50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)

Benji1304 · 19.03.2012, 11:41

Hallo,
ich habe mir auf meinen Computer(Windows Vista Home Premium 64-bit) einen Virus/Trojaner eingefangen, der mein System blockiert, wobei der Bildschirm schwarz wird und in roter Schrift steht das mein System aus Sicherheitsgründen blockiert wurde und darunter ein Button auf dem steht, dass ich 50€ zahlen soll und dann etwas runterladen muss.
Da ich bereits einige Beiträge in diesem Forum dazu gefunden und gelesen habe, habe ich mir bereits OTL.exe heruntergeladen und es mit den Benutzerdefinierten Scans aus anderen Beiträge, die das gleiche Problem beschrieben haben, durchlaufen lassen.

Benutzerdefinierte Scans:

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Hier ist die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 19.03.2012 10:47:22 - Run 3
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Benjamin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,84 Gb Available Physical Memory | 85,50% Memory free
16,05 Gb Paging File | 15,26 Gb Available in Paging File | 95,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,97 Gb Total Space | 165,21 Gb Free Space | 18,02% Space Free | Partition Type: NTFS
Drive D: | 14,54 Gb Total Space | 2,00 Gb Free Space | 13,73% Space Free | Partition Type: NTFS
Drive L: | 1863,01 Gb Total Space | 1264,77 Gb Free Space | 67,89% Space Free | Partition Type: NTFS
 
Computer Name: BENJAMIN-PC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benjamin\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (usprserv) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DFSVC) -- C:\Program Files (x86)\T-Online\Dialerschutz-Software\DFInject64.exe (T-Systems International GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys (AnchorFree Inc)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0502000.00D\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (SipIMNDI) -- C:\Windows\SysNative\DRIVERS\SipIMNDI64.sys (T-Systems International GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (vcd9bus) -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys (H+H Software GmbH)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120316.005\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120302.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120317.009\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120317.009\ENG64.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (DFSYS) -- C:\Program Files (x86)\T-Online\Dialerschutz-Software\DFSYS64.sys (T-Systems International GmbH)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B37203BD-4CBD-42A1-A518-27C8484DF7F4}
IE:64bit: - HKLM\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {B37203BD-4CBD-42A1-A518-27C8484DF7F4}
IE - HKLM\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Benjamin\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:tabs
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {9C053F03-28C6-4FD3-9DC4-171DD703AE5E}
IE - HKCU\..\SearchScopes\{3FD8531F-DB80-44B5-B2BE-B01E05C99EDC}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{9C053F03-28C6-4FD3-9DC4-171DD703AE5E}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{A5580A13-A7DE-4BDC-B9B5-0A2A9E461C67}: "URL" = hxxp://romdata.buffed.de/?f={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{B37203BD-4CBD-42A1-A518-27C8484DF7F4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{E7CC65E8-77CD-4EA8-8B1B-27953AABC8AA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 1
FF - prefs.js..network.proxy.share_proxy_settings: true
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.10 21:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_6_3 [2012.03.18 10:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\info@allpremiumplay.info [2012.03.17 12:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 09:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.26 09:50:40 | 000,000,000 | ---D | M]
 
[2010.11.21 20:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Extensions
[2012.03.17 12:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions
[2011.06.25 16:22:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.16 15:52:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.25 16:22:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.06.25 16:22:28 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\DTToolbar@toolbarnet.com
[2012.03.17 12:16:20 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\info@allpremiumplay.info
[2011.12.19 01:05:49 | 000,000,000 | ---D | M] (Platinum Hide IP) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\extensions\support@platinumhideip.com
[2009.05.29 20:28:38 | 000,002,399 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\tfhqqyod.default\searchplugins\daemon-search.xml
[2012.03.07 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.07.04 21:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.29 19:59:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.18 21:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.05 10:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.10 21:32:52 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.26 09:50:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.26 09:50:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.26 09:50:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.26 09:50:32 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.26 09:50:32 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Benjamin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2010.04.21 20:03:53 | 000,000,967 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 	static3.cdn.ubi.com 
O1 - Hosts: 127.0.0.1 	ubisoft-orbit.s3.amazonaws.com 
O1 - Hosts: 127.0.0.1 	onlineconfigservice.ubi.com 
O1 - Hosts: 127.0.0.1 	orbitservice.ubi.com 
O1 - Hosts: 127.0.0.1 	ubisoft-orbit-savegames.s3.amazonaws.com 
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Codec-C Class) - {12C6811D-8E9B-48B7-93AE-1D40F8B9CD4D} - C:\ProgramData\Codec-C\bhoclass.dll (Injector)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Online\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Benjamin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SkypePM] C:\Users\Benjamin\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game14.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D96B4E8-CD7C-4D40-AF54-A2E1E309910C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.27 13:02:30 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2a60cb49-79b7-11de-b6fe-002354a3b226}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{2a60cb49-79b7-11de-b6fe-002354a3b226}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{b653b839-dc37-11df-8c4b-002354a3b226}\Shell\AutoRun\command - "" = M:\Setup.exe
O33 - MountPoints2\{e267771b-713c-11df-850c-002354a3b226}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vaaWA.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 09:52:48 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.03.17 12:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.03.17 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec-C
[2012.03.17 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Codec-C
[2012.03.17 12:16:12 | 000,000,000 | ---D | C] -- C:\codec-info
[2012.03.17 12:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.03.14 08:34:01 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 08:34:01 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 08:34:01 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 08:34:01 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 08:34:01 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 08:33:23 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 08:33:23 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.01 18:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012.03.01 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2012.02.29 09:24:53 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.02.29 08:06:05 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\SCE
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\Documents\*.tmp files -> C:\Users\Benjamin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 10:34:24 | 000,007,836 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2012.03.19 09:52:57 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012.03.19 09:38:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 10:57:03 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.03.18 10:56:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 10:56:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 10:56:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.18 10:48:28 | 014,776,434 | ---- | M] () -- C:\Users\Benjamin\Desktop\Chapter 03 - The Assassination Order.rar
[2012.03.18 10:27:17 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 03:00:58 | 000,002,512 | ---- | M] () -- C:\{F97A6DCC-9712-40B7-8EED-04B26216C1C5}
[2012.03.18 02:59:38 | 000,002,512 | ---- | M] () -- C:\{9856DA1A-5EA2-456D-AF20-3484B151C671}
[2012.03.18 00:55:20 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-742170127-2975432880-950054135-1000UA.job
[2012.03.17 21:55:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-742170127-2975432880-950054135-1000Core.job
[2012.03.14 22:18:27 | 000,334,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.03 09:40:08 | 001,743,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 09:40:08 | 000,736,736 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.03 09:40:08 | 000,697,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 09:40:08 | 000,168,994 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.03 09:40:08 | 000,143,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.01 23:10:53 | 000,000,966 | ---- | M] () -- C:\Users\Benjamin\Desktop\Mass Effect.lnk
[2012.03.01 08:31:16 | 000,002,576 | ---- | M] () -- C:\{9CB6C82E-6626-42A2-97C4-7CD2063C9E63}
[2012.02.29 09:24:54 | 000,002,160 | ---- | M] () -- C:\Users\Benjamin\Desktop\DC Universe Online Live.lnk
[2012.02.19 08:00:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Benjamin\Documents\*.tmp files -> C:\Users\Benjamin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 10:47:56 | 014,776,434 | ---- | C] () -- C:\Users\Benjamin\Desktop\Chapter 03 - The Assassination Order.rar
[2012.03.18 03:00:57 | 000,002,512 | ---- | C] () -- C:\{F97A6DCC-9712-40B7-8EED-04B26216C1C5}
[2012.03.18 02:59:37 | 000,002,512 | ---- | C] () -- C:\{9856DA1A-5EA2-456D-AF20-3484B151C671}
[2012.03.01 18:37:15 | 000,000,966 | ---- | C] () -- C:\Users\Benjamin\Desktop\Mass Effect.lnk
[2012.03.01 08:31:16 | 000,002,576 | ---- | C] () -- C:\{9CB6C82E-6626-42A2-97C4-7CD2063C9E63}
[2012.02.29 08:04:45 | 000,002,160 | ---- | C] () -- C:\Users\Benjamin\Desktop\DC Universe Online Live.lnk
[2012.02.29 08:04:45 | 000,002,052 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011.12.18 23:21:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.01 20:31:43 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\dvttrn.dll
[2011.10.10 09:48:23 | 000,007,836 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.27 11:35:59 | 000,001,940 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.07.24 19:26:52 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.04.25 13:50:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
 
========== LOP Check ==========
 
[2010.11.21 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2009.11.15 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Blitware
[2010.11.25 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Canon
[2010.02.28 17:32:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010.02.21 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.12.19 00:29:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\C__Users_Benjamin_AppData_Local_Temp_AutoHideIP.exe
[2011.01.23 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2011.08.21 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DisneyInteractiveStudios
[2011.11.04 12:13:33 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoft
[2011.11.04 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.03 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\elsterformular
[2011.06.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\gamigoGr
[2011.09.30 17:57:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Gatling Gears
[2011.07.29 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios
[2009.02.04 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ICQ
[2011.10.04 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ImgBurn
[2011.06.27 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\launcher
[2010.01.21 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Leadertech
[2011.05.29 16:42:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Lionhead Studios
[2010.11.23 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\LolClient
[2011.06.27 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Martial Empires Launcher
[2010.11.21 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\muvee Technologies
[2011.05.24 13:13:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenCandy
[2009.11.30 14:39:46 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PC Suite
[2011.12.19 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PlatinumHideIP
[2011.05.27 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ProtectDISC
[2011.09.01 07:31:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PunkBuster
[2010.02.18 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Red Alert 3
[2009.11.30 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Samsung
[2011.03.04 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Stardock
[2011.12.14 16:19:54 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tific
[2009.03.06 19:58:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TuneUp Software
[2011.12.19 00:06:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tunngle
[2011.12.10 22:03:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Ubisoft
[2012.03.18 10:57:03 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.01.02 02:50:27 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009.02.09 05:57:40 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.03.18 10:57:52 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.08 09:01:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.27 15:17:22 | 000,000,000 | ---D | M] -- C:\alaplaya
[2009.11.28 16:10:02 | 000,000,000 | ---D | M] -- C:\ATI
[2009.05.27 18:16:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.03.29 16:35:48 | 000,000,000 | ---D | M] -- C:\Canon
[2009.03.29 16:43:37 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.03.17 12:16:12 | 000,000,000 | ---D | M] -- C:\codec-info
[2009.02.04 22:37:02 | 000,000,000 | ---D | M] -- C:\CrashReport
[2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.02.04 18:52:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.17 09:14:05 | 000,000,000 | ---D | M] -- C:\Down
[2011.06.27 20:50:35 | 000,000,000 | ---D | M] -- C:\Gamigo
[2010.09.12 16:23:13 | 000,000,000 | ---D | M] -- C:\Gamplifier
[2011.12.27 15:08:20 | 000,000,000 | ---D | M] -- C:\gPotato.eu
[2009.11.28 16:47:32 | 000,000,000 | ---D | M] -- C:\GraphPap
[2009.02.09 04:52:37 | 000,000,000 | -H-D | M] -- C:\hp
[2009.02.04 18:55:45 | 000,000,000 | ---D | M] -- C:\Intel
[2012.03.02 10:42:18 | 000,000,000 | ---D | M] -- C:\Joymax
[2011.06.27 20:45:27 | 000,000,000 | ---D | M] -- C:\MAE
[2010.02.05 16:05:21 | 000,000,000 | ---D | M] -- C:\Manga
[2009.05.30 12:47:56 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.02 10:41:06 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.16 23:12:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.02 10:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.03.17 12:16:42 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.02.04 18:52:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.19 16:37:42 | 000,000,000 | ---D | M] -- C:\PWE
[2010.01.04 16:57:19 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.12.27 15:15:46 | 000,000,000 | ---D | M] -- C:\ROHAN_Blood_Feud
[2012.03.18 10:57:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.18 14:11:38 | 000,000,000 | ---D | M] -- C:\temp
[2009.02.04 18:52:22 | 000,000,000 | ---D | M] -- C:\Users
[2009.05.30 12:44:24 | 000,000,000 | ---D | M] -- C:\visio2k7
[2010.06.08 16:13:14 | 000,000,000 | ---D | M] -- C:\WeMade Entertainment
[2012.03.19 09:38:21 | 000,000,000 | ---D | M] -- C:\Windows
[2011.09.17 09:13:42 | 000,000,000 | ---D | M] -- C:\Windyzone
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.10.06 13:03:22 | 000,327,704 | ---- | M] (Intel Corporation) MD5=9FD8B9BBD067B0FCAABBEA166A794A4B -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.10.06 14:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\hp\DRIVERS\Intel_Storage\IaStor.sys
[2008.10.06 13:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.10.06 14:18:02 | 000,405,528 | ---- | M] (Intel Corporation) MD5=E411B4D01DE654CF1A4F8BCA28FA5076 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2009.09.10 16:38:04 | 000,005,221 | ---- | M] () -- C:\Users\Benjamin\1-8bc315f454677165.jpg
[2005.08.03 19:19:24 | 000,053,248 | ---- | M] (-) -- C:\Users\Benjamin\10TvHanoi30.exe
[2009.04.02 21:03:14 | 000,149,319 | ---- | M] () -- C:\Users\Benjamin\2009_04rechnung_4759064214.pdf
[2010.07.02 14:06:16 | 000,009,015 | ---- | M] () -- C:\Users\Benjamin\4FE5EB909E574BF1FFE6A9689B9DAF40.node2.pdf
[2009.01.10 11:31:56 | 000,029,184 | ---- | M] () -- C:\Users\Benjamin\=_ISO-8859-1_Q_Eigenpr=E4sentation.doc
[2010.12.06 17:05:54 | 002,911,190 | ---- | M] () -- C:\Users\Benjamin\AKAIO.1.8.1.rar
[2011.05.13 06:55:32 | 068,086,568 | ---- | M] (Petroglyph Games, Inc.) -- C:\Users\Benjamin\apppatch.exe
[2009.06.28 16:05:20 | 001,414,080 | ---- | M] (System SoftLab                                              ) -- C:\Users\Benjamin\artmoney730eng.exe
[2009.02.02 18:24:05 | 000,516,516 | ---- | M] () -- C:\Users\Benjamin\Aufgaben Klasse12 2 02 2009.zip
[2008.11.18 06:53:58 | 002,901,504 | ---- | M] () -- C:\Users\Benjamin\Bilderbogen_deutsch-deutsche_Geschichte.doc
[2005.08.03 20:44:20 | 000,053,248 | ---- | M] (-) -- C:\Users\Benjamin\bridges30.exe
[2011.05.24 13:12:38 | 005,296,197 | ---- | M] (Dark Byte                                                   ) -- C:\Users\Benjamin\CheatEngine60.exe
[2011.08.16 15:52:11 | 003,813,640 | ---- | M] () -- C:\Users\Benjamin\CMP_userEvocheats.rar
[2011.08.16 17:46:26 | 001,168,382 | ---- | M] () -- C:\Users\Benjamin\CMP_USRcheat.rar
[2010.04.15 13:18:02 | 001,432,064 | ---- | M] () -- C:\Users\Benjamin\Complete_Overheads_Grundkurs_2009_04_16.doc
[2011.05.24 12:15:41 | 011,193,664 | ---- | M] (DT Soft Ltd.) -- C:\Users\Benjamin\DTLite4402-0131.exe
[2011.03.08 14:38:49 | 000,020,098 | ---- | M] () -- C:\Users\Benjamin\Effektivrechner.rar
[2008.07.06 15:00:50 | 004,836,553 | ---- | M] () -- C:\Users\Benjamin\English-1.18.rar
[2011.06.11 20:47:25 | 001,941,160 | ---- | M] () -- C:\Users\Benjamin\evo-firmware-2.3.zip
[2010.04.10 09:19:30 | 000,481,019 | ---- | M] () -- C:\Users\Benjamin\EvoTools-1.0-BETA2.zip
[2011.05.09 10:42:24 | 000,215,552 | ---- | M] () -- C:\Users\Benjamin\exp pendel.doc
[2011.02.08 22:29:58 | 078,623,130 | ---- | M] () -- C:\Users\Benjamin\Final Fantasy XIII (PS3. Xbox 360) - English voice trailer.mp4
[2009.12.30 11:44:22 | 011,256,164 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Users\Benjamin\FreeYouTubeDownload.exe
[2011.11.04 12:10:41 | 015,184,088 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\Benjamin\FreeYouTubeToMP3Converter.exe
[2010.04.01 13:52:14 | 000,093,443 | ---- | M] (SteelBytes) -- C:\Users\Benjamin\HD_Speed.exe
[2010.07.24 19:36:27 | 000,000,124 | ---- | M] () -- C:\Users\Benjamin\Heroes of Might & Magic 5.txt
[2011.03.24 12:31:09 | 000,194,885 | ---- | M] () -- C:\Users\Benjamin\hjsplit3.zip
[2010.07.27 11:16:34 | 000,008,496 | ---- | M] () -- C:\Users\Benjamin\homm5save.zip
[2008.06.22 19:12:16 | 083,896,373 | ---- | M] () -- C:\Users\Benjamin\Longman Student Grammar of Spoken and Written English.pdf
[2012.03.19 10:47:13 | 004,194,304 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT
[2012.03.19 10:47:13 | 000,262,144 | -H-- | M] () -- C:\Users\Benjamin\ntuser.dat.LOG1
[2009.02.04 18:52:34 | 000,000,000 | -H-- | M] () -- C:\Users\Benjamin\ntuser.dat.LOG2
[2012.03.18 10:57:49 | 000,065,536 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2012.03.18 10:57:49 | 000,524,288 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2011.09.29 13:34:26 | 000,524,288 | -HS- | M] () -- C:\Users\Benjamin\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009.02.04 18:52:34 | 000,000,020 | -HS- | M] () -- C:\Users\Benjamin\ntuser.ini
[2008.06.02 13:53:14 | 000,000,068 | ---- | M] () -- C:\Users\Benjamin\PS2-Games.txt
[2009.09.02 12:10:35 | 000,000,016 | ---- | M] () -- C:\Users\Benjamin\RoM - Fertigkeitsstein.txt
[2009.05.30 14:40:57 | 000,000,219 | ---- | M] () -- C:\Users\Benjamin\RoM - Set der Musen Codes.txt
[2009.12.01 15:38:52 | 001,690,363 | ---- | M] () -- C:\Users\Benjamin\S5230WallpaperCreatorSetup_1_2.zip
[2008.07.06 14:49:10 | 012,483,784 | ---- | M] () -- C:\Users\Benjamin\Softwarepaket.rar
[2009.04.04 13:26:10 | 000,044,544 | ---- | M] () -- C:\Users\Benjamin\sonnenschwert2.doc
[2008.07.31 11:30:34 | 000,000,125 | ---- | M] () -- C:\Users\Benjamin\Spellforce Platinum Key.txt
[2009.03.29 17:06:30 | 000,000,000 | ---- | M] () -- C:\Users\Benjamin\Sti_Trace.log
[2010.08.02 14:22:34 | 329,227,285 | ---- | M] () -- C:\Users\Benjamin\TFU2_E3_720.mov
[2010.04.03 19:47:06 | 000,022,561 | ---- | M] () -- C:\Users\Benjamin\usa_flag.jpg
[2011.08.16 17:45:28 | 001,208,035 | ---- | M] () -- C:\Users\Benjamin\Wood_R4_v1.35_v2.7z
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Benjamin\Final Fantasy XIII (PS3. Xbox 360) - English voice trailer.mp4:TOC.WMV

< End of report >

und Extras.txt habe ich dem Anhang beigefügt, da der Platz in diesen Beitrag nicht gereicht hat.

Es ist Run 3, weil ich zuerst nach der Anleitung im OTL-Beitrag gegangen bin und mit Scan OTL durchlaufen ließ, danach aufgrund von einem anderen Beitrag im Forum mit Quick Scan OTL durchlaufen lassen, was allerdings keine Extras.txt ergab. Run 3 ist dann wieder mit den gleichen Einstellungen wie Run1 geschehen.
Ich hoffe das es soweit richtig war und das mir jemand bei meinem Problem helfen kann.

markusg · 19.03.2012, 11:53

hi
warum ist ubisoft in deiner hosts datei geblockt?
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
usw

Benji1304 · 19.03.2012, 12:02

Ich bin mir nicht sicher warum die geblockt sind, aber das genannte Problem trat vor 2 Tagen auf und ich habe schon eine ganze weile nichts mehr von Ubisoft installiert glaube ich jedenfalls.
Wenn es aber mit dem Problem zu tun haben könnte, kann ich versuchen das zu ändern, obwohl ich mir nicht mehr ganz sicher bin wann und wie ich das gemacht habe. Es müsste auf jeden Fall schon mindestens einen Monat zurückliegen oder mehr.

markusg · 19.03.2012, 12:04

sind deine ubisoft games legal erworben?

Benji1304 · 19.03.2012, 12:19

Ich besitze nicht alle installierten Spiele, da ich mir die meisten ausgeliehen hatte und später dann im Internet Offline-Lösungen ohne DVD gefunden habe, aber das hat bisher nie zu problemen geführt, da Norton immer alles Schädliche geblockt hat.
Übrigens habe ich Norton auch einmal einen Vollständigen Scan durchführen lassen, als ich den Computer einmal ohne Internetverbindung gestartet habe, wobei das Problem nicht gelöst wurde.

markusg · 19.03.2012, 13:07

ja, aber illegale versionen unterstützen wir hier nicht, da gibts nur hilfe beim formatieren und neu aufsetzen.
und, woher willst du wissen das norton 100 % aller schädlichen aktionen blocken konnte, dass kann kein programm.

19.03.2012, 11:53	#2
markusg /// Malware-holic	50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) hi warum ist ubisoft in deiner hosts datei geblockt? O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com usw __________________ __________________

19.03.2012, 12:04	#4
markusg /// Malware-holic	50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) sind deine ubisoft games legal erworben? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

19.03.2012, 13:07	#6
markusg /// Malware-holic	50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift) ja, aber illegale versionen unterstützen wir hier nicht, da gibts nur hilfe beim formatieren und neu aufsetzen. und, woher willst du wissen das norton 100 % aller schädlichen aktionen blocken konnte, dass kann kein programm. __________________ --> 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)

50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)

Log-Analyse und Auswertung: 50€-Virus/Trojaner(schwarzer Bildschirm mit roter Schrift)