04:53:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 04:22:31 | 000,023,824 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 04:22:31 | 000,023,824 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 04:21:10 | 000,001,108 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 04:18:17 | 003,909,570 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013/10/29 04:18:17 | 001,622,550 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013/10/29 04:18:17 | 001,151,134 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013/10/29 04:18:17 | 001,019,932 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013/10/29 04:13:12 | 000,001,104 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 04:12:37 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013/10/29 04:12:32 | 2140,495,871 | -HS- | M] () -- G:\hiberfil.sys
[2013/10/28 19:26:37 | 000,000,000 | -H-- | M] () -- G:\Users\Georg\Documents\Default.rdp
[2013/10/28 16:56:50 | 000,290,184 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.xtr
[2013/10/28 16:56:50 | 000,290,184 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2013/10/28 16:51:30 | 000,290,184 | ---- | M] () -- G:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/28 10:45:29 | 000,057,516 | ---- | M] () -- G:\Users\Georg\Desktop\voll porno.jpg
[2013/10/26 14:19:40 | 000,604,351 | ---- | M] () -- G:\Users\Georg\Desktop\g3Uuxez.jpg
[2013/10/26 14:18:43 | 000,390,078 | ---- | M] () -- G:\Users\Georg\Desktop\3JMctH7.jpg
[2013/10/26 09:30:10 | 000,288,369 | ---- | M] () -- G:\Users\Georg\Desktop\WoWScrnShot_102613_152838.jpg
[2013/10/25 07:02:34 | 000,058,887 | ---- | M] () -- G:\Users\Georg\Desktop\schön.PNG
[2013/10/23 11:21:12 | 562,056,951 | ---- | M] () -- G:\Windows\MEMORY.DMP
[2013/10/23 08:38:06 | 000,039,791 | ---- | M] () -- G:\Users\Georg\Desktop\ausländer = aliens n1 google.JPG
[2013/10/23 07:18:37 | 000,031,508 | ---- | M] () -- G:\Users\Georg\Desktop\Kappador.jpg
[2013/10/21 04:52:02 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotionJoy
[2013/10/20 11:46:41 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2013/10/20 10:24:54 | 000,000,000 | R--D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/10/20 10:24:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/10/20 05:41:42 | 000,409,087 | ---- | M] () -- G:\Users\Georg\Desktop\stahp.JPG
[2013/10/20 04:51:25 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/10/20 04:23:54 | 000,001,305 | ---- | M] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/10/20 04:23:45 | 000,001,374 | ---- | M] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/10/19 05:14:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/10/17 10:51:34 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/14 15:01:16 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/10/11 16:33:20 | 000,001,133 | ---- | M] () -- G:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/10/11 16:33:20 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/10/11 10:31:09 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/10/10 04:12:54 | 000,418,704 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2013/10/10 03:47:43 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/10/10 02:53:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/10 02:53:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 01:50:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- G:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 01:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- G:\Windows\SysWow64\javaws.exe
[2013/10/08 01:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- G:\Windows\SysWow64\java.exe
[2013/10/07 05:55:28 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/10/05 21:13:11 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/09/29 15:57:34 | 000,000,023 | ---- | M] () -- G:\Windows\ODBCINST.INI
[2 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/28 19:26:37 | 000,000,000 | -H-- | C] () -- G:\Users\Georg\Documents\Default.rdp
[2013/10/28 18:48:45 | 000,000,004 | ---- | C] () -- G:\Users\Georg\AppData\Roaming\cache.ini
[2013/10/28 10:45:29 | 000,057,516 | ---- | C] () -- G:\Users\Georg\Desktop\voll porno.jpg
[2013/10/26 14:19:40 | 000,604,351 | ---- | C] () -- G:\Users\Georg\Desktop\g3Uuxez.jpg
[2013/10/26 14:18:43 | 000,390,078 | ---- | C] () -- G:\Users\Georg\Desktop\3JMctH7.jpg
[2013/10/26 09:29:42 | 000,288,369 | ---- | C] () -- G:\Users\Georg\Desktop\WoWScrnShot_102613_152838.jpg
[2013/10/25 07:02:20 | 000,058,887 | ---- | C] () -- G:\Users\Georg\Desktop\schön.PNG
[2013/10/23 08:38:06 | 000,039,791 | ---- | C] () -- G:\Users\Georg\Desktop\ausländer = aliens n1 google.JPG
[2013/10/23 07:18:37 | 000,031,508 | ---- | C] () -- G:\Users\Georg\Desktop\Kappador.jpg
[2013/10/20 05:41:42 | 000,409,087 | ---- | C] () -- G:\Users\Georg\Desktop\stahp.JPG
[2013/10/20 04:23:54 | 000,001,305 | ---- | C] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/10/20 04:23:45 | 000,001,374 | ---- | C] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/10/11 16:33:20 | 000,001,133 | ---- | C] () -- G:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2013/10/10 02:42:21 | 000,099,328 | ---- | C] () -- G:\Users\Georg\AppData\Roaming\cache.dat
[2013/08/17 06:03:39 | 000,000,023 | ---- | C] () -- G:\Windows\BlendSettings.ini
[2013/06/07 08:02:55 | 000,006,230 | ---- | C] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/15 02:52:23 | 001,398,704 | ---- | C] () -- G:\Program Files (x86)\LOLReplay.zip
[2013/05/02 12:06:00 | 000,000,161 | ---- | C] () -- G:\Windows\AutoKMS.ini
[2013/04/05 13:00:19 | 000,290,184 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrB.exe
[2013/04/05 13:00:16 | 000,076,888 | ---- | C] () -- G:\Windows\SysWow64\PnkBstrA.exe
[2013/04/05 13:00:11 | 000,000,356 | ---- | C] () -- G:\Windows\game.ini
[2013/03/22 08:11:31 | 000,000,023 | ---- | C] () -- G:\Windows\ODBCINST.INI
[2013/03/01 15:49:53 | 000,007,596 | ---- | C] () -- G:\Users\Georg\AppData\Local\Resmon.ResmonCfg
[2013/02/28 12:14:10 | 000,000,000 | ---- | C] () -- G:\Windows\ativpsrm.bin
[2013/02/24 09:39:46 | 000,000,768 | ---- | C] () -- G:\Windows\SysWow64\Settings.ini
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- G:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- G:\Windows\SysWow64\ativvsva.dat
[2012/03/08 20:26:20 | 000,054,784 | ---- | C] () -- G:\Windows\SysWow64\OVDecode.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- G:\Windows\SysWow64\atipblag.dat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- G:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- G:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- G:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- G:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- G:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- G:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- G:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- G:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2013/02/28 15:37:34 | 000,000,000 | ---D | M] -- G:\ProgramData\AMD
[2013/02/24 09:39:34 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2013/09/23 00:52:51 | 000,000,000 | ---D | M] -- G:\ProgramData\AVG2014
[2013/06/03 08:05:31 | 000,000,000 | ---D | M] -- G:\ProgramData\backup
[2013/10/20 10:24:02 | 000,000,000 | ---D | M] -- G:\ProgramData\Battle.net
[2013/03/11 02:14:00 | 000,000,000 | -H-D | M] -- G:\ProgramData\CanonBJ
[2013/02/25 16:36:00 | 000,000,000 | ---D | M] -- G:\ProgramData\CDRWIN 10
[2013/02/24 10:58:52 | 000,000,000 | -H-D | M] -- G:\ProgramData\Common Files
[2013/02/26 02:32:39 | 000,000,000 | ---D | M] -- G:\ProgramData\DAEMON Tools Lite
[2013/02/25 15:51:03 | 000,000,000 | ---D | M] -- G:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2013/02/24 09:39:34 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2013/08/18 17:43:24 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Core
[2013/08/18 18:26:12 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Logs
[2013/08/21 12:55:57 | 000,000,000 | ---D | M] -- G:\ProgramData\Electronic Arts
[2013/06/03 08:05:26 | 000,000,000 | ---D | M] -- G:\ProgramData\explauncher
[2013/02/24 09:39:34 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2013/09/15 08:40:14 | 000,000,000 | ---D | M] -- G:\ProgramData\Firefly Studios
[2013/05/01 04:12:21 | 000,000,000 | ---D | M] -- G:\ProgramData\Hi-Rez Studios
[2013/09/22 11:42:43 | 000,000,000 | ---D | M] -- G:\ProgramData\Hotspot Shield
[2013/06/07 07:59:18 | 000,000,000 | ---D | M] -- G:\ProgramData\InstallMate
[2013/06/03 08:05:25 | 000,000,000 | ---D | M] -- G:\ProgramData\launcher
[2013/10/05 06:08:53 | 000,000,000 | ---D | M] -- G:\ProgramData\LogMeIn
[2013/04/05 12:48:33 | 000,000,000 | ---D | M] -- G:\ProgramData\Logs
[2013/10/29 04:49:04 | 000,000,000 | ---D | M] -- G:\ProgramData\MFAData
[2013/10/17 10:55:37 | 000,000,000 | ---D | M] -- G:\ProgramData\Oracle
[2013/08/23 07:36:29 | 000,000,000 | ---D | M] -- G:\ProgramData\Origin
[2013/10/28 16:50:07 | 000,000,000 | ---D | M] -- G:\ProgramData\PMB Files
[2013/10/19 16:21:24 | 000,000,000 | ---D | M] -- G:\ProgramData\restore
[2013/10/07 05:55:13 | 000,000,000 | ---D | M] -- G:\ProgramData\Sony
[2013/08/29 17:17:31 | 000,000,000 | ---D | M] -- G:\ProgramData\SplitMediaLabs
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2013/02/24 09:39:34 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2013/10/14 15:04:58 | 000,000,000 | ---D | M] -- G:\ProgramData\TuneUp Software
[2013/02/24 09:39:34 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2013/10/14 15:01:51 | 000,000,000 | -HSD | M] -- G:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/09/13 03:29:49 | 000,032,632 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Jetzt weiß ich aber auc nicht mehr weiter weil ich mich damit noch nicht auskenne, deshalb bitte ich Euch um Hilfe  MfG, Georg |
Baum-Darstellung