Verschlüsselungs-Trojaner eingefangen
Habe mir heute versehentlich den Verschlüsselungs-Trojaner eingefangen!
Was kann ich tun? Benötige die Daten von der Festplatte dringend...!
Habe folgendes Thread gelesen: http://www.trojaner-board.de/115624-...-trojaner.html
Wie kann ich dies auf mich anwenden?
Hier mein Report von OTLPE:
OTL Logfile: Code:
OTL logfile created on: 6/4/2012 1:37:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 43.20 Gb Free Space | 14.49% Space Free | Partition Type: NTFS
Drive E: | 14.94 Gb Total Space | 14.63 Gb Free Space | 97.97% Space Free | Partition Type: NTFS
Drive G: | 200.33 Gb Total Space | 86.20 Gb Free Space | 43.03% Space Free | Partition Type: NTFS
Drive H: | 97.66 Gb Total Space | 4.50 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (TomTomHOMEService)
SRV - File not found [On_Demand] -- -- (Microsoft SharePoint Workspace Audit Service)
SRV - File not found [Auto] -- -- (MBAMService)
SRV - File not found [Auto] -- -- (frameworkPostgreSQL)
SRV - File not found [On_Demand] -- -- (DATEV Update-Service)
SRV - File not found [Auto] -- -- (ASLDRService)
SRV - File not found [Auto] -- -- (AAV UpdateService)
SRV - [2012/05/22 14:03:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- G:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/08 09:09:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 09:09:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 09:09:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- G:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/05 04:17:49 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- G:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/07 07:53:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/11 06:30:40 | 000,008,192 | ---- | M] () [Auto] -- G:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/27 04:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand] -- G:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/07 23:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto] -- G:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008/12/09 06:01:50 | 000,405,504 | R--- | M] () [Auto] -- G:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008/07/04 07:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- G:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - [2012/05/08 09:09:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:09:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- G:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 15:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 09:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- G:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/28 06:27:08 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/06/26 20:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- G:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- G:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- G:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/28 05:19:58 | 000,281,760 | ---- | M] () [Kernel | Auto] -- G:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/28 05:19:57 | 000,025,888 | ---- | M] () [Kernel | Auto] -- G:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/01/26 22:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- G:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/09 13:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- G:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/08 10:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- G:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/06 06:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 06:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 06:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 06:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/08/15 16:25:00 | 009,826,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/27 01:45:34 | 000,554,368 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- G:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2009/05/08 11:14:14 | 000,165,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- G:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/17 06:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/30 21:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand] -- G:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/02/14 11:13:34 | 000,045,136 | ---- | M] (MARX CryptoTech LP) [Kernel | On_Demand] -- G:\Windows\System32\drivers\CBUSB.sys -- (CBUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Sebastian_Roth_ON_G\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sebastian_Roth_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: G:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: G:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: G:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: G:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - G:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - G:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - G:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - G:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - G:\Program Files\Elf_1.15\prxtbElf_.dll (Conduit Ltd.)
O3 - HKU\Sebastian_Roth_ON_G\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] G:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] G:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] G:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] G:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] File not found
O4 - HKLM..\Run: [HControlUser] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [NvCplDaemon] G:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] G:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Sebastian_Roth_ON_G..\Run: [AdobeBridge] File not found
O4 - HKU\Sebastian_Roth_ON_G..\Run: [D2310B2B] G:\Users\Sebastian Roth\AppData\Roaming\Fgtauf\46A677BAD2310B2B2FA0.exe (Sporopo po po)
O4 - HKU\Sebastian_Roth_ON_G..\Run: [OfficeSyncProcess] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] File not found
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Sebastian_Roth_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - G:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/06/03 23:40:57 | 000,000,000 | ---D | C] -- G:\Windows\Microsoft-Support für
[2012/06/03 23:40:57 | 000,000,000 | ---D | C] -- G:\Windows\Microsoft Antimalware
[2012/06/03 11:01:21 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/03 11:00:10 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\Malwarebytes
[2012/06/03 11:00:04 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 11:00:03 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- G:\Windows\System32\drivers\mbam.sys
[2012/06/03 11:00:03 | 000,000,000 | ---D | C] -- G:\ProgramData\Malwarebytes
[2012/06/03 10:52:52 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- G:\Users\Sebastian Roth\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/03 10:41:04 | 000,000,000 | ---D | C] -- G:\Program Files\ESET
[2012/06/03 10:32:15 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/06/03 10:32:14 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\OpenCandy
[2012/06/03 09:14:26 | 000,000,000 | ---D | C] -- G:\Users\Sebastian Roth\AppData\Roaming\Fgtauf
[2012/05/10 04:56:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntkrnlpa.exe
[2012/05/10 04:56:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\ntoskrnl.exe
[2012/05/10 04:56:33 | 002,343,424 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\win32k.sys
[2012/05/10 04:55:16 | 001,077,248 | ---- | C] (Microsoft Corporation) -- G:\Windows\System32\DWrite.dll
[4 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/03 20:39:35 | 000,001,062 | ---- | M] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 20:37:25 | 000,001,110 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 20:36:01 | 2415,394,816 | -HS- | M] () -- G:\hiberfil.sys
[2012/06/03 17:31:45 | 010,557,634 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2012/06/03 17:31:45 | 003,336,368 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2012/06/03 17:31:45 | 000,349,252 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2012/06/03 17:31:45 | 000,060,734 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2012/06/03 12:08:05 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 12:08:05 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 11:01:21 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/03 11:00:04 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 10:58:32 | 099,308,192 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\avira_free_antivirus_de12001125.exe
[2012/06/03 10:52:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- G:\Users\Sebastian Roth\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/03 10:32:15 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/06/03 10:17:02 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 09:12:00 | 000,001,114 | ---- | M] () -- G:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 05:36:32 | 000,076,267 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_2.png
[2012/05/18 05:36:32 | 000,066,007 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_3.png
[2012/05/18 05:36:30 | 000,042,579 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_2.png
[2012/05/18 05:36:30 | 000,038,730 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_3.png
[2012/05/18 05:36:29 | 000,028,188 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_2_1.png
[2012/05/18 05:36:28 | 000,020,298 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\to_1_1.png
[2012/05/11 02:49:40 | 008,758,000 | ---- | M] () -- G:\Windows\System32\FNTCACHE.DAT
[2012/05/11 01:20:37 | 000,000,000 | ---D | M] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/08 09:09:19 | 000,137,928 | ---- | M] (Avira GmbH) -- G:\Windows\System32\drivers\avipbb.sys
[2012/05/08 09:09:19 | 000,083,392 | ---- | M] (Avira GmbH) -- G:\Windows\System32\drivers\avgntflt.sys
[2012/05/07 04:24:00 | 000,037,477 | ---- | M] () -- G:\Users\Sebastian Roth\Desktop\Wirtshaus Zum Adler - Bestellliste ASEO neu 04-2012 (1).pdf
[4 G:\Windows\*.tmp files -> G:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/03 10:28:40 | 099,308,192 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\avira_free_antivirus_de12001125.exe
[2012/05/18 06:57:34 | 000,066,007 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_3.png
[2012/05/18 06:57:31 | 000,076,267 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_2.png
[2012/05/18 06:57:28 | 000,028,188 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_2_1.png
[2012/05/18 05:37:52 | 000,038,730 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_3.png
[2012/05/18 05:37:47 | 000,042,579 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_2.png
[2012/05/18 05:37:42 | 000,020,298 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\to_1_1.png
[2012/05/07 04:24:00 | 000,037,477 | ---- | C] () -- G:\Users\Sebastian Roth\Desktop\Wirtshaus Zum Adler - Bestellliste ASEO neu 04-2012 (1).pdf
[2012/04/01 07:06:12 | 000,000,021 | ---- | C] () -- G:\Windows\DvInesKurusOleServer003.INI
[2012/04/01 07:05:30 | 000,000,110 | ---- | C] () -- G:\Windows\dvinesinstalllocation001.INI
[2012/04/01 07:05:27 | 000,000,110 | ---- | C] () -- G:\Windows\dvinesinstart001.INI
[2012/04/01 07:05:24 | 000,000,021 | ---- | C] () -- G:\Windows\Startup.INI
[2012/03/05 16:24:24 | 000,000,000 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\chrtmp
[2012/02/29 10:27:15 | 000,038,438 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- G:\Windows\System32\xlive.dll.cat
[2011/07/28 10:19:00 | 000,043,520 | ---- | C] () -- G:\Windows\System32\CmdLineExt03.dll
[2011/04/12 05:33:18 | 000,043,520 | ---- | C] () -- G:\Windows\System32\CBNDLL.DLL
[2011/03/22 11:19:42 | 000,000,102 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\fusioncache.dat
[2011/03/04 10:48:50 | 000,080,896 | ---- | C] () -- G:\Windows\System32\RDVGHelper.exe
[2011/03/04 10:48:23 | 000,252,928 | ---- | C] () -- G:\Windows\System32\DShowRdpFilter.dll
[2011/03/04 10:46:52 | 000,066,048 | ---- | C] () -- G:\Windows\System32\PrintBrmUi.exe
[2011/01/22 11:08:47 | 000,000,001 | ---- | C] () -- G:\Windows\System32\SI.bin
[2011/01/21 06:54:33 | 000,049,152 | R--- | C] () -- G:\Windows\System32\AVerIO.dll
[2011/01/21 06:54:33 | 000,003,456 | R--- | C] () -- G:\Windows\System32\AVerIO.sys
[2011/01/21 06:54:17 | 000,598,016 | R--- | C] () -- G:\Windows\System32\sptlib21.dll
[2011/01/21 06:54:17 | 000,294,912 | R--- | C] () -- G:\Windows\System32\sptlib11.dll
[2011/01/21 06:54:17 | 000,290,816 | R--- | C] () -- G:\Windows\System32\sptlib22.dll
[2011/01/21 06:54:17 | 000,249,856 | R--- | C] () -- G:\Windows\System32\sptlib03.dll
[2011/01/21 06:54:17 | 000,249,856 | R--- | C] () -- G:\Windows\System32\sptlib01.dll
[2011/01/21 06:54:17 | 000,225,280 | R--- | C] () -- G:\Windows\System32\sptlib02.dll
[2011/01/21 06:54:17 | 000,135,168 | R--- | C] () -- G:\Windows\System32\sptlib12.dll
[2011/01/19 08:56:39 | 000,000,000 | ---- | C] () -- G:\Windows\iPlayer.INI
[2010/08/11 06:49:42 | 001,481,728 | ---- | C] () -- G:\Windows\System32\LegitCheckControl.DLL
[2010/08/11 06:33:32 | 000,008,192 | ---- | C] () -- G:\Windows\System32\srvany.exe
[2010/06/25 04:45:29 | 000,005,632 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 08:39:26 | 000,009,324 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.EML
[2010/03/17 09:08:18 | 000,116,224 | ---- | C] () -- G:\Windows\System32\redmonnt.dll
[2010/03/17 09:08:18 | 000,045,056 | ---- | C] () -- G:\Windows\System32\unredmon.exe
[2010/03/11 05:59:38 | 002,434,856 | ---- | C] () -- G:\Windows\System32\pbsvc_bc2.exe
[2010/02/11 08:07:51 | 000,131,584 | ---- | C] () -- G:\Windows\System32\SpoonUninstall.exe
[2010/01/23 08:55:38 | 000,009,255 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Access 97-2003.EML
[2010/01/18 13:26:57 | 000,281,760 | ---- | C] () -- G:\Windows\System32\drivers\atksgt.sys
[2010/01/18 13:26:52 | 000,025,888 | ---- | C] () -- G:\Windows\System32\drivers\lirsgt.sys
[2010/01/14 17:02:06 | 000,139,128 | ---- | C] () -- G:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/14 17:02:06 | 000,138,056 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Roaming\PnkBstrK.sys
[2010/01/14 17:01:34 | 000,189,248 | ---- | C] () -- G:\Windows\System32\PnkBstrB.exe
[2010/01/14 17:01:32 | 000,794,408 | ---- | C] () -- G:\Windows\System32\pbsvc.exe
[2010/01/14 17:01:32 | 000,075,136 | ---- | C] () -- G:\Windows\System32\PnkBstrA.exe
[2010/01/10 18:22:19 | 000,000,520 | ---- | C] () -- G:\Windows\System32\drivers\SAMSFPA.DAT
[2010/01/10 15:45:37 | 000,162,304 | ---- | C] () -- G:\Windows\System32\ztvunrar36.dll
[2010/01/10 15:45:37 | 000,077,312 | ---- | C] () -- G:\Windows\System32\ztvunace26.dll
[2009/12/23 19:57:48 | 000,085,504 | ---- | C] () -- G:\Windows\System32\ff_vfw.dll
[2009/08/16 05:08:36 | 000,178,176 | ---- | C] () -- G:\Windows\System32\unrar.dll
[2009/07/14 04:47:43 | 010,557,634 | ---- | C] () -- G:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 003,336,368 | ---- | C] () -- G:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- G:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- G:\Windows\System32\perfd007.dat
[2009/07/14 01:42:24 | 000,000,350 | ---- | C] () -- G:\Windows\System32\AP6RMHV.BIN
[2009/07/14 01:42:24 | 000,000,252 | ---- | C] () -- G:\Windows\System32\AP6RMJX.BIN
[2009/07/14 01:42:24 | 000,000,252 | ---- | C] () -- G:\Windows\System32\AP6RMJH.BIN
[2009/07/14 01:42:24 | 000,000,238 | ---- | C] () -- G:\Windows\System32\AP6RMFP.BIN
[2009/07/14 01:42:24 | 000,000,189 | ---- | C] () -- G:\Windows\System32\AP6RMKS.BIN
[2009/07/14 01:42:24 | 000,000,126 | ---- | C] () -- G:\Windows\System32\AP6RMHR.BIN
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- G:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 008,758,000 | ---- | C] () -- G:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,349,252 | ---- | C] () -- G:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- G:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,060,734 | ---- | C] () -- G:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- G:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- G:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- G:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- G:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- G:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- G:\Windows\System32\mlang.dat
[2009/05/29 10:52:26 | 000,204,800 | ---- | C] () -- G:\Windows\System32\xvidvfw.dll
[2009/05/29 10:47:06 | 000,881,664 | ---- | C] () -- G:\Windows\System32\xvidcore.dll
[2008/06/23 08:02:02 | 000,097,410 | R--- | C] () -- G:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 12:48:50 | 000,020,270 | ---- | C] () -- G:\ProgramData\DeviceInstaller.xml
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- G:\Windows\AviSplitter.INI
[2007/01/15 03:19:16 | 000,016,473 | ---- | C] () -- G:\Windows\System32\SELF32.INI
[1999/12/20 16:35:00 | 000,042,796 | ---- | C] () -- G:\Windows\System32\4dmsg.dll
[1997/06/14 07:56:08 | 000,056,832 | ---- | C] () -- G:\Windows\System32\iyvu9_32.dll
[1601/02/13 04:28:18 | 000,139,776 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\jJVEgGqudeNspvfDO
[1601/02/13 04:28:18 | 000,000,600 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\uypOEeJjTsnDUqXxEefuT
[1601/02/13 04:28:18 | 000,000,083 | ---- | C] () -- G:\ProgramData\jjTafVJvLnlDtsNN
[1601/02/13 04:28:18 | 000,000,017 | ---- | C] () -- G:\Users\Sebastian Roth\AppData\Local\uTxgEfJjtrnUuqxg
========== LOP Check ==========
[2012/06/03 09:33:07 | 000,000,000 | ---D | M] -- G:\ProgramData\4D
[2011/03/01 10:52:32 | 000,000,000 | ---D | M] -- G:\ProgramData\AAV
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Application Data
[2011/01/21 09:39:59 | 000,000,000 | ---D | M] -- G:\ProgramData\AVerTV
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Documents
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Dokumente
[2010/10/22 10:14:52 | 000,000,000 | -HSD | M] -- G:\ProgramData\DSS
[2011/02/04 06:39:47 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Core
[2011/10/07 06:30:11 | 000,000,000 | ---D | M] -- G:\ProgramData\EA Logs
[2011/04/17 05:29:56 | 000,000,000 | ---D | M] -- G:\ProgramData\Electronic Arts
[2010/01/23 09:30:39 | 000,000,000 | ---D | M] -- G:\ProgramData\elsterformular
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Favorites
[2010/03/17 09:08:17 | 000,000,000 | ---D | M] -- G:\ProgramData\FreePDF
[2011/04/12 05:34:27 | 000,000,000 | ---D | M] -- G:\ProgramData\InkaOffice
[2010/01/28 15:41:03 | 000,000,000 | ---D | M] -- G:\ProgramData\Installations
[2011/10/11 15:35:11 | 000,000,000 | ---D | M] -- G:\ProgramData\KONAMI
[2010/01/28 15:59:56 | 000,000,000 | ---D | M] -- G:\ProgramData\OviInstallerCache
[2010/01/28 15:43:00 | 000,000,000 | ---D | M] -- G:\ProgramData\PC Suite
[2011/10/07 08:47:14 | 000,000,000 | ---D | M] -- G:\ProgramData\regid.1986-12.com.adobe
[2011/07/28 11:42:31 | 000,000,000 | ---D | M] -- G:\ProgramData\SlySoft
[2011/11/19 07:05:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Solidshield
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Start Menu
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Startmenü
[2012/06/03 10:18:52 | 000,000,000 | ---D | M] -- G:\ProgramData\Tages
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- G:\ProgramData\Templates
[2010/04/19 06:55:32 | 000,000,000 | ---D | M] -- G:\ProgramData\TomTom
[2011/03/23 08:23:38 | 000,000,000 | ---D | M] -- G:\ProgramData\Ubisoft
[2012/06/03 12:00:45 | 000,000,000 | ---D | M] -- G:\ProgramData\Vodafone
[2010/01/10 14:31:57 | 000,000,000 | -HSD | M] -- G:\ProgramData\Vorlagen
[2010/01/10 15:46:45 | 000,000,000 | ---D | M] -- G:\ProgramData\Win7codecs
[2010/06/22 03:52:54 | 000,000,000 | ---D | M] -- G:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/12 07:45:28 | 000,000,000 | ---D | M] -- G:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/02/24 05:01:48 | 000,032,632 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> G:\Windows:2B0FE20348CE5802
@Alternate Data Stream - 143 bytes -> G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> G:\Users\Sebastian Roth\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty
< End of report >
--- --- --- |
