| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows blockade durch Deutschlandflaggenvirus!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2012, 20:41
| #1 |
 |  Windows blockade durch Deutschlandflaggenvirus! Hallo, es geht um folgendes. Mein Pc funktioniert nicht mehr und zwar geht bei jedem Windows Start die Funktionsfähigkeit des Pcs verloren. Ein schwarzer Bildschirm erscheint und mir wird mitgeteilt, dass mein Windows blockiert aufgrund von besuchen auf Pornografischen Seiten etc... Nun hab ich mich schon ein bischen eingelesen, hab mir OTL von Oldtimer runtergeladen und es durch laufen lassen. Aber ich bekomme nur die OTL.txt datei rausgespuckt aber es wird immer noch von einer zweiten Textdatei gesprochen wo find ich die? Hier ist die OTL.txt Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2012 21:18:11 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\D&A\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,27 Gb Available Physical Memory | 87,93% Memory free 12,11 Gb Paging File | 11,58 Gb Available in Paging File | 95,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,86 Gb Total Space | 861,94 Gb Free Space | 94,01% Space Free | Partition Type: NTFS Computer Name: D-PC | User Name: D&A | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\D&A\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe () ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (GenericHidService) -- C:\Windows\SysNative\HidService.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GenericHidService) -- C:\Windows\SysWow64\HidService.exe (Packard Bell Services) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys () DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys () DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys () DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "www.Freeware-download.com Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "www.Freeware-download.com Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.21 22:09:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.21 22:09:06 | 000,000,000 | ---D | M] [2010.07.19 12:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D&A\AppData\Roaming\mozilla\Extensions [2012.03.23 00:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions [2010.07.21 15:00:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.02 22:21:53 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2010.10.21 22:03:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.03 22:37:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.02 22:21:52 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\engine@conduit.com [2011.05.03 22:37:32 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\engine@plasmoo.com [2012.03.08 23:42:56 | 000,000,000 | ---D | M] ("Facebook: Rosa Themen-Plugin") -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\pink@rosa-plugin.info [2012.03.08 23:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\pink@rosa-plugin.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-data [2012.03.08 23:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D&A\AppData\Roaming\mozilla\Firefox\Profiles\u1fye323.default\extensions\pink@rosa-plugin.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-lib [2010.10.24 22:56:34 | 000,000,953 | ---- | M] () -- C:\Users\D&A\AppData\Roaming\Mozilla\Firefox\Profiles\u1fye323.default\searchplugins\conduit.xml [2012.03.29 21:29:31 | 000,001,056 | ---- | M] () -- C:\Users\D&A\AppData\Roaming\Mozilla\Firefox\Profiles\u1fye323.default\searchplugins\icqplugin.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\D&A\AppData\Roaming\Mozilla\Firefox\Profiles\u1fye323.default\searchplugins\plasmoo.xml [2012.03.21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.16 15:37:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.21 15:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.05 19:26:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.11 00:56:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.11 00:56:00 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.11 00:56:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.11 00:56:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.11 00:56:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\D&A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\D&A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\D&A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4:64bit: - HKLM..\Run: [FijiKeyboard] c:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe (Packard Bell BV) O4:64bit: - HKLM..\Run: [FujiKeyboard] c:\Acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe File not found O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [SkypePM] C:\Users\D&A\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10zb_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\D&A\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\D&A\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAAB52CD-FBEE-4103-81F0-F7452C80D2EC}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWOW64\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Users\D&A\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\D&A\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.22 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\D&A\Desktop\an der ruhr [2012.03.16 15:37:18 | 000,000,000 | ---D | C] -- C:\Users\D&A\AppData\Roaming\Skype [2012.03.16 15:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.16 15:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.16 15:37:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.03.16 15:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.03.15 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\D&A\Desktop\Originals [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.30 21:16:12 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.30 21:16:12 | 000,627,756 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.30 21:16:12 | 000,595,386 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.30 21:16:12 | 000,125,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.30 21:16:12 | 000,103,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.30 21:11:58 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.03.30 21:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 21:08:00 | 000,116,297 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.03.30 21:07:59 | 000,116,297 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.03.30 21:06:58 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.30 21:06:43 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 21:06:43 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.23 20:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.23 13:06:55 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.03.22 23:52:22 | 000,000,892 | ---- | M] () -- C:\Users\D&A\Documents\unterschiede.rtf [2012.03.22 22:52:40 | 000,002,331 | ---- | M] () -- C:\Users\D&A\Documents\mobbertypen.rtf [2012.03.22 21:00:26 | 000,000,602 | ---- | M] () -- C:\Users\D&A\AppData\Roaming\wklnhst.dat [2012.03.22 19:51:29 | 000,026,184 | ---- | M] () -- C:\Users\D&A\Desktop\22032012924.jpg [2012.03.22 15:32:50 | 000,022,746 | ---- | M] () -- C:\Users\D&A\Desktop\22032012925.jpg [2012.03.22 15:32:12 | 000,028,885 | ---- | M] () -- C:\Users\D&A\Desktop\22032012923.jpg [2012.03.22 15:32:00 | 000,028,791 | ---- | M] () -- C:\Users\D&A\Desktop\22032012922.jpg [2012.03.22 15:31:48 | 000,020,981 | ---- | M] () -- C:\Users\D&A\Desktop\22032012921.jpg [2012.03.22 15:26:58 | 000,025,714 | ---- | M] () -- C:\Users\D&A\Desktop\22032012919.jpg [2012.03.22 15:26:48 | 000,028,004 | ---- | M] () -- C:\Users\D&A\Desktop\22032012918.jpg [2012.03.22 15:21:24 | 000,021,032 | ---- | M] () -- C:\Users\D&A\Desktop\22032012917.jpg [2012.03.22 15:19:32 | 000,029,227 | ---- | M] () -- C:\Users\D&A\Desktop\22032012915.jpg [2012.03.22 15:19:22 | 000,030,867 | ---- | M] () -- C:\Users\D&A\Desktop\22032012914.jpg [2012.03.22 15:19:08 | 000,019,502 | ---- | M] () -- C:\Users\D&A\Desktop\22032012913.jpg [2012.03.22 15:18:54 | 000,019,382 | ---- | M] () -- C:\Users\D&A\Desktop\22032012912.jpg [2012.03.22 15:18:28 | 000,025,586 | ---- | M] () -- C:\Users\D&A\Desktop\22032012911.jpg [2012.03.22 15:16:16 | 000,019,533 | ---- | M] () -- C:\Users\D&A\Desktop\22032012910.jpg [2012.03.22 15:15:32 | 000,024,758 | ---- | M] () -- C:\Users\D&A\Desktop\22032012908.jpg [2012.03.22 15:14:06 | 001,323,497 | ---- | M] () -- C:\Users\D&A\Desktop\22032012907.jpg [2012.03.22 15:13:44 | 001,120,985 | ---- | M] () -- C:\Users\D&A\Desktop\22032012906.jpg [2012.03.22 15:13:28 | 000,724,524 | ---- | M] () -- C:\Users\D&A\Desktop\22032012905.jpg [2012.03.22 15:09:54 | 000,023,333 | ---- | M] () -- C:\Users\D&A\Desktop\22032012904.jpg [2012.03.22 15:09:36 | 000,024,951 | ---- | M] () -- C:\Users\D&A\Desktop\22032012903.jpg [2012.03.22 15:06:48 | 000,019,570 | ---- | M] () -- C:\Users\D&A\Desktop\22032012902.jpg [2012.03.21 16:21:34 | 000,024,575 | ---- | M] () -- C:\Users\D&A\Desktop\21032012893.jpg [2012.03.21 16:05:26 | 000,019,364 | ---- | M] () -- C:\Users\D&A\Desktop\21032012891.jpg [2012.03.21 16:05:12 | 000,018,626 | ---- | M] () -- C:\Users\D&A\Desktop\21032012890.jpg [2012.03.21 16:05:06 | 000,019,522 | ---- | M] () -- C:\Users\D&A\Desktop\21032012889.jpg [2012.03.21 16:04:58 | 000,017,529 | ---- | M] () -- C:\Users\D&A\Desktop\21032012888.jpg [2012.03.21 16:04:42 | 000,017,248 | ---- | M] () -- C:\Users\D&A\Desktop\21032012887.jpg [2012.03.21 16:04:28 | 000,015,890 | ---- | M] () -- C:\Users\D&A\Desktop\21032012886.jpg [2012.03.21 16:04:02 | 000,015,346 | ---- | M] () -- C:\Users\D&A\Desktop\21032012885.jpg [2012.03.21 16:03:54 | 000,019,062 | ---- | M] () -- C:\Users\D&A\Desktop\21032012884.jpg [2012.03.21 09:35:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.03.21 09:35:35 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.03.20 22:59:14 | 000,183,296 | -H-- | M] () -- C:\Users\D&A\Desktop\photothumb.db [2012.03.20 19:36:46 | 000,001,000 | ---- | M] () -- C:\Users\D&A\Documents\base kündigung.rtf [2012.03.20 11:14:22 | 000,028,003 | ---- | M] () -- C:\Users\D&A\Desktop\20032012880.jpg [2012.03.20 11:14:08 | 000,023,165 | ---- | M] () -- C:\Users\D&A\Desktop\20032012879.jpg [2012.03.20 11:13:16 | 000,028,699 | ---- | M] () -- C:\Users\D&A\Desktop\20032012877.jpg [2012.03.20 11:12:24 | 000,030,400 | ---- | M] () -- C:\Users\D&A\Desktop\20032012876.jpg [2012.03.20 11:12:04 | 000,027,725 | ---- | M] () -- C:\Users\D&A\Desktop\20032012875.jpg [2012.03.20 11:11:42 | 000,028,283 | ---- | M] () -- C:\Users\D&A\Desktop\20032012874.jpg [2012.03.20 11:11:22 | 000,028,084 | ---- | M] () -- C:\Users\D&A\Desktop\20032012873.jpg [2012.03.20 11:10:54 | 000,025,920 | ---- | M] () -- C:\Users\D&A\Desktop\20032012871.jpg [2012.03.20 11:10:26 | 000,025,567 | ---- | M] () -- C:\Users\D&A\Desktop\20032012870.jpg [2012.03.20 11:10:12 | 000,025,585 | ---- | M] () -- C:\Users\D&A\Desktop\20032012869.jpg [2012.03.16 15:37:07 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.15 19:43:40 | 001,325,754 | ---- | M] () -- C:\Users\D&A\Desktop\15032012849.jpg [2012.03.15 17:50:28 | 001,439,530 | ---- | M] () -- C:\Users\D&A\Desktop\15032012855.jpg [2012.03.15 17:49:04 | 001,408,884 | ---- | M] () -- C:\Users\D&A\Desktop\15032012853.jpg [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.30 21:11:58 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.03.22 23:52:22 | 000,000,892 | ---- | C] () -- C:\Users\D&A\Documents\unterschiede.rtf [2012.03.22 22:52:40 | 000,002,331 | ---- | C] () -- C:\Users\D&A\Documents\mobbertypen.rtf [2012.03.22 19:51:29 | 000,026,184 | ---- | C] () -- C:\Users\D&A\Desktop\22032012924.jpg [2012.03.22 19:42:28 | 000,022,746 | ---- | C] () -- C:\Users\D&A\Desktop\22032012925.jpg [2012.03.22 19:42:27 | 000,028,885 | ---- | C] () -- C:\Users\D&A\Desktop\22032012923.jpg [2012.03.22 19:42:27 | 000,028,791 | ---- | C] () -- C:\Users\D&A\Desktop\22032012922.jpg [2012.03.22 19:42:27 | 000,025,714 | ---- | C] () -- C:\Users\D&A\Desktop\22032012919.jpg [2012.03.22 19:42:27 | 000,020,981 | ---- | C] () -- C:\Users\D&A\Desktop\22032012921.jpg [2012.03.22 19:42:26 | 000,030,867 | ---- | C] () -- C:\Users\D&A\Desktop\22032012914.jpg [2012.03.22 19:42:26 | 000,029,227 | ---- | C] () -- C:\Users\D&A\Desktop\22032012915.jpg [2012.03.22 19:42:26 | 000,028,004 | ---- | C] () -- C:\Users\D&A\Desktop\22032012918.jpg [2012.03.22 19:42:26 | 000,021,032 | ---- | C] () -- C:\Users\D&A\Desktop\22032012917.jpg [2012.03.22 19:42:26 | 000,019,502 | ---- | C] () -- C:\Users\D&A\Desktop\22032012913.jpg [2012.03.22 19:42:25 | 000,025,586 | ---- | C] () -- C:\Users\D&A\Desktop\22032012911.jpg [2012.03.22 19:42:25 | 000,024,758 | ---- | C] () -- C:\Users\D&A\Desktop\22032012908.jpg [2012.03.22 19:42:25 | 000,019,533 | ---- | C] () -- C:\Users\D&A\Desktop\22032012910.jpg [2012.03.22 19:42:25 | 000,019,382 | ---- | C] () -- C:\Users\D&A\Desktop\22032012912.jpg [2012.03.22 19:42:24 | 001,323,497 | ---- | C] () -- C:\Users\D&A\Desktop\22032012907.jpg [2012.03.22 19:42:24 | 001,120,985 | ---- | C] () -- C:\Users\D&A\Desktop\22032012906.jpg [2012.03.22 19:42:24 | 000,724,524 | ---- | C] () -- C:\Users\D&A\Desktop\22032012905.jpg [2012.03.22 19:42:23 | 000,024,951 | ---- | C] () -- C:\Users\D&A\Desktop\22032012903.jpg [2012.03.22 19:42:23 | 000,023,333 | ---- | C] () -- C:\Users\D&A\Desktop\22032012904.jpg [2012.03.22 19:42:23 | 000,019,570 | ---- | C] () -- C:\Users\D&A\Desktop\22032012902.jpg [2012.03.21 17:41:56 | 000,017,529 | ---- | C] () -- C:\Users\D&A\Desktop\21032012888.jpg [2012.03.21 17:41:55 | 000,019,522 | ---- | C] () -- C:\Users\D&A\Desktop\21032012889.jpg [2012.03.21 17:41:55 | 000,019,364 | ---- | C] () -- C:\Users\D&A\Desktop\21032012891.jpg [2012.03.21 17:41:55 | 000,018,626 | ---- | C] () -- C:\Users\D&A\Desktop\21032012890.jpg [2012.03.21 17:41:54 | 000,024,575 | ---- | C] () -- C:\Users\D&A\Desktop\21032012893.jpg [2012.03.21 17:41:54 | 000,019,062 | ---- | C] () -- C:\Users\D&A\Desktop\21032012884.jpg [2012.03.21 17:41:54 | 000,017,248 | ---- | C] () -- C:\Users\D&A\Desktop\21032012887.jpg [2012.03.21 17:41:54 | 000,015,890 | ---- | C] () -- C:\Users\D&A\Desktop\21032012886.jpg [2012.03.21 17:41:54 | 000,015,346 | ---- | C] () -- C:\Users\D&A\Desktop\21032012885.jpg [2012.03.20 19:40:08 | 000,028,084 | ---- | C] () -- C:\Users\D&A\Desktop\20032012873.jpg [2012.03.20 19:40:08 | 000,025,920 | ---- | C] () -- C:\Users\D&A\Desktop\20032012871.jpg [2012.03.20 19:40:08 | 000,025,585 | ---- | C] () -- C:\Users\D&A\Desktop\20032012869.jpg [2012.03.20 19:40:08 | 000,025,567 | ---- | C] () -- C:\Users\D&A\Desktop\20032012870.jpg [2012.03.20 19:40:07 | 000,030,400 | ---- | C] () -- C:\Users\D&A\Desktop\20032012876.jpg [2012.03.20 19:40:07 | 000,028,699 | ---- | C] () -- C:\Users\D&A\Desktop\20032012877.jpg [2012.03.20 19:40:07 | 000,028,283 | ---- | C] () -- C:\Users\D&A\Desktop\20032012874.jpg [2012.03.20 19:40:07 | 000,028,003 | ---- | C] () -- C:\Users\D&A\Desktop\20032012880.jpg [2012.03.20 19:40:07 | 000,027,725 | ---- | C] () -- C:\Users\D&A\Desktop\20032012875.jpg [2012.03.20 19:40:07 | 000,023,165 | ---- | C] () -- C:\Users\D&A\Desktop\20032012879.jpg [2012.03.16 15:37:07 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.15 19:25:12 | 001,325,754 | ---- | C] () -- C:\Users\D&A\Desktop\15032012849.jpg [2012.03.15 19:17:38 | 001,439,530 | ---- | C] () -- C:\Users\D&A\Desktop\15032012855.jpg [2012.03.15 19:17:37 | 001,408,884 | ---- | C] () -- C:\Users\D&A\Desktop\15032012853.jpg [2012.01.23 22:46:04 | 000,000,602 | ---- | C] () -- C:\Users\D&A\AppData\Roaming\wklnhst.dat [2011.08.02 14:26:09 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.08.02 14:26:09 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2010.12.02 22:55:43 | 000,005,632 | ---- | C] () -- C:\Users\D&A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.02 22:55:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.12.02 22:44:31 | 000,005,002 | ---- | C] () -- C:\ProgramData\amjmwaey.gaf [2010.12.02 22:28:46 | 000,000,067 | ---- | C] () -- C:\Windows\My Video Converter.INI [2010.10.16 14:06:38 | 000,000,552 | ---- | C] () -- C:\Users\D&A\AppData\Local\d3d8caps.dat [2010.10.16 13:43:54 | 000,164,303 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.10.16 13:43:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.09.03 11:36:12 | 000,000,680 | ---- | C] () -- C:\Users\D&A\AppData\Local\d3d9caps.dat [2010.07.19 23:28:25 | 000,116,297 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.07.19 23:28:22 | 000,116,297 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.07.19 15:43:23 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.19 15:43:19 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.19 12:59:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.07.19 12:59:47 | 000,008,452 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.07.19 12:18:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.19 12:14:26 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini ========== LOP Check ========== [2011.08.04 17:10:14 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\DVDVideoSoft [2011.05.03 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.02 22:28:48 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\GetRightToGo [2011.11.21 14:29:20 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\ICQ [2010.12.06 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\Image Zone Express [2010.12.02 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\PC Suite [2012.01.12 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\PhotoScape [2010.12.06 19:00:27 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\Printer Info Cache [2010.12.02 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\Samsung [2010.10.21 16:42:45 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\SharePod [2012.01.23 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\Template [2010.07.30 23:07:31 | 000,000,000 | ---D | M] -- C:\Users\D&A\AppData\Roaming\TS3Client [2012.03.30 21:11:58 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.03.30 08:03:34 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.07.19 13:01:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.07.19 12:15:46 | 000,000,000 | -H-D | M] -- C:\ACER [2009.01.22 17:09:10 | 000,000,000 | -HSD | M] -- C:\Boot [2012.03.16 15:37:27 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.07.19 12:55:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.12.05 17:52:17 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.10.06 20:53:01 | 000,000,000 | -HSD | M] -- C:\found.001 [2010.12.02 22:54:29 | 000,000,000 | ---D | M] -- C:\Movavi files [2009.01.22 09:37:37 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.07.19 23:22:46 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.21 14:46:55 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.16 15:37:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.16 15:37:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.07.19 12:55:45 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.23 07:28:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.02 22:21:55 | 000,000,000 | R--D | M] -- C:\Users [2011.11.21 14:37:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] () MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SysNative\user32.dll [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.12.08 00:41:20 | 005,079,168 | ---- | M] () -- C:\Users\D&A\!FULL! _HQ_ Kay One - Bitte vergiss mich nicht (feat. Philippe Heithier) CD QUALITÄT!.mp3 [2010.07.19 12:14:15 | 000,001,024 | ---- | M] () -- C:\Users\D&A\.rnd [2010.11.21 16:22:59 | 005,245,056 | ---- | M] () -- C:\Users\D&A\4 THE CAUSE - Stand By Me.mp3 [2010.10.26 13:54:24 | 004,919,424 | ---- | M] () -- C:\Users\D&A\A.R. Rahman Und The Pussycat Dolls - Jai Ho (You Are My Destiny)- Ysp.mp3 [2010.11.17 00:08:39 | 006,160,512 | ---- | M] () -- C:\Users\D&A\Aaliyah ft. Toni Braxton-'He Wasent Man Enough For Me'(NO COPYRIGHT INTENDED).mp3 [2010.11.17 00:41:42 | 002,717,824 | ---- | M] () -- C:\Users\D&A\Addicted To You - Vaibhav (NEW RnB 2010).mp3 [2010.12.17 01:59:15 | 003,215,488 | ---- | M] () -- C:\Users\D&A\Akon - Angel.mp3 [2011.01.28 00:06:14 | 005,451,904 | ---- | M] () -- C:\Users\D&A\AKoN - BoDY BoUNCe ( 2011 NeW SoNG ).mp3 [2011.01.29 20:51:49 | 005,603,456 | ---- | M] () -- C:\Users\D&A\Akon ft. Tay Dizm - Dream Girl [OFFICIAL VIDEO].mp3 [2011.02.18 23:30:38 | 000,002,089 | -HS- | M] () -- C:\Users\D&A\AlbumArtSmall.jpg [2010.12.07 00:08:10 | 003,729,536 | ---- | M] () -- C:\Users\D&A\Alicia Keys - Doesn't Mean Anything.mp3 [2010.12.07 00:13:52 | 004,958,336 | ---- | M] () -- C:\Users\D&A\Alicia Keys Empire State Of Mind Part II.mp3 [2010.11.17 00:44:56 | 004,173,952 | ---- | M] () -- C:\Users\D&A\All My Love - Stevie Hoang.mp3 [2010.10.26 14:05:04 | 004,673,664 | ---- | M] () -- C:\Users\D&A\Ambitious - Gibt Es Dich (Frauenantwort).mp3 [2010.12.16 00:07:18 | 005,677,184 | ---- | M] () -- C:\Users\D&A\Amr Diab - Osad Einy (New RnB 2010 ; Arab Music).mp3 [2010.12.15 23:56:31 | 005,468,288 | ---- | M] () -- C:\Users\D&A\Arabic RnB.mp3 [2010.11.17 00:11:43 | 003,487,872 | ---- | M] () -- C:\Users\D&A\Aventura_ Obsesion.mp3 [2010.11.17 01:01:37 | 003,948,672 | ---- | M] () -- C:\Users\D&A\Babysteps - Varsity.mp3 [2010.12.15 21:21:08 | 003,293,312 | ---- | M] () -- C:\Users\D&A\Band Aid - Do They Know its Christmas 1984.mp3 [2010.12.08 23:39:50 | 003,932,288 | ---- | M] () -- C:\Users\D&A\Beyonce - Crazy in Love (feat. Jay-Z).mp3 [2010.11.04 23:49:11 | 005,406,848 | ---- | M] () -- C:\Users\D&A\Beyonce-Why don't you love me.mp3 [2011.01.26 11:12:23 | 004,581,504 | ---- | M] () -- C:\Users\D&A\Brandy & Monica vs Dru Hill (So So Def) - The Boy Is Mine (DJ Syxx Remix).mp3 [2010.11.17 00:58:36 | 003,033,216 | ---- | M] () -- C:\Users\D&A\Breez. E - Tired Of Being The One [with Lyrics].mp3 [2010.12.17 01:56:25 | 004,923,520 | ---- | M] () -- C:\Users\D&A\Brian McKnight- used to be my girl.mp3 [2011.01.27 19:38:09 | 004,329,600 | ---- | M] () -- C:\Users\D&A\Bruno Mars - Grenade [Official Music Video].mp3 [2010.11.13 23:35:49 | 003,655,808 | ---- | M] () -- C:\Users\D&A\Bruno Mars-Just The Way You Are With Lyrics.mp3 [2010.11.21 16:18:17 | 004,812,928 | ---- | M] () -- C:\Users\D&A\Casely - Sweat (Feat. Lil Jon & Machel Montano) NEW 2010.mp3 [2010.12.07 22:17:31 | 003,625,088 | ---- | M] () -- C:\Users\D&A\Cassidy - Hotel (feat. R. Kelly) [LYRICS].mp3 [2010.12.07 23:59:41 | 004,939,904 | ---- | M] () -- C:\Users\D&A\Cassie - Must Be Love Official Remix Feat Busta Rhymes. Day26 & Redcafe.mp3 [2010.11.02 15:59:44 | 004,102,272 | ---- | M] () -- C:\Users\D&A\Cheryl Cole - Fight For This Love (Official Video).mp3 [2011.03.16 21:31:14 | 002,691,200 | ---- | M] () -- C:\Users\D&A\Chris Brown - Yeah 3x.mp3 [2011.01.27 23:49:40 | 005,134,464 | ---- | M] () -- C:\Users\D&A\chris brown- up in the sky- NEW SONG FOR 2011 ONLY PROMO (with Lyrics).mp3 [2010.12.07 23:03:34 | 004,352,128 | ---- | M] () -- C:\Users\D&A\Christina Aguilera & Ricky Martin - Nobody Wants To Be Lonely (Live @ Top Of The Pops).mp3 [2010.12.06 22:48:18 | 003,750,016 | ---- | M] () -- C:\Users\D&A\Christina Aguilera - Candyman [HQ].mp3 [2010.12.09 00:02:44 | 003,946,624 | ---- | M] () -- C:\Users\D&A\Christina Aguilera - Genie In A Bottle (Remix).mp3 [2010.12.06 22:13:04 | 004,900,992 | ---- | M] () -- C:\Users\D&A\Christina Aguilera Fighter HD English Lyrics + Subtitulado.mp3 [2010.12.02 21:37:06 | 004,831,360 | ---- | M] () -- C:\Users\D&A\Christina Aguilera ft Missy Elliot - Car Wash [1080pHD].mp3 [2010.12.06 22:43:48 | 004,114,560 | ---- | M] () -- C:\Users\D&A\Christina Aguilera You Lost Me HD English Lyrics + Subtitulado.mp3 [2010.12.09 18:12:22 | 005,247,104 | ---- | M] () -- C:\Users\D&A\Christina Aguilera. Dirrty live HQ.mp3 [2010.11.04 23:57:34 | 005,081,216 | ---- | M] () -- C:\Users\D&A\christina milian - get away.mp3 [2010.11.17 00:52:35 | 003,833,984 | ---- | M] () -- C:\Users\D&A\Christopher Finnesse - Sympathy.mp3 [2011.02.14 00:25:24 | 003,475,584 | ---- | M] () -- C:\Users\D&A\Cindy Sanyu ft. P Square - You & Me.mp3 [2011.02.15 00:02:32 | 002,859,136 | ---- | M] () -- C:\Users\D&A\ClaKing - Alles für mich feat. MC Amino & Grebush.mp3 [2011.02.15 00:09:10 | 002,902,144 | ---- | M] () -- C:\Users\D&A\ClaKing - In dich verliebt.mp3 [2011.02.15 00:04:13 | 002,656,384 | ---- | M] () -- C:\Users\D&A\ClaKing - Zweite Chance.mp3 [2010.11.17 00:56:00 | 003,606,656 | ---- | M] () -- C:\Users\D&A\Claude Kelly - Forever (with Lyrics).mp3 [2010.11.14 23:17:40 | 003,833,984 | ---- | M] () -- C:\Users\D&A\Cuban Link - My Lady.mp3 [2010.11.11 19:17:59 | 003,811,456 | ---- | M] () -- C:\Users\D&A\Culcha Candela - Monsta (Best Quality).mp3 [2010.12.09 23:51:57 | 003,659,904 | ---- | M] () -- C:\Users\D&A\Daddy Yankee. Jowell y Randy Bailando Fue ORIGINAL 2009 (Www.FlowSinControl.Com).mp3 [2010.10.21 22:26:40 | 003,889,280 | ---- | M] () -- C:\Users\D&A\Dj Memo vs.Sexy Cherry-Orient Raggea(Remix)[www.MUSIC-SOUNDZ.com].mp3 [2010.10.21 23:02:41 | 003,489,920 | ---- | M] () -- C:\Users\D&A\Drake - Find Your Love (Lyrics).mp3 [2011.02.13 00:39:51 | 002,711,680 | ---- | M] () -- C:\Users\D&A\Du kannst Mich nicht einfach so zurück lassen....mp3 [2010.11.11 19:38:47 | 004,139,136 | ---- | M] () -- C:\Users\D&A\Edward Maya - Stereo Love.mp3 [2010.10.21 23:17:02 | 005,005,440 | ---- | M] () -- C:\Users\D&A\Enrique Iglesias - I Like It ( ft. Pitbull ) + [LYRICS ON SCREEN] - HQ_HD.mp3 [2010.12.01 23:56:05 | 003,059,840 | ---- | M] () -- C:\Users\D&A\Es ist aus - Gib mir mein Herz zurück.mp3 [2010.11.14 23:32:23 | 004,092,032 | ---- | M] () -- C:\Users\D&A\Eseno - Why Oh Why.mp3 [2010.11.05 00:01:12 | 004,042,880 | ---- | M] () -- C:\Users\D&A\Fabolous feat Tamia So Into You (HD).mp3 [2010.11.02 20:09:16 | 004,821,120 | ---- | M] () -- C:\Users\D&A\Far East Movement - Like a G6.mp3 [2010.12.06 01:04:27 | 003,750,016 | ---- | M] () -- C:\Users\D&A\FARD - DU WiLLST FORT ' ALTER EGO '.mp3 [2010.11.04 23:52:54 | 005,197,952 | ---- | M] () -- C:\Users\D&A\Fat Joe ft. Ashanti - Whats Luv (Official music video).mp3 [2011.03.13 15:34:31 | 004,114,560 | ---- | M] () -- C:\Users\D&A\Flo Rida - Turn Around 5.4.3.2.1.mp3 [2011.02.18 23:30:38 | 000,008,904 | -HS- | M] () -- C:\Users\D&A\Folder.jpg [2011.02.15 00:26:49 | 004,309,120 | ---- | M] () -- C:\Users\D&A\Forever-J-lie feat LaRon.mp3 [2010.12.14 18:41:31 | 004,903,040 | ---- | M] () -- C:\Users\D&A\Ginuwine's 'Last Chance' - HipHollywood.com.mp3 [2011.02.13 00:37:12 | 005,795,968 | ---- | M] () -- C:\Users\D&A\Glashaus - Wenn das Liebe ist (Lyric).mp3 [2010.10.22 20:40:45 | 004,135,040 | ---- | M] () -- C:\Users\D&A\Gloria Estefan - Conga (John Revox 2010 Radio Mix).mp3 [2010.12.01 23:10:31 | 004,173,952 | ---- | M] () -- C:\Users\D&A\Goodfellaz Delil & Jiyan feat Erdal & Berivan - Yaramin.mp3 [2010.10.24 19:12:35 | 004,190,336 | ---- | M] () -- C:\Users\D&A\Honorebel ft Pitbull & Jump Smokers - Now You See It [Off Video HD].mp3 [2011.03.10 07:27:27 | 003,647,616 | ---- | M] () -- C:\Users\D&A\HURTS - Stay (Kokowääh Soundtrack).mp3 [2010.11.17 00:33:55 | 003,604,608 | ---- | M] () -- C:\Users\D&A\I Got Time - Bobby Tinsley __ Old But Gold.mp3 [2010.11.14 18:49:20 | 005,093,504 | ---- | M] () -- C:\Users\D&A\I Swear - All 4 One.mp3 [2010.10.21 22:34:24 | 004,190,336 | ---- | M] () -- C:\Users\D&A\Inner Circle - Sweat (A La La La Long) [Reggae1008].mp3 [2011.02.15 00:31:35 | 003,424,384 | ---- | M] () -- C:\Users\D&A\Israel ft. Slim - Unperfect Love (2007).mp3 [2010.10.21 22:38:53 | 002,928,768 | ---- | M] () -- C:\Users\D&A\Ivory Coast - Magic System & 113 - Un Gaou Oran.mp3 [2010.10.22 20:32:34 | 004,372,608 | ---- | M] () -- C:\Users\D&A\J Holiday - Fall.mp3 [2010.10.22 20:27:26 | 004,438,144 | ---- | M] () -- C:\Users\D&A\J. Blue - Love Is A Miracle (with DL).mp3 [2011.02.28 18:04:00 | 002,529,408 | ---- | M] () -- C:\Users\D&A\Jay Sean - Maybe.mp3 [2010.11.14 23:35:49 | 004,425,856 | ---- | M] () -- C:\Users\D&A\Jay-El - So Long (B-Force Remix).mp3 [2010.11.21 16:32:14 | 002,637,952 | ---- | M] () -- C:\Users\D&A\Jay2p - Play (2oo8) (UNRELEASED).mp3 [2010.11.14 23:30:01 | 003,027,072 | ---- | M] () -- C:\Users\D&A\Jean Paul ESQ ft. Shack 7 - I Miss You.mp3 [2010.12.30 01:45:12 | 005,214,336 | ---- | M] () -- C:\Users\D&A\Jennifer Lopez - Waiting for Tonight 'Video Official' [720p] HD.mp3 [2011.03.22 22:14:54 | 004,159,616 | ---- | M] () -- C:\Users\D&A\Jennifer Lopez Feat.Pitbull - On The Floor (Offiicial New Single 2011 Prod. By RedOne With Lyrics).mp3 [2011.01.08 17:58:15 | 004,571,264 | ---- | M] () -- C:\Users\D&A\Jeremih Feat. 50 Cent - Down On Me ( HQ + WITH LYRICS).mp3 [2010.12.09 23:54:52 | 004,245,632 | ---- | M] () -- C:\Users\D&A\jowel & randy nota loca ft. leverty - chica de novela (Official Remix 2010 ) video original.mp3 [2010.12.09 23:57:49 | 002,834,560 | ---- | M] () -- C:\Users\D&A\Jowell & Randy Ft Wisin - Jingle (Coyote The Show) - New 2010.mp3 [2010.12.09 23:25:47 | 003,442,816 | ---- | M] () -- C:\Users\D&A\jowell y randy no te veo.mp3 [2010.10.22 20:52:24 | 003,043,456 | ---- | M] () -- C:\Users\D&A\Justin Bieber feat. Usher - Somebody To Love (official video) HD.mp3 [2010.11.14 18:55:23 | 004,851,840 | ---- | M] () -- C:\Users\D&A\K Ci And Jojo - All My Life.mp3 [2010.12.01 23:26:21 | 003,012,736 | ---- | M] () -- C:\Users\D&A\K-Fly & Mag - Falsche Liebe.mp3 [2010.12.01 23:53:13 | 003,012,736 | ---- | M] () -- C:\Users\D&A\K-Fly & Mag - Falsche Liebe_1.mp3 [2010.11.08 18:50:25 | 005,343,360 | ---- | M] () -- C:\Users\D&A\K-Young - Do it.mp3 [2010.12.01 23:05:13 | 007,090,304 | ---- | M] () -- C:\Users\D&A\Karl Wolf Yalla Habibi ft. Rime and Kaz Money - Lone Wolf Entertainment. Music Media Factory.mp3 [2010.12.21 17:51:07 | 002,259,072 | ---- | M] () -- C:\Users\D&A\kat de Luna -calling you.wmv.mp3 [2010.12.07 21:55:52 | 004,907,136 | ---- | M] () -- C:\Users\D&A\Katy Perry - Firework Lyrics HD.mp3 [2010.12.08 00:36:45 | 003,668,096 | ---- | M] () -- C:\Users\D&A\Kay One - Scheiss auf dein Tut mir Leid.mp3 [2010.12.08 00:38:42 | 003,289,216 | ---- | M] () -- C:\Users\D&A\kay one Nichts ist für immer.mp3 [2011.02.07 01:24:23 | 003,741,824 | ---- | M] () -- C:\Users\D&A\Kaysha - On est ensemble.mp3 [2010.11.21 16:43:12 | 006,881,408 | ---- | M] () -- C:\Users\D&A\Keri Hilson ft. Ne-Yo & Kanye West - Knock You Down (squeaky clean).mp3 [2010.12.09 23:48:36 | 003,430,528 | ---- | M] () -- C:\Users\D&A\La Sista Ft. Jowell & Randy - Striper (Original Sin Promo).mp3 [2011.03.16 21:34:28 | 003,317,888 | ---- | M] () -- C:\Users\D&A\Lady_Gaga_-_***_This_Way__Official Single___with_Downloadlink_http-__tinyurl.com_6h2myws.mp3 [2011.01.29 21:42:10 | 004,829,312 | ---- | M] () -- C:\Users\D&A\Laserkraft 3D - Nein Mann (official Video).mp3 [2011.01.28 00:09:43 | 004,649,088 | ---- | M] () -- C:\Users\D&A\Last Time.mp3 [2010.11.14 23:21:14 | 004,016,256 | ---- | M] () -- C:\Users\D&A\LeMarvin - Change my Ways.mp3 [2010.10.24 18:43:25 | 004,149,376 | ---- | M] () -- C:\Users\D&A\Leona Lewis - Run (german Lyrics).mp3 [2010.10.24 19:07:19 | 004,548,736 | ---- | M] () -- C:\Users\D&A\Let Me Love You ( reggaeton Remix ).mp3 [2010.11.14 23:37:59 | 003,782,784 | ---- | M] () -- C:\Users\D&A\Liason - Since The Day (Offical Remix).mp3 [2010.11.17 00:39:46 | 003,659,904 | ---- | M] () -- C:\Users\D&A\Love At First Sight - Jori King.mp3 [2010.10.24 18:56:37 | 004,649,088 | ---- | M] () -- C:\Users\D&A\Machel Montano & Mr vegas 'Dance With You'.mp3 [2011.01.04 19:23:05 | 002,896,000 | ---- | M] () -- C:\Users\D&A\Madcon - Freaky Like Me (Official Lyrics On Screen)[HQ HD].flv.mp3 [2010.10.24 19:00:05 | 005,126,272 | ---- | M] () -- C:\Users\D&A\Magic System 'BOUGER BOUGER'.mp3 [2011.02.07 01:27:07 | 002,711,680 | ---- | M] () -- C:\Users\D&A\Magic System - Premier Gaou.mp3 [2010.10.24 19:02:53 | 003,776,640 | ---- | M] () -- C:\Users\D&A\Magic System ft Cheb Khaled Meme Pas Fatigue.mp3 [2010.12.01 23:13:47 | 004,718,720 | ---- | M] () -- C:\Users\D&A\Marasco - Es tut mir leid ( German RnB 2007).mp3 [2010.12.15 21:25:14 | 005,908,608 | ---- | M] () -- C:\Users\D&A\Mariah Carey 'All I want for Christmas is you'.mp3 [2011.02.15 00:18:47 | 003,860,608 | ---- | M] () -- C:\Users\D&A\Mario Brown feat. Edward Long - I Can Do ( presented by KayhanFB ).mp3 [2010.12.30 01:27:07 | 003,131,520 | ---- | M] () -- C:\Users\D&A\Mary J. Blige - Family Affair (BET Version) a bolognetta.mp3 [2011.02.15 00:07:03 | 003,790,976 | ---- | M] () -- C:\Users\D&A\Mc amino - Wenn du lachst lyrics.mp3 [2010.11.08 19:13:18 | 002,914,432 | ---- | M] () -- C:\Users\D&A\Medina - Lonely HD.mp3 [2010.11.08 19:15:45 | 003,686,528 | ---- | M] () -- C:\Users\D&A\Medina - You & I (uebersetzung) x3..mp3 [2010.12.15 21:08:34 | 003,758,208 | ---- | M] () -- C:\Users\D&A\Melanie Thornton Wonderful Dream (winter wonderland mix ).mp3 [2010.10.22 20:18:46 | 003,924,096 | ---- | M] () -- C:\Users\D&A\Meshun - Amazin' [R&B 2010].mp3 [2010.11.04 23:41:58 | 006,226,048 | ---- | M] () -- C:\Users\D&A\Michael Jackson - Man In The Mirror - (With Lyrics).mp3 [2011.02.28 17:59:10 | 002,785,408 | ---- | M] () -- C:\Users\D&A\Michael Jackson Feat. Akon - Hold My Hand.mp3 [2010.10.21 22:43:57 | 003,238,016 | ---- | M] () -- C:\Users\D&A\Nas & Damian Marley - As we enter.mp3 [2010.11.21 16:48:31 | 003,104,896 | ---- | M] () -- C:\Users\D&A\Ne-Yo - Beautiful Monster (Official Music Video).mp3 [2010.11.04 23:29:49 | 004,661,376 | ---- | M] () -- C:\Users\D&A\Ne-yo - In the Way _New Single_ RnB 2008.mp3 [2010.11.08 18:59:03 | 004,069,504 | ---- | M] () -- C:\Users\D&A\Next - Breathe (2010) HQ _ RnB4u.mp3 [2010.11.14 23:22:45 | 003,152,000 | ---- | M] () -- C:\Users\D&A\Next - Just Tonite.mp3 [2011.02.14 00:19:30 | 004,575,360 | ---- | M] () -- C:\Users\D&A\No time - Bracket ft P Square.mp3 [2012.03.30 21:24:59 | 002,883,584 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT [2012.03.30 21:24:59 | 000,262,144 | -H-- | M] () -- C:\Users\D&A\ntuser.dat.LOG1 [2010.07.19 12:58:51 | 000,000,000 | -H-- | M] () -- C:\Users\D&A\ntuser.dat.LOG2 [2011.11.01 06:44:46 | 000,065,536 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2011.06.29 11:03:55 | 000,524,288 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2011.11.01 06:44:46 | 000,524,288 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2012.03.30 14:03:34 | 000,065,536 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{e782f217-0487-11e1-8072-00226838d30d}.TM.blf [2012.03.30 14:03:34 | 000,524,288 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{e782f217-0487-11e1-8072-00226838d30d}.TMContainer00000000000000000001.regtrans-ms [2011.11.01 15:27:07 | 000,524,288 | -HS- | M] () -- C:\Users\D&A\NTUSER.DAT{e782f217-0487-11e1-8072-00226838d30d}.TMContainer00000000000000000002.regtrans-ms [2010.07.19 12:58:51 | 000,000,020 | -HS- | M] () -- C:\Users\D&A\ntuser.ini [2010.11.08 18:55:47 | 004,710,528 | ---- | M] () -- C:\Users\D&A\P - Square - Do me (HQ).mp3 [2011.02.14 00:32:11 | 004,337,792 | ---- | M] () -- C:\Users\D&A\P Square - Last nite (Good quality audio).mp3 [2011.01.29 21:03:56 | 004,905,088 | ---- | M] () -- C:\Users\D&A\P SQUARE FT J. MARTINS E NO EASY (OFFICIAL VIDEO).mp3 [2011.02.14 00:22:43 | 005,585,024 | ---- | M] () -- C:\Users\D&A\P Square ft. J Martins - E No Easy.mp3 [2011.01.29 20:56:07 | 005,511,296 | ---- | M] () -- C:\Users\D&A\P SQUARE I LOVE YOU (OFFICIAL VIDEO).mp3 [2010.10.22 19:24:01 | 004,081,792 | ---- | M] () -- C:\Users\D&A\P Square Roll It (Official Video).mp3 [2011.03.07 23:49:39 | 003,936,384 | ---- | M] () -- C:\Users\D&A\P Square(New Song)-Am I still that special Man w_ lyrics.mp3 [2011.02.14 00:28:42 | 005,779,584 | ---- | M] () -- C:\Users\D&A\P-Square - Your name (Remix).mp3 [2011.03.07 23:46:47 | 006,584,448 | ---- | M] () -- C:\Users\D&A\P-square- say your love.mp3 [2011.01.26 11:15:04 | 003,080,320 | ---- | M] () -- C:\Users\D&A\Peaches and Cream - 112.mp3 [2010.12.05 21:36:06 | 003,727,488 | ---- | M] () -- C:\Users\D&A\Phil Collins - Strangers Like Me.mp3 [2010.11.11 19:15:05 | 004,339,840 | ---- | M] () -- C:\Users\D&A\Pitbull - Go girl.mp3 [2011.01.29 21:09:32 | 003,850,368 | ---- | M] () -- C:\Users\D&A\Pitbull feat. Akon - Shut it down.mp3 [2010.11.29 21:58:53 | 003,469,440 | ---- | M] () -- C:\Users\D&A\Pitbull Feat. T-Pain - Hey Baby (Drop It To The Floor).mp3 [2010.10.24 18:52:50 | 005,073,024 | ---- | M] () -- C:\Users\D&A\Pitbull ft. Machel Montano - Alright.mp3 [2011.03.22 22:16:23 | 005,038,208 | ---- | M] () -- C:\Users\D&A\Pitbull ft. Ne-Yo. Afrojack & Nayer - Give Me Everything (Tonight) + ( lyrics ) (NEW) [www.RnB4U.in].mp3 [2010.11.02 16:12:36 | 006,011,008 | ---- | M] () -- C:\Users\D&A\Please Excuse My Hands - Plies (Feat The Dream & Jammie Foxx).mp3 [2011.02.14 00:52:02 | 004,774,016 | ---- | M] () -- C:\Users\D&A\Pocketful of Sunshine-Natasha Bedingfield.mp3 [2010.10.26 13:59:20 | 003,743,872 | ---- | M] () -- C:\Users\D&A\Pussycat Dolls - Bottle Pop [2009].mp3 [2010.11.14 23:24:49 | 004,128,896 | ---- | M] () -- C:\Users\D&A\Q. Armey - Forever Girl (Jazze Pha Remix).mp3 [2010.12.07 22:21:05 | 005,568,640 | ---- | M] () -- C:\Users\D&A\R. Kelly & Jay Z 'Fiesta '.mp3 [2010.12.07 22:11:46 | 005,232,768 | ---- | M] () -- C:\Users\D&A\R.Kelly Feat. Keri Hilson- Number One Sex (ORiGiNAL SONG W_LYRiCS !].mp3 [2010.11.28 21:47:51 | 003,881,088 | ---- | M] () -- C:\Users\D&A\Ramzi ft. Ash King 'Love Is Blind' (Official Music Video).mp3 [2010.10.23 12:05:17 | 002,117,760 | ---- | M] () -- C:\Users\D&A\Rebeccas Antwort (Pussycat Prolls Diss).mp3 [2010.10.21 23:15:08 | 003,973,248 | ---- | M] () -- C:\Users\D&A\Rihanna - Only Girl » Official New Song.mp3 [2011.01.04 19:26:15 | 004,669,568 | ---- | M] () -- C:\Users\D&A\Rihanna - WhatsMy Name Feat. Drake Lyrics.mp3 [2011.02.01 23:54:15 | 003,868,800 | ---- | M] () -- C:\Users\D&A\Rihanna - Who's That Chick (Prod. by David Guetta)by dj Adi.mp3 [2011.02.07 01:32:23 | 002,869,376 | ---- | M] () -- C:\Users\D&A\Rihanna feat sean paul - break it off.mp3 [2010.11.21 17:02:56 | 003,467,392 | ---- | M] () -- C:\Users\D&A\Rihanna- rude boy (Lyrics).mp3 [2010.11.14 23:39:34 | 003,745,920 | ---- | M] () -- C:\Users\D&A\Rodney ft. Jazze Pha - You Can Spend The Night (prod. by Jazze Pha).mp3 [2011.02.07 01:20:42 | 002,560,128 | ---- | M] () -- C:\Users\D&A\Ryan Leslie- How It Was Supposed To Be ( HoT RmX ).mp3 [2010.11.11 19:11:47 | 004,497,536 | ---- | M] () -- C:\Users\D&A\Sean Paul - So Fine (2009) HD.mp3 [2010.11.11 19:08:26 | 003,684,480 | ---- | M] () -- C:\Users\D&A\Sean Paul - Temperature.mp4.mp3 [2011.02.15 00:29:17 | 002,844,800 | ---- | M] () -- C:\Users\D&A\Sefo Grüne Augen.mp3 [2011.03.16 21:28:13 | 006,037,632 | ---- | M] () -- C:\Users\D&A\Sevin feat. Pitbull & Ying Yang Twins - Club Sexin (Unrls Prod. By Dj Idam).mp3 [2010.11.14 23:27:58 | 002,386,048 | ---- | M] () -- C:\Users\D&A\Shai - If I Ever Fall In Love (DJ Marv Remix).mp3 [2010.10.21 22:58:04 | 003,246,208 | ---- | M] () -- C:\Users\D&A\Shakira - Waka Waka Official Music Video.mp3 [2010.11.08 19:07:57 | 003,176,576 | ---- | M] () -- C:\Users\D&A\Shakira Feat Dizzee Rascal - Loca.mp3 [2010.10.22 19:20:19 | 002,764,928 | ---- | M] () -- C:\Users\D&A\Shawn Desman The place Where you belong.mp3 [2010.12.07 22:27:28 | 004,350,080 | ---- | M] () -- C:\Users\D&A\Shawn Desman - Night Like This (New Hot RnB Music 2010).mp3 [2011.02.02 00:34:21 | 004,804,736 | ---- | M] () -- C:\Users\D&A\She Aint my Gurl Trey Songz.mp3 [2010.12.09 23:34:00 | 004,753,536 | ---- | M] () -- C:\Users\D&A\shorty-jowell y randy.mp3 [2011.02.07 01:29:41 | 005,027,968 | ---- | M] () -- C:\Users\D&A\Soca 2007 Machel Montano - One more time.mp3 [2011.02.28 17:56:38 | 004,008,064 | ---- | M] () -- C:\Users\D&A\Soulja Boy Tell' Em - 'Kiss Me Thru The Phone' (REGGUETON Remix) [Music Video] BY DJ BOCA CHULA.mp3 [2010.11.11 00:33:23 | 004,100,224 | ---- | M] () -- C:\Users\D&A\Stanfour - This is life without you.mp3 [2010.10.22 20:14:59 | 004,180,096 | ---- | M] () -- C:\Users\D&A\Sterling Simms - Your The Reason (Prod. by Cornaboyz).mp3 [2010.11.21 16:29:25 | 002,351,232 | ---- | M] () -- C:\Users\D&A\Strip Club.mp3 [2010.12.05 21:38:04 | 001,493,120 | ---- | M] () -- C:\Users\D&A\Tarzan- 'Zwei Welten. eine Familie'.mp3 [2010.11.29 21:50:20 | 004,065,408 | ---- | M] () -- C:\Users\D&A\The Black Eyed Peas - The Time (NEW 2010).mp3 [2010.12.07 23:06:50 | 004,987,008 | ---- | M] () -- C:\Users\D&A\THE VERY BEST (FT. M.I.A.) - RAIN DANCE.mp3 [2010.12.15 23:53:18 | 005,529,728 | ---- | M] () -- C:\Users\D&A\Timbaland feat. One Republic - Marching On.mp3 [2010.12.07 00:38:41 | 002,730,112 | ---- | M] () -- C:\Users\D&A\Tiziano Ferro - 'Perdono' (Versione Italiana - lyrics).mp3 [2010.11.11 00:14:16 | 003,950,720 | ---- | M] () -- C:\Users\D&A\Toni Braxton - Hands Tied.mp3 [2010.11.11 00:21:23 | 002,816,128 | ---- | M] () -- C:\Users\D&A\Toni Braxton - I Wanna Be.. ( Your Baby ).mp3 [2010.11.11 00:18:10 | 003,158,144 | ---- | M] () -- C:\Users\D&A\Toni Braxton - Melt (Like An Iceberg) (Lyrics).mp3 [2010.11.04 23:16:58 | 003,188,864 | ---- | M] () -- C:\Users\D&A\Toni Braxton - Please.mp3 [2010.10.21 22:30:37 | 004,028,544 | ---- | M] () -- C:\Users\D&A\Toni Braxton Feat Trey Songz Yesterday.mp3 [2010.10.22 20:09:33 | 005,103,744 | ---- | M] () -- C:\Users\D&A\Toni Braxton Heart Never Had A Hero new song 2010 (with Lyrics).mp3 [2011.02.15 00:24:02 | 005,408,896 | ---- | M] () -- C:\Users\D&A\Tonight - Ryan Leslie [New Song 2010] HD Video.mp3 [2010.11.17 01:05:21 | 005,064,832 | ---- | M] () -- C:\Users\D&A\Trey Songz - She Goes (Feat. Mel Gates).mp3 [2010.10.21 22:48:16 | 003,743,872 | ---- | M] () -- C:\Users\D&A\Trey Songz - 'Can't Be Friends' [Official Video].mp3 [2011.01.28 00:16:38 | 003,244,160 | ---- | M] () -- C:\Users\D&A\Trey Songz - Missin You (Official Music Video).mp3 [2010.10.22 19:46:04 | 002,863,232 | ---- | M] () -- C:\Users\D&A\Trey Songz - One Love.mp3 [2011.02.02 00:37:13 | 003,942,528 | ---- | M] () -- C:\Users\D&A\Trey Songz - Role Play.mp3 [2010.10.22 20:23:04 | 005,023,872 | ---- | M] () -- C:\Users\D&A\Trey Songz - Safari Love (With Lyrics).mp3 [2010.10.22 20:57:23 | 005,423,232 | ---- | M] () -- C:\Users\D&A\Trey Songz - Scratching me up.mp3 [2010.10.22 19:51:48 | 004,012,160 | ---- | M] () -- C:\Users\D&A\Trey Songz - The Ones U Love (New 2010).mp3 [2010.10.22 19:59:07 | 004,520,064 | ---- | M] () -- C:\Users\D&A\Trey Songz - U Belong To Me (Lyrics).mp3 [2011.02.02 00:24:38 | 006,633,600 | ---- | M] () -- C:\Users\D&A\Trey Songz - We Should Be.mp3 [2011.02.02 00:19:42 | 005,654,656 | ---- | M] () -- C:\Users\D&A\Trey Songz - Wonder woman.mp3 [2011.02.02 00:31:06 | 004,614,272 | ---- | M] () -- C:\Users\D&A\Trey Songz - You belong to me.mp3 [2010.11.04 23:21:10 | 005,599,360 | ---- | M] () -- C:\Users\D&A\Trey Songz Ft. Keri Hilson & Usher - I Invented Sex Remix.mp3 [2010.10.22 20:04:25 | 004,612,224 | ---- | M] () -- C:\Users\D&A\trey songz i invented sex.mp3 [2011.02.02 00:27:57 | 004,765,824 | ---- | M] () -- C:\Users\D&A\Trey Songz- Does She Know.mp3 [2010.10.22 19:55:25 | 004,370,560 | ---- | M] () -- C:\Users\D&A\Trey Songz- More Than That.mp3 [2011.01.28 00:13:04 | 004,878,464 | ---- | M] () -- C:\Users\D&A\Trey songz-Holla if you need me Lyrics.mp3 [2010.11.04 23:24:34 | 005,730,432 | ---- | M] () -- C:\Users\D&A\Trina Ft. Qwote - Phone Sexx.mp3 [2011.01.26 11:08:56 | 006,199,424 | ---- | M] () -- C:\Users\D&A\Tyrese - How You Gonna Act Like That(5AM Remix).mp3 [2011.03.02 18:58:18 | 003,768,448 | ---- | M] () -- C:\Users\D&A\Usher - More (Official Music) [HQ].mp3 [2010.11.11 19:31:22 | 004,651,136 | ---- | M] () -- C:\Users\D&A\Usher - Trading Places.mp3 [2010.11.11 00:08:01 | 004,198,528 | ---- | M] () -- C:\Users\D&A\Usher- There Goes my Baby.mp3 [2010.11.08 18:47:53 | 003,858,560 | ---- | M] () -- C:\Users\D&A\Vybz Kartel ft Gaza Slim - One Man {FEB 2010} {AdidjahiemNotnice Prod}.mp3 [2011.02.15 00:16:18 | 003,424,384 | ---- | M] () -- C:\Users\D&A\When I Look At You. Miley Cyrus Music Video - THE LAST SONG - Available on DVD & Blu-ray NOW.mp3 [2011.03.22 22:24:16 | 004,767,872 | ---- | M] () -- C:\Users\D&A\Xavier Naidoo - Ich brauche dich - (T.I.O. Remix) (Official Video).mp3 [2010.12.05 21:29:41 | 004,499,584 | ---- | M] () -- C:\Users\D&A\You'll Be In My Heart - Phil Collins.mp3 [2010.10.22 19:30:24 | 004,343,936 | ---- | M] () -- C:\Users\D&A\You're My Angel - Ryan Leslie [New Song 2010] HD Video.mp3 [2010.10.21 22:52:25 | 004,612,224 | ---- | M] () -- C:\Users\D&A\Your side of the bed Lyrics.mp3 [2010.10.24 18:33:49 | 004,661,376 | ---- | M] () -- C:\Users\D&A\[FIRST EVER LYRICS] Nelly - Just a Dream With Lyrics! (BRAND NEW).mp3 [2010.10.21 22:21:26 | 004,524,160 | ---- | M] () -- C:\Users\D&A\[HD] Cassie - Let's Get Crazy (PARTY ROCK REMIX) ft. LMFAO & AKON (MP3 DOWNLOAD).mp3 [2010.11.11 00:03:54 | 004,100,096 | ---- | M] () -- C:\Users\D&A\İndir (Mustafa Sandal).mp3 < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Files - Unicode (All) ========== [2010.12.16 00:15:49 | 008,753,152 | ---- | M] ()(C:\Users\D&A\Arabic song ???? ???? ???? ?? ??? ? ????? 2010(In English)???? ????.mp3) -- C:\Users\D&A\Arabic song عمرو دياب يهمك في ايه و اليسا 2010(In English)افضل كليب.mp3 [2010.11.02 19:31:53 | 003,545,088 | ---- | M] ()(C:\Users\D&A\¦¦¦?Next - One Night Only (2010) [HQ] _ Hottest RnBmusic.mp3) -- C:\Users\D&A\▒▓█►Next - One Night Only (2010) [HQ] _ Hottest RnBmusic.mp3 [2010.11.02 16:08:41 | 002,684,928 | ---- | M] ()(C:\Users\D&A\I just wanna hold you in my arms. ?.mp3) -- C:\Users\D&A\I just wanna hoℓd you in my arms. ♥.mp3 < End of report > wenn ich irgendwas falsch gemacht habe, bitte ich Euch dies zu entschuldigen und mir weitere Anweisungen zu geben! Danke! hey, kann mur dann keiner weiter helfen? es waere echt super wenn wir jemand sagen kann was ich jetz tuen soll. |
|
31.03.2012, 19:03
| #2 |
| /// Malware-holic   | Windows blockade durch Deutschlandflaggenvirus! hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\DA\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
:Files
C:\Users\DA\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
01.04.2012, 13:54
| #3 |
| | Windows blockade durch Deutschlandflaggenvirus! So hab es so gemacht wie du geschrieben hast.
__________________Das kam dabei raus. Und die Datei hochzuladen war auch erfolgreich. Dankeschoen! Ich warte auf weitere Instruktionen. HTML-Code: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully. File C:\Users\DA\AppData\Local\Skype\SkypePM.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: AppData User: D&A ->Flash cache emptied: 125503 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: AppData User: D&A ->Temp folder emptied: 1596967254 bytes ->Temporary Internet Files folder emptied: 214038464 bytes ->Java cache emptied: 5915523 bytes ->FireFox cache emptied: 124324812 bytes ->Google Chrome cache emptied: 6355765 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 861184 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 111112573 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 183432 bytes Total Files Cleaned = 1.964,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04012012_144341 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\SETDB43.tmp scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTFI1SLA\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IVDU736R\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I34Y2ROW\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5PIN1QF\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
01.04.2012, 14:47
| #4 | |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.04.2012, 15:06
| #5 |
| | Windows blockade durch Deutschlandflaggenvirus! So chef  hab das so gemacht wie du es mir gesagt hast. Das ist das Ergebnis von Combofix. Aber neustarten musste ich gar nicht..... Combofix Logfile: Code:
ATTFilter ComboFix 12-03-31.03 - D&A 01.04.2012 15:56:17.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.6142.4423 [GMT 2:00]
ausgeführt von:: c:\users\D&A\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Install.cmd
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-01 bis 2012-04-01 ))))))))))))))))))))))))))))))
.
.
2012-04-01 14:02 . 2012-04-01 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 12:43 . 2012-04-01 12:55 -------- d-----w- C:\_OTL
2012-03-30 19:58 . 2012-03-30 19:58 -------- d-----w- c:\program files (x86)\Lavalys
2012-03-23 05:29 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C406A4E5-1016-46A7-80CC-A8526A7274C9}\mpengine.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-16 13:37 . 2012-04-01 12:22 -------- d-----w- c:\users\D&A\AppData\Roaming\Skype
2012-03-16 13:37 . 2012-03-16 13:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-16 13:37 . 2012-03-16 13:37 -------- d-----r- c:\program files (x86)\Skype
2012-03-16 13:37 . 2012-03-16 13:37 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 20:09 . 2012-02-10 22:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-07-20 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 15:51]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 15:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"FijiKeyboard"="c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" [2008-09-18 79416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0710&m=imedia_x6605_ge
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\D&A\AppData\Roaming\Mozilla\Firefox\Profiles\u1fye323.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2325506&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - www.Freeware-download.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2325506&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://plasmoo.com/index.htm?SearchMashine=true&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Facebook: Rosa Themen-Plugin: pink@rosa-plugin.info - %profile%\extensions\pink@rosa-plugin.info
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-FujiKeyboard - c:\acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-01 16:04:13
ComboFix-quarantined-files.txt 2012-04-01 14:04
.
Vor Suchlauf: 9 Verzeichnis(se), 708.944.982.016 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 708.244.946.944 Bytes frei
.
- - End Of File - - 440BF0AA3B5E0556E93928AD0945E75C
|
|
02.04.2012, 08:51
| #6 |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Windows blockade durch Deutschlandflaggenvirus! |
|
02.04.2012, 16:24
| #7 |
| | Windows blockade durch Deutschlandflaggenvirus! hallo, hab mir malewarebytes und hab jetz schon zwei mal versucht es durch laufen... beim ersten versuch hat er sich nach 20 minuten aufgehangen und es half nur ein hard reset. gerade ebend hab ich es nochmal probiert, aber er haengt sich wieder. inwieweit beeinflusst das nun meinen weiteren erfolg? gibts ein anderes programm? vielen dank fuer die hilfe. |
|
02.04.2012, 20:26
| #8 |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! gehts im abgesicherten modus mit netzwerk, bei pc start über f8 zu erreichen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.04.2012, 21:49
| #9 |
| | Windows blockade durch Deutschlandflaggenvirus! danke fuer deine schnellen antworten. nein leider gab das auch keinen erfolg... ab ca 8 minuten kam es wieder zum haengen und mir blieb nur ein hard reset. waskann da noch helfen? eine formatierung? |
|
03.04.2012, 11:59
| #10 |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! wie siehts mit nem qick scan aus?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 16:22
| #11 |
| | Windows blockade durch Deutschlandflaggenvirus! So das kam nun beim Quick Scan raus... Versuche jetz nochmal einen Voll-Scan. Ich hoffe du kannst damit schon was anfangen... HTML-Code: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.02.04 Windows Vista Service Pack 1 x64 NTFS Internet Explorer 7.0.6001.18000 D&A :: D-PC [Administrator] 03.04.2012 17:08:42 mbam-log-2012-04-03 (17-08-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202719 Laufzeit: 4 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\D&A\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
03.04.2012, 18:10
| #12 |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! ok meld dich obs geklappt hatt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 16:37
| #13 |
| | Windows blockade durch Deutschlandflaggenvirus! soo egall was ich mache chef den vollen scan macht er nicht. haengt sich immer wieder auf. was kann ich noch tuen? |
|
04.04.2012, 17:04
| #14 |
| /// Malware-holic | Windows blockade durch Deutschlandflaggenvirus! hi, lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 17:35
| #15 |
| | Windows blockade durch Deutschlandflaggenvirus!HTML-Code: Ad-Aware Lavasoft 18.07.2010 87,9MB notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 20.03.2012 10.3.183.16 notwendig Adobe Flash Player ActiveX Adobe Systems Incorporated 18.07.2010 9.0.124.0 notwendig Adobe Photoshop Elements 6.0 Adobe Systems, Inc. 21.01.2009 375MB 6.0 notwendig Adobe Reader 9 - Deutsch Adobe Systems Incorporated 21.01.2009 232MB 9.0.0 notwendig Adobe Shockwave Player Adobe Systems, Inc. 18.07.2010 10.3.0.24 notwendig Apple Mobile Device Support Apple Inc. 20.10.2010 20,7MB 3.2.0.47 nicht benoetigt Apple Software Update Apple Inc. 20.10.2010 2,26MB 2.1.2.120 Avira AntiVir Personal - Free Antivirus Avira GmbH 31.03.2012 101,3MB 10.2.0.707 notwendig CCleaner Piriform 03.04.2012 8,94MB 3.17 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 13.03.2012 39,0MB 12.0.6612.1000 notwendig CPUID CPU-Z 1.58 20.11.2011 3,24MB nicht benötigt EasyBits Magic Desktop 18.07.2010 nicht benötigt EVEREST Home Edition v2.20 Lavalys Inc 29.03.2012 6,58MB 2.20 nicht benötigt Google Chrome Google Inc. 10.01.2012 249MB 17.0.963.83 nicht benötigt HP Customer Participation Program 8.0 HP 15.10.2010 254MB 8.0 HP Imaging Device Functions 8.0 HP 15.10.2010 2,21MB 8.0 Hp notwendig Drucker HP OCR Software 8.0 HP 15.10.2010 2,20MB 8.0 HP Photosmart Essential HP 15.10.2010 10,2MB 1.12.0.46 HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 15.10.2010 76,9MB 8.0 HP Solution Center 8.0 HP 15.10.2010 2,20MB 8.0 HP Update Hewlett-Packard 15.10.2010 3,57MB 4.000.005.006 HPSSupply Ihr Firmenname 15.10.2010 0,96MB 2.1.3.0000 iTunes Apple Inc. 20.10.2010 139,7MB 10.0.1.22 notwendig Java(TM) 6 Update 21 Sun Microsystems, Inc. 20.07.2010 94,5MB 6.0.210 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 01.04.2012 11,5MB 1.60.1.1000 notwendig MetaBoli 21.01.2009 1.821MB 1.00.0000 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 20.07.2010 42,1MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 20.07.2010 42,1MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.11.2010 189,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.11.2010 46,5MB 4.0.30319 Microsoft Office Home and Student 18.07.2010 297MB Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 13.03.2012 33,8MB 12.0.6612.1000 microsoft notwendig Microsoft Office Suite Activation Assistant Microsoft Corporation 21.01.2009 8,37MB 2.9 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 21.01.2009 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 20.07.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.07.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 21.01.2009 0,69MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 29.04.2011 0,56MB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 20.07.2010 0,21MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 29.04.2011 0,77MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 29.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.07.2010 0,76MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,76MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.07.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Works 9.0 SE 18.07.2010 297MB Mozilla Firefox (3.6.28) Mozilla 20.03.2012 34,4MB 3.6.28 (de) notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.01.2009 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.07.2010 1,34MB 4.20.9876.0 Nero 8 Essentials Nero AG 18.07.2010 1.743MB 8.3.389 funktioniert nicht NVIDIA Display Control Panel NVIDIA Corporation 18.07.2010 1,29MB 6.14.12.5896 nvidia benötigt NVIDIA Drivers NVIDIA Corporation 18.07.2010 1.10.62.40 NVIDIA ForceWare Network Access Manager 18.07.2010 NVIDIA PhysX NVIDIA Corporation 18.07.2010 80,0MB 9.10.0224 NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 18.07.2010 16,1MB 7.17.12.5896 Packard Bell ImageWriter 21.01.2009 1.821MB 1.00.0000 Packard Bell Updator 21.01.2009 1.821MB 3.00.0000 PC Connectivity Solution Nokia 01.12.2010 15,0MB 8.15.0.0 Picasa 3 Google, Inc. 10.01.2012 78,3MB 3.8 nicht benötigt QuickTime Apple Inc. 20.10.2010 73,7MB 7.68.75.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.01.2009 21,5MB 6.0.1.5704 SAMSUNG Mobile Composite Device Software 01.12.2010 samsung nicht benötigt Samsung Mobile Modem Device Software 01.12.2010 SAMSUNG Mobile Modem Driver Set 01.12.2010 Samsung Mobile phone USB driver Software 01.12.2010 SAMSUNG Mobile USB Modem 1.0 Software 01.12.2010 SAMSUNG Mobile USB Modem Software 01.12.2010 Samsung New PC Studio Samsung Electronics Co., Ltd. 01.12.2010 165,4MB 1.00.0000 SAMSUNG USB Mobile Device Software 01.12.2010 SamsungConnectivityCableDriver Samsung 01.12.2010 0,72MB 6.83.6.2.1 Setup My PC 21.01.2009 1.821MB 3.00.0000 unbekannt Skype Click to Call Skype Technologies S.A. 15.03.2012 15,7MB 5.10.9560 Skype™ 5.8 Skype Technologies S.A. 15.03.2012 19,1MB 5.8.158 skype notwendig SpeedFan (remove only) 20.11.2011 5,54MB Star Wars JK II Jedi Outcast 08.01.2012 601MB notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 20.07.2010 34,5MB nicht benötigt Uninstall 1.0.0.1 02.05.2011 30,8MB Windows Live Anmelde-Assistent Microsoft Corporation 18.07.2010 1,93MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 18.07.2010 136,3MB 14.0.8117.0416 Windows Live Sync Microsoft Corporation 18.07.2010 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 21.01.2009 0,22MB 14.0.8014.1029 Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 01.12.2010 10/12/2007 6.85.4.0 WinRAR 4.01 (64-Bit) win.rar GmbH 20.11.2011 4,61MB 4.01.0 |
|
| Themen zu Windows blockade durch Deutschlandflaggenvirus! |
| ad-aware, autorun, avira, bho, bildschirm, black, blockiert, bonjour, brand new, converter, desktop, downloadlink, firefox, funktioniert nicht mehr, helper, home, logfile, mp3, nvstor.sys, packard bell, plug-in, realtek, registry, required, scan, schwarzer bildschirm, searchscopes, security, security scan, senden, software, soundtrack, super, version=1.0, virus, vista, windows |
Linear-Darstellung
