| Trojaner: tr/atraps.gen entdeckt Hallo,
seit Heute meldet mir Avira etwa alle 5 Minuten, dass ich einen Virus auf meinen Computer hätte.
Nach weiterer Suche habe ich herausgefunden, dass es sich um den
Trojaner tr/atraps.gen handelt.
Ich habe die Anweisungen hier alle durchgearbeitet und hoffe, dass ich nichts vergessen habe.
Liebe Grüße
ICrane Zitat:
OTL logfile created on: 30.09.2012 12:01:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ICrane\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,48 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,85% Memory free
7,14 Gb Paging File | 5,81 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 776,37 Gb Free Space | 83,35% Space Free | Partition Type: NTFS
Drive D: | 306,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ICRANE-PC | User Name: ICrane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========
PRC - [2012.09.30 12:00:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ICrane\Downloads\OTL.exe
PRC - [2012.09.05 23:11:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.05 23:11:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.05 23:11:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.05 23:11:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.05 23:11:36 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.04 18:58:26 | 000,403,968 | ---- | M] (Hansenet) -- C:\Programme\Alice\Signup\AliceCnn.exe
PRC - [2012.09.04 18:09:52 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Programme\XFastUSB\XFastUsb.exe
PRC - [2012.08.24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.07.28 04:10:10 | 000,469,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.28 04:09:30 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.02.07 12:05:04 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 12:05:04 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 12:04:54 | 000,128,280 | R--- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.02.07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.02.02 22:25:30 | 000,458,464 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\iCLS Client\HeciServer.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) -- C:\Programme\ASRock\XFast LAN\spd.exe
PRC - [2011.10.19 16:19:20 | 001,202,560 | R--- | M] (cFos Software GmbH) -- C:\Programme\ASRock\XFast LAN\cfosspeed.exe
PRC - [2009.11.16 19:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ==========
MOD - [2012.09.05 17:20:55 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.09.05 01:30:30 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d81872939252c65b6f1127f331b84de0\PresentationFramework.Classic.ni.dll
MOD - [2012.09.05 01:30:19 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.09.05 01:30:18 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\457652efc6e908b6069d978e96951914\PresentationFramework.ni.dll
MOD - [2012.09.05 01:30:11 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.09.05 01:29:28 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.09.05 01:29:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.09.05 01:29:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.09.05 01:29:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0c994066e03492ff904cb36603d8c8dc\IAStorCommon.ni.dll
MOD - [2012.09.05 01:29:22 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\86222563a3fd79baa424d54c7c0c07e4\IAStorUtil.ni.dll
MOD - [2012.09.05 01:29:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.09.05 01:29:17 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.09.05 01:29:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.09.05 01:29:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.09.05 01:24:15 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.09.05 01:24:14 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.09.05 01:24:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.08.06 12:07:30 | 000,369,152 | ---- | M] () -- C:\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.07.28 03:13:04 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.05.19 09:56:26 | 000,190,464 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009.04.10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.04.10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009.03.29 21:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 21:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.24 18:16:58 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\WinRAR\RarExt.dll
MOD - [2007.03.24 21:44:20 | 000,114,688 | ---- | M] () -- C:\Programme\Alice\Signup\sys.plg
MOD - [2007.02.12 17:54:30 | 000,253,952 | ---- | M] () -- C:\Programme\Alice\Signup\dslsetup.plg
MOD - [2005.10.04 17:28:40 | 000,081,920 | ---- | M] () -- C:\Programme\Alice\Signup\htmlpars.plg
MOD - [2005.09.23 18:10:22 | 000,081,920 | ---- | M] () -- C:\Programme\Alice\Signup\alice.plg
MOD - [2005.08.17 19:36:28 | 000,090,112 | ---- | M] () -- C:\Programme\Alice\Signup\Support.plg
MOD - [2005.04.15 12:35:50 | 000,077,824 | ---- | M] () -- C:\Programme\Alice\Signup\SueDsl.plg ========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2012.09.22 22:17:02 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.14 19:39:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.09.14 19:38:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.09.05 23:11:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.05 23:11:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.05 23:11:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.28 04:09:30 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.07 12:05:04 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 12:05:04 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 12:04:54 | 000,128,280 | R--- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.07 12:04:44 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 22:25:30 | 000,458,464 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.19 16:19:22 | 000,359,808 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2009.11.16 19:59:28 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.20 20:27:43 | 000,029,760 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV - [2012.09.05 23:11:37 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.05 23:11:37 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.04 18:09:52 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2012.07.28 06:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.28 03:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012.01.13 12:52:40 | 000,029,992 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV - [2011.11.09 18:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.21 17:56:44 | 000,043,104 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\asahci32.sys -- (asahci32)
DRV - [2011.09.08 10:40:24 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011.07.04 15:18:58 | 001,156,992 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2011.05.10 16:28:20 | 000,015,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.18 01:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)
DRV - [2009.07.31 03:39:58 | 000,017,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WRfiltv.sys -- (WRfiltv)
DRV - [2006.11.28 22:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 22:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKCU\..\SearchScopes\{2743628C-5FF9-439c-AC62-2C4A81A89C54}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{4BE5DD4F-6414-4b5d-89C4-286C00E4C586}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Mozilla Firefox\components [2012.09.12 20:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Mozilla Firefox\plugins
[2012.09.04 21:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ICrane\AppData\Roaming\mozilla\Extensions
[2012.09.04 22:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ICrane\AppData\Roaming\mozilla\Firefox\Profiles\wr6ye6cn.default\extensions
[2012.09.04 22:40:04 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\ICrane\AppData\Roaming\mozilla\Firefox\Profiles\wr6ye6cn.default\extensions\toolbar@ask.com
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [SmartViewAgent] "C:\Program Files\DeviceVM\SmartView\SmartViewAgent.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [THXCfg32] C:\Windows\System32\THXCfg32.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward &Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cac&hed Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Si&milar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe (ICQ, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E675F657-53CB-49E3-9A61-1A898D0903E4}: NameServer = 62.109.123.196 213.191.74.18
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.03 16:10:51 | 000,506,817 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{bad08e12-f6a5-11e1-adde-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bad08e12-f6a5-11e1-adde-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ==========
[2012.09.18 20:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.09.18 20:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.09.18 20:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.09.15 12:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012.09.14 19:39:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012.09.14 19:39:01 | 002,902,494 | ---- | C] (Creative) -- C:\Windows\System32\Sens_oal.dll
[2012.09.14 19:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2012.09.14 19:37:47 | 000,000,000 | ---D | C] -- C:\Creative
[2012.09.13 22:15:03 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\HpUpdate
[2012.09.13 22:14:56 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.09.12 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Apple Computer
[2012.09.12 20:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.09.12 20:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.09.12 20:13:16 | 000,000,000 | ---D | C] -- C:\QuickTime
[2012.09.12 20:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.09.12 20:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.09.12 20:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.09.12 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\HP
[2012.09.12 00:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.09.12 00:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2012.09.12 00:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.09.12 00:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.09.12 00:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012.09.12 00:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012.09.12 00:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012.09.12 00:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.09.12 00:05:26 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.09.12 00:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.09.11 23:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.09.07 13:34:25 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\WinRAR
[2012.09.05 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\vlc
[2012.09.05 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.09.05 20:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.09.05 17:08:38 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\AskToolbar
[2012.09.05 01:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.09.05 01:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.09.05 01:03:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.09.05 00:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.09.05 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.09.05 00:32:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012.09.05 00:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.05 00:11:45 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.05 00:11:29 | 000,000,000 | ---D | C] -- C:\WinRAR
[2012.09.05 00:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.05 00:10:59 | 000,000,000 | ---D | C] -- C:\VideoLAN
[2012.09.05 00:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.09.05 00:10:06 | 000,000,000 | ---D | C] -- C:\TeamSpeak 3 Client
[2012.09.05 00:01:12 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Skype
[2012.09.05 00:01:09 | 000,000,000 | R--D | C] -- C:\Skype
[2012.09.05 00:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.05 00:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.05 00:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.09.04 23:44:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.09.04 23:44:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.09.04 23:44:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.09.04 23:42:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.09.04 23:35:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.09.04 23:29:18 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2012.09.04 23:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2012.09.04 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Apple
[2012.09.04 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.09.04 23:00:09 | 000,000,000 | ---D | C] -- C:\Nero
[2012.09.04 22:55:19 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Nero
[2012.09.04 22:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ6.5
[2012.09.04 22:50:24 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\ICQ
[2012.09.04 22:50:16 | 000,000,000 | ---D | C] -- C:\ICQ6.5
[2012.09.04 22:50:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.09.04 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012.09.04 22:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2012.09.04 22:48:11 | 000,000,000 | ---D | C] -- C:\audiograbber
[2012.09.04 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Avira
[2012.09.04 22:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.04 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.09.04 22:39:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.04 22:39:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.04 22:39:52 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.04 22:39:52 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.04 22:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.04 22:39:51 | 000,000,000 | ---D | C] -- C:\Avira
[2012.09.04 22:19:53 | 000,000,000 | ---D | C] -- C:\burn
[2012.09.04 22:16:26 | 000,029,760 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETTBOH_305.SYS
[2012.09.04 21:41:52 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.04 21:40:34 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Mozilla
[2012.09.04 21:40:34 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Mozilla
[2012.09.04 21:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.04 21:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.04 21:40:29 | 000,000,000 | ---D | C] -- C:\Mozilla Firefox
[2012.09.04 20:36:01 | 000,000,000 | ---D | C] -- C:\World of Warcraft
[2012.09.04 20:24:29 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Splashtop
[2012.09.04 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\ATI
[2012.09.04 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\ATI
[2012.09.04 20:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2012.09.04 20:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.09.04 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012.09.04 20:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012.09.04 20:06:41 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2012.09.04 20:05:59 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft Web Folders
[2012.09.04 20:05:59 | 000,000,000 | ---D | C] -- C:\Microsoft Office
[2012.09.04 19:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.09.04 19:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\NeroInstall.bak
[2012.09.04 19:20:29 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Ahead
[2012.09.04 19:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.04 19:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012.09.04 19:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2012.09.04 18:59:45 | 000,017,264 | ---- | C] (ProDyne) -- C:\Windows\suecmdial.dll
[2012.09.04 18:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.09.04 18:51:28 | 000,000,000 | ---D | C] -- C:\ATI Technologies
[2012.09.04 18:50:08 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.04 18:32:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.09.04 18:31:50 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.09.04 18:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2012.09.04 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Adobe
[2012.09.04 18:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.09.04 18:17:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2012.09.04 18:17:31 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\DeviceVm
[2012.09.04 18:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.09.04 18:17:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso
[2012.09.04 18:17:10 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Cyberlink
[2012.09.04 18:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.09.04 18:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.09.04 18:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012.09.04 18:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012.09.04 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Macromedia
[2012.09.04 18:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.09.04 18:14:55 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Adobe
[2012.09.04 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.04 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.04 18:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.09.04 18:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
[2012.09.04 18:10:41 | 001,156,992 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed.sys
[2012.09.04 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\cFos
[2012.09.04 18:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2012.09.04 18:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012.09.04 18:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2012.09.04 18:09:52 | 000,014,656 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2012.09.04 18:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2012.09.04 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\XFastUSB
[2012.09.04 18:09:30 | 000,029,992 | ---- | C] (ASRock Inc.) -- C:\Windows\System32\drivers\AsrRamDisk.sys
[2012.09.04 18:09:23 | 000,015,656 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\AsrAppCharger.sys
[2012.09.04 18:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2012.09.04 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2012.09.04 18:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.09.04 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\ASM106xSATA
[2012.09.04 18:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2012.09.04 18:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.09.04 18:04:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.09.04 18:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2012.09.04 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Intel Corporation
[2012.09.04 18:00:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.09.04 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\InstallShield
[2012.09.04 17:58:02 | 000,363,112 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2012.09.04 17:57:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.09.04 17:56:25 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012.09.04 17:56:24 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012.09.04 17:56:24 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012.09.04 17:56:24 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012.09.04 17:56:24 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012.09.04 17:56:23 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012.09.04 17:56:23 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012.09.04 17:56:23 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012.09.04 17:56:23 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012.09.04 17:56:23 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012.09.04 17:56:23 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012.09.04 17:56:22 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012.09.04 17:56:22 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012.09.04 17:56:22 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012.09.04 17:56:21 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012.09.04 17:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.09.04 17:56:18 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012.09.04 17:56:18 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.09.04 17:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012.09.04 17:51:15 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012.09.04 17:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.09.04 17:51:09 | 000,000,000 | ---D | C] -- C:\Intel
[2012.09.04 17:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Alice
[2012.09.04 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice
[2012.09.04 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alice
[2012.09.04 17:40:24 | 000,000,000 | R--D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.09.04 17:40:24 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Searches
[2012.09.04 17:40:24 | 000,000,000 | R--D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.09.04 17:40:18 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Roaming\Identities
[2012.09.04 17:40:17 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Contacts
[2012.09.04 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\VirtualStore
[2012.09.04 17:40:15 | 000,000,000 | --SD | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Videos
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Saved Games
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Pictures
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Music
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Links
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Favorites
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Downloads
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Documents
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\Desktop
[2012.09.04 17:40:15 | 000,000,000 | R--D | C] -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Vorlagen
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\AppData\Local\Verlauf
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\AppData\Local\Temporary Internet Files
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Startmenü
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\SendTo
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Recent
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Netzwerkumgebung
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Lokale Einstellungen
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Documents\Eigene Videos
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Documents\Eigene Musik
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Eigene Dateien
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Documents\Eigene Bilder
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Druckumgebung
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Cookies
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\AppData\Local\Anwendungsdaten
[2012.09.04 17:40:15 | 000,000,000 | -HSD | C] -- C:\Users\ICrane\Anwendungsdaten
[2012.09.04 17:40:15 | 000,000,000 | -H-D | C] -- C:\Users\ICrane\AppData
[2012.09.04 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Temp
[2012.09.04 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\ICrane\AppData\Local\Microsoft
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.09.04 17:38:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.09.04 17:34:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.09.04 17:33:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012.09.04 17:33:28 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012.09.04 17:32:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.09.04 17:32:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ==========
[2012.09.30 11:59:46 | 000,000,000 | ---- | M] () -- C:\Users\ICrane\defogger_reenable
[2012.09.30 11:53:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 11:50:31 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 11:50:30 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 11:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 11:50:11 | 3737,800,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.22 22:04:44 | 001,771,994 | ---- | M] () -- C:\Users\ICrane\Documents\S7300826.JPG
[2012.09.22 22:00:39 | 001,781,295 | ---- | M] () -- C:\Users\ICrane\Documents\S7302235.JPG
[2012.09.22 21:58:41 | 002,209,846 | ---- | M] () -- C:\Users\ICrane\Documents\HYBI_001.jpg
[2012.09.22 21:57:45 | 001,825,777 | ---- | M] () -- C:\Users\ICrane\Documents\S7301783.JPG
[2012.09.22 21:56:32 | 001,781,223 | ---- | M] () -- C:\Users\ICrane\Documents\S7301592.JPG
[2012.09.22 21:38:11 | 000,010,752 | ---- | M] () -- C:\Users\ICrane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.22 21:38:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.20 20:29:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 20:29:04 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 20:29:04 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 20:29:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.20 20:27:43 | 000,029,760 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETTBOH_305.SYS
[2012.09.20 19:35:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.09.14 20:13:36 | 000,662,845 | ---- | M] () -- C:\Users\ICrane\Documents\DSCF2425.JPG
[2012.09.14 19:39:22 | 000,000,195 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.09.14 19:39:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2012.09.14 00:09:45 | 000,310,016 | ---- | M] () -- C:\Users\ICrane\Documents\170353.jpg
[2012.09.13 23:49:42 | 000,735,861 | ---- | M] () -- C:\Users\ICrane\Documents\nevial_amade.jpg
[2012.09.13 23:37:09 | 000,065,794 | ---- | M] () -- C:\Users\ICrane\Documents\alantie_intimes_tatoo copy.jpg
[2012.09.12 00:10:39 | 000,160,353 | ---- | M] () -- C:\Windows\hpoins15.dat
[2012.09.12 00:07:33 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.09.09 12:00:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.09.05 23:11:37 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.05 23:11:37 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.05 01:05:12 | 000,247,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.05 00:18:41 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.09.05 00:18:41 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.09.05 00:18:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.09.05 00:11:12 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.05 00:10:09 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.09.04 23:25:03 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012.09.04 23:24:22 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012.09.04 23:19:26 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.09.04 23:03:48 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012.09.04 22:59:46 | 000,001,024 | ---- | M] () -- C:\Users\ICrane\.rnd
[2012.09.04 22:48:12 | 000,000,598 | ---- | M] () -- C:\Users\ICrane\Desktop\Audiograbber.lnk
[2012.09.04 20:15:03 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012.09.04 20:13:21 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012.09.04 20:13:20 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2012.09.04 20:07:23 | 000,000,403 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.09.04 20:07:08 | 000,001,657 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.09.04 19:58:38 | 018,743,296 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.09.04 19:58:38 | 000,393,216 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.09.04 19:58:38 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.09.04 18:59:45 | 000,001,804 | ---- | M] () -- C:\Users\ICrane\Desktop\Verbinden mit Alice.lnk
[2012.09.04 18:55:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.09.04 18:31:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012.09.04 18:22:39 | 000,000,680 | ---- | M] () -- C:\Users\ICrane\AppData\Local\d3d9caps.dat
[2012.09.04 18:10:54 | 000,000,003 | ---- | M] () -- C:\Users\ICrane\AppData\Local\user_data.ini
[2012.09.04 18:09:52 | 000,014,656 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\System32\drivers\FNETURPX.SYS
[2012.09.04 17:34:57 | 000,054,990 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ==========
[2012.09.30 11:59:46 | 000,000,000 | ---- | C] () -- C:\Users\ICrane\defogger_reenable
[2012.09.22 22:04:06 | 001,771,994 | ---- | C] () -- C:\Users\ICrane\Documents\S7300826.JPG
[2012.09.22 21:59:52 | 001,781,295 | ---- | C] () -- C:\Users\ICrane\Documents\S7302235.JPG
[2012.09.22 21:57:59 | 002,209,846 | ---- | C] () -- C:\Users\ICrane\Documents\HYBI_001.jpg
[2012.09.22 21:57:06 | 001,825,777 | ---- | C] () -- C:\Users\ICrane\Documents\S7301783.JPG
[2012.09.22 21:55:53 | 001,781,223 | ---- | C] () -- C:\Users\ICrane\Documents\S7301592.JPG
[2012.09.20 19:35:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.09.14 20:13:29 | 000,662,845 | ---- | C] () -- C:\Users\ICrane\Documents\DSCF2425.JPG
[2012.09.14 19:38:53 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2012.09.14 19:37:55 | 000,057,508 | ---- | C] () -- C:\Windows\WR_SpeakerEQ.cfg
[2012.09.14 00:09:24 | 000,310,016 | ---- | C] () -- C:\Users\ICrane\Documents\170353.jpg
[2012.09.13 23:49:13 | 000,735,861 | ---- | C] () -- C:\Users\ICrane\Documents\nevial_amade.jpg
[2012.09.13 23:36:54 | 000,065,794 | ---- | C] () -- C:\Users\ICrane\Documents\alantie_intimes_tatoo copy.jpg
[2012.09.12 22:33:32 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.12 00:08:24 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.09.12 00:07:33 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.09.11 23:59:57 | 000,160,353 | ---- | C] () -- C:\Windows\hpoins15.dat
[2012.09.09 12:00:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.09.05 00:18:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.09.05 00:12:16 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.09.05 00:12:16 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.09.05 00:12:16 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012.09.05 00:11:12 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.05 00:10:09 | 000,000,713 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.09.04 23:37:55 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.09.04 23:37:54 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.09.04 23:37:54 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012.09.04 23:37:48 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.09.04 23:37:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.09.04 23:37:44 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.09.04 23:37:15 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.09.04 23:37:12 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.09.04 23:37:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.09.04 23:37:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.09.04 23:37:05 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.09.04 23:37:05 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012.09.04 23:37:04 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.09.04 23:12:39 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2012.09.04 23:12:19 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2012.09.04 23:11:59 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2012.09.04 23:11:58 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2012.09.04 23:05:23 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.09.04 23:03:48 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012.09.04 22:59:55 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2012.09.04 22:48:12 | 000,000,598 | ---- | C] () -- C:\Users\ICrane\Desktop\Audiograbber.lnk
[2012.09.04 22:44:59 | 000,010,752 | ---- | C] () -- C:\Users\ICrane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.04 22:44:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.09.04 22:44:40 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl
[2012.09.04 20:15:03 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012.09.04 20:13:21 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.09.04 20:13:20 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2012.09.04 20:07:23 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.09.04 20:07:08 | 000,002,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012.09.04 20:07:08 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012.09.04 20:07:08 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012.09.04 20:07:08 | 000,001,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.09.04 19:29:17 | 000,393,216 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.09.04 19:29:17 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.09.04 19:29:16 | 018,743,296 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.09.04 19:19:37 | 000,001,024 | ---- | C] () -- C:\Users\ICrane\.rnd
[2012.09.04 18:59:45 | 000,001,804 | ---- | C] () -- C:\Users\ICrane\Desktop\Verbinden mit Alice.lnk
[2012.09.04 18:55:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.04 18:55:04 | 3737,800,704 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.04 18:31:50 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2012.09.04 18:31:50 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2012.09.04 18:16:06 | 000,007,195 | ---- | C] () -- C:\Windows\System32\THXCfgUninstall32.ini
[2012.09.04 18:16:05 | 000,006,925 | ---- | C] () -- C:\Windows\System32\THXCfg32.ini
[2012.09.04 18:16:05 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.09.04 18:16:05 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.09.04 18:16:04 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.09.04 18:16:01 | 000,190,464 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012.09.04 18:16:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012.09.04 18:16:01 | 000,000,195 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012.09.04 18:15:12 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012.09.04 18:14:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.09.04 18:10:54 | 000,000,003 | ---- | C] () -- C:\Users\ICrane\AppData\Local\user_data.ini
[2012.09.04 18:05:08 | 000,015,128 | R--- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.09.04 17:58:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.09.04 17:56:24 | 002,261,764 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2012.09.04 17:56:23 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.09.04 17:40:25 | 000,000,949 | ---- | C] () -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.04 17:40:24 | 000,000,944 | ---- | C] () -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.09.04 17:40:17 | 000,000,915 | ---- | C] () -- C:\Users\ICrane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.09.04 17:40:15 | 000,000,680 | ---- | C] () -- C:\Users\ICrane\AppData\Local\d3d9caps.dat
[2012.09.04 17:34:55 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.04.06 03:09:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.02.02 22:08:06 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat ========== ZeroAccess Check ==========
[2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.09.30 11:51:14 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2778677423-2941187130-1086554896-1000\$feb2c4e74dcda61bc3681212321e92a5\n. -- File not found
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$feb2c4e74dcda61bc3681212321e92a5\n. -- File not found
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both ========== LOP Check ==========
[2012.09.04 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\ICrane\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.04 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\ICrane\AppData\Roaming\DeviceVm
[2012.09.06 16:37:36 | 000,000,000 | ---D | M] -- C:\Users\ICrane\AppData\Roaming\ICQ
[2012.09.04 21:04:42 | 000,000,000 | ---D | M] -- C:\Users\ICrane\AppData\Roaming\Splashtop ========== Purity Check ==========
< End of report >
| Zitat:
OTL Extras logfile created on: 30.09.2012 12:01:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ICrane\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,48 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,85% Memory free
7,14 Gb Paging File | 5,81 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 776,37 Gb Free Space | 83,35% Space Free | Partition Type: NTFS
Drive D: | 306,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ICRANE-PC | User Name: ICrane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2778677423-2941187130-1086554896-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{51A66ED3-200E-4147-8D1E-E8D30936FD26}" = Intel® Trusted Connect Service Client
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{63F9D765-E8DE-D921-1C6A-DF17C1DFDDA1}" = ccc-utility
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C9FFC925-E27E-436E-A2DF-652324D51031}" = Nero 8 Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E010C6F5-3EE2-4293-A461-0FFCF4CF01A5}" = Sound Blaster World of Warcraft Wireless Headset
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alice" = Alice-Installationsdateien entfernen
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.191
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SysInfo" = Creative Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.0
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XFast LAN" = XFast LAN v6.61
"XFastUSB" = XFastUSB ========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.09.2012 04:40:04 | Computer Name = ICrane-PC | Source = VSS | ID = 12289
Description =
Error - 30.09.2012 05:02:10 | Computer Name = ICrane-PC | Source = VSS | ID = 8194
Description =
Error - 30.09.2012 05:02:10 | Computer Name = ICrane-PC | Source = VSS | ID = 12289
Description =
Error - 30.09.2012 05:02:18 | Computer Name = ICrane-PC | Source = VSS | ID = 12289
Description =
Error - 30.09.2012 05:07:35 | Computer Name = ICrane-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1060 Anfangszeit: 01cd9eeabdbd4f15 Zeitpunkt
der Beendigung: 0
Error - 30.09.2012 05:09:23 | Computer Name = ICrane-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: b60 Anfangszeit: 01cd9eeb0e45b3f5 Zeitpunkt
der Beendigung: 15
Error - 30.09.2012 05:09:59 | Computer Name = ICrane-PC | Source = Application Hang | ID = 1002
Description = Programm AliceCnn.exe, Version 3.0.1.9 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 5b0 Anfangszeit: 01cd9ee55873c805 Zeitpunkt der Beendigung:
0
Error - 30.09.2012 05:10:09 | Computer Name = ICrane-PC | Source = RasClient | ID = 20227
Description =
Error - 30.09.2012 05:10:18 | Computer Name = ICrane-PC | Source = RasClient | ID = 20227
Description =
Error - 30.09.2012 05:13:16 | Computer Name = ICrane-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 04.09.2012 14:28:36 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.09.2012 14:28:36 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 04.09.2012 14:28:53 | Computer Name = ICrane-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
| Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-30 12:22:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000DM rev.1AJ1
Running: rn26jvy3.exe; Driver: C:\Users\ICrane\AppData\Local\Temp\awdiqpow.sys
---- System - GMER 1.0.15 ----
SSDT 8CD888EE ZwCreateSection
SSDT 8CD888F8 ZwRequestWaitReplyPort
SSDT 8CD888F3 ZwSetContextThread
SSDT 8CD888FD ZwSetSecurityObject
SSDT 8CD88902 ZwSystemDebugControl
SSDT 8CD8888F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822F38D8 4 Bytes [EE, 88, D8, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 822F3BFC 4 Bytes [F8, 88, D8, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 822F3C30 4 Bytes [F3, 88, D8, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822F3C94 4 Bytes [FD, 88, D8, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 822F3CDC 4 Bytes [02, 89, D8, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE07000, 0x147F58, 0xE8000020]
init C:\Windows\system32\drivers\MBfilt32.sys entry point in "init" section [0x91367090]
init C:\Windows\system32\drivers\WRfiltv.sys entry point in "init" section [0x920DB090]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] kernel32.dll!CreateThread 7791CB2E 5 Bytes JMP 71A575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!SetWindowsHookExW 779E87AD 5 Bytes JMP 71A925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!CallNextHookEx 779E8E3B 5 Bytes JMP 71AB7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!UnhookWindowsHookEx 779E98DB 5 Bytes JMP 71ADED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!EnableWindow 779ECD8B 5 Bytes JMP 71A99EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DefWindowProcA 779EDB88 7 Bytes JMP 71A5980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!CreateWindowExA 779EDC2A 5 Bytes JMP 71A63643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!CreateWindowExW 779F1305 5 Bytes JMP 71AC03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DefWindowProcW 77A003B4 7 Bytes JMP 71AB8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxParamW 77A110B0 5 Bytes JMP 719F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxIndirectParamW 77A12EF5 5 Bytes JMP 71BE902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxParamA 77A28152 5 Bytes JMP 71BE8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!DialogBoxIndirectParamA 77A2847D 5 Bytes JMP 71BE9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxIndirectA 77A3D4D9 5 Bytes JMP 71BE8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxIndirectW 77A3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxIndirectW 77A3D5D3 5 Bytes JMP 71BE8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxExA 77A3D639 5 Bytes JMP 71BE8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] USER32.dll!MessageBoxExW 77A3D65D 5 Bytes JMP 71BE8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1228] ole32.dll!OleLoadFromStream 77511E80 5 Bytes JMP 71BE97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] kernel32.dll!CreateThread 7791CB2E 5 Bytes JMP 71A575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!SetWindowsHookExW 779E87AD 5 Bytes JMP 71A925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!CallNextHookEx 779E8E3B 5 Bytes JMP 71AB7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!UnhookWindowsHookEx 779E98DB 5 Bytes JMP 71ADED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!EnableWindow 779ECD8B 5 Bytes JMP 71A99EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DefWindowProcA 779EDB88 7 Bytes JMP 71A5980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!CreateWindowExA 779EDC2A 5 Bytes JMP 71A63643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!CreateWindowExW 779F1305 5 Bytes JMP 71AC03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DefWindowProcW 77A003B4 7 Bytes JMP 71AB8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DialogBoxParamW 77A110B0 5 Bytes JMP 719F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamW 77A12EF5 5 Bytes JMP 71BE902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DialogBoxParamA 77A28152 5 Bytes JMP 71BE8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!DialogBoxIndirectParamA 77A2847D 5 Bytes JMP 71BE9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!MessageBoxIndirectA 77A3D4D9 5 Bytes JMP 71BE8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!MessageBoxIndirectW 77A3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!MessageBoxIndirectW 77A3D5D3 5 Bytes JMP 71BE8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!MessageBoxExA 77A3D639 5 Bytes JMP 71BE8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] USER32.dll!MessageBoxExW 77A3D65D 5 Bytes JMP 71BE8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1864] ole32.dll!OleLoadFromStream 77511E80 5 Bytes JMP 71BE97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] kernel32.dll!CreateThread 7791CB2E 5 Bytes JMP 71A575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!SetWindowsHookExW 779E87AD 5 Bytes JMP 71A925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!CallNextHookEx 779E8E3B 5 Bytes JMP 71AB7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!UnhookWindowsHookEx 779E98DB 5 Bytes JMP 71ADED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!EnableWindow 779ECD8B 5 Bytes JMP 71A99EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DefWindowProcA 779EDB88 7 Bytes JMP 71A5980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!CreateWindowExA 779EDC2A 5 Bytes JMP 71A63643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!CreateWindowExW 779F1305 5 Bytes JMP 71AC03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DefWindowProcW 77A003B4 7 Bytes JMP 71AB8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DialogBoxParamW 77A110B0 5 Bytes JMP 719F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DialogBoxIndirectParamW 77A12EF5 5 Bytes JMP 71BE902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DialogBoxParamA 77A28152 5 Bytes JMP 71BE8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!DialogBoxIndirectParamA 77A2847D 5 Bytes JMP 71BE9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!MessageBoxIndirectA 77A3D4D9 5 Bytes JMP 71BE8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!MessageBoxIndirectW 77A3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!MessageBoxIndirectW 77A3D5D3 5 Bytes JMP 71BE8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!MessageBoxExA 77A3D639 5 Bytes JMP 71BE8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] USER32.dll!MessageBoxExW 77A3D65D 5 Bytes JMP 71BE8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2960] ole32.dll!OleLoadFromStream 77511E80 5 Bytes JMP 71BE97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!EnableWindow 779ECD8B 5 Bytes JMP 71A99EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxParamW 77A110B0 5 Bytes JMP 719F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxIndirectParamW 77A12EF5 5 Bytes JMP 71BE902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxParamA 77A28152 5 Bytes JMP 71BE8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!DialogBoxIndirectParamA 77A2847D 5 Bytes JMP 71BE9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxIndirectA 77A3D4D9 5 Bytes JMP 71BE8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxIndirectW 77A3D5D3 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxIndirectW 77A3D5D3 5 Bytes JMP 71BE8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxExA 77A3D639 5 Bytes JMP 71BE8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!MessageBoxExW 77A3D65D 5 Bytes JMP 71BE8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\y (*** hidden *** ) @ C:\Windows\Explorer.EXE [380] 0x03870000
Library c:\windows\system32\y (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1140] 0x00A40000
---- EOF - GMER 1.0.15 ----
| |