| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer öffnet ständig WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.05.2011, 10:41
| #1 |
| |  Internet Explorer öffnet ständig Werbung Hallo, Ich habe schon einige Threats gelesen, aber ich komme nicht auf mein Problem. Ich habe auch schon das, was als schädlich angezeigt wird gefixed, aber das Problem bleibt erhalten. Mein HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:35:09, on 14.05.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Steam\Steam.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Megaupload\Mega Manager\MegaManager.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Windows\system32\taskeng.exe C:\Windows\Rdotya.exe C:\Users\Yannick\AppData\Local\Temp\Rcx.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Baum\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe /Tray O4 - HKCU\..\Run: [R8388QA8U8] C:\Users\Yannick\AppData\Local\Temp\Rcx.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Free YouTube Download - C:\Users\Yannick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9611 bytes Ich hoffe ihr könnt mir helfen. |
|
14.05.2011, 11:04
| #2 |
| /// Malware-holic   | Internet Explorer öffnet ständig Werbung hi, hjt wollen wir hier nicht mehr nutzen, bringt nicht viel.
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
14.05.2011, 12:46
| #3 |
| | Internet Explorer öffnet ständig Werbung OTL.txt muss ich hier posten da die zu groß ist um sie anzuhängen ... sry.OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.05.2011 12:51:40 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Yannick\Desktop\Neuer Ordner (2) Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 48,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,70 Gb Total Space | 19,80 Gb Free Space | 17,73% Space Free | Partition Type: NTFS Drive D: | 111,43 Gb Total Space | 111,31 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Computer Name: YANNICK-PC | User Name: Yannick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Yannick\Desktop\Neuer Ordner (2)\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\Yannick\AppData\Local\Temp\Rc6.exe () PRC - C:\Users\Yannick\AppData\Local\Temp\Rcx.exe () PRC - C:\Windows\Rdotya.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\RocketDock\RocketDock.exe () PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Yannick\Desktop\Neuer Ordner (2)\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FirebirdServerMAGIXInstance) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\program files\common files\akamai\netsession_win_3f211bc.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nsak) -- C:\Users\Yannick\AppData\Local\Temp\00001545.nmc\nse\bin\nsak.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (ANIO) -- C:\Windows\System32\ANIO.sys (Alpha Networks Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/?gl=DE&hl=de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: corexplayer@l39studios.de:1.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties" FF - prefs.js..browser.startup.homepage: "hxxp://www.gpotato.eu/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 14:46:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 17:57:40 | 000,000,000 | ---D | M] [2010.06.06 20:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yannick\AppData\Roaming\mozilla\Extensions [2011.04.25 20:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions [2010.07.21 21:14:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.19 22:37:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.04 16:59:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.07 14:11:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.21 16:47:54 | 000,000,000 | ---D | M] ("CoreXPlayer") -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\corexplayer@l39studios.de [2011.04.09 15:05:51 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\mail@gutscheinrausch.de [2011.03.11 23:48:21 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\personas@christopher.beard [2011.03.25 21:18:49 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Yannick\AppData\Roaming\mozilla\Firefox\Profiles\0saicai7.default\extensions\piclens@cooliris.com [2011.05.12 21:01:22 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-1.xml [2011.03.06 20:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-10.xml [2011.03.23 21:53:14 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-11.xml [2011.03.24 14:39:21 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-12.xml [2011.04.30 14:47:22 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-13.xml [2010.07.22 16:32:52 | 000,000,943 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-2.xml [2010.08.01 23:05:26 | 000,000,943 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-3.xml [2010.08.12 04:26:01 | 000,000,943 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-4.xml [2010.09.08 19:28:11 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-5.xml [2010.09.21 14:00:01 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-6.xml [2010.10.18 23:36:06 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-7.xml [2010.10.28 20:36:43 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-8.xml [2010.12.11 00:27:11 | 000,000,950 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin-9.xml [2011.03.14 18:08:40 | 000,000,168 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin.gif [2011.03.14 18:08:40 | 000,000,618 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin.src [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\icqplugin.xml [2009.11.24 14:19:33 | 000,003,915 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\searchplugins\sweetim.xml [2011.05.12 21:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.12.04 00:04:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.04 00:04:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.18 16:18:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.06 00:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.12 21:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.02.20 00:03:03 | 000,000,000 | ---D | M] (QuestBrowse) -- C:\Program Files\mozilla firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} File not found (No name found) -- () (No name found) -- C:\USERS\YANNICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SAICAI7.DEFAULT\EXTENSIONS\{40A1F5D7-AFC2-498F-B264-02668D616FF6}.XPI () (No name found) -- C:\USERS\YANNICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SAICAI7.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2011.04.30 14:46:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found O3 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited) O4 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000..\Run: [R8388QA8U8] C:\Users\Yannick\AppData\Local\Temp\Rcx.exe () O4 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O7 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Yannick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 83.169.185.97 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Yannick\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Yannick\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{84d24585-51ba-11de-9542-0019dba1cb8c}\Shell\AutoRun\command - "" = RECYCLERS\runmgr.exe O33 - MountPoints2\{84d24585-51ba-11de-9542-0019dba1cb8c}\Shell\open\command - "" = RECYCLERS\runmgr.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.14 12:48:17 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Desktop\Neuer Ordner (2) [2011.05.14 03:54:07 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 03:45:29 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.05.14 03:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Baum [2011.05.14 03:20:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.05.14 03:14:16 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Local\TechSmith [2011.05.14 03:13:54 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Documents\Camtasia Studio [2011.05.14 03:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 [2011.05.14 03:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2011.05.14 03:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared [2011.05.14 03:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2011.05.14 03:01:56 | 000,196,608 | ---- | C] (Simon Tatham) -- C:\Windows\System32\sshnas21.dll [2011.05.12 21:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.05.12 21:52:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.12 21:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.12 21:52:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.12 20:30:02 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Roaming\.minecraft [2011.05.10 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Desktop\Neuer Ordner [2011.05.05 20:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\True Blood [2011.04.30 22:59:56 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Local\PunkBuster [2011.04.30 22:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Call of Duty 4 - Modern Warfare [2011.04.28 16:01:51 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Local\MCEdit [2011.04.27 20:05:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 20:05:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 19:49:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.25 21:06:09 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Desktop\ForestMaker [2011.04.25 21:05:10 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Documents\Meine Downloads [2011.04.25 20:29:41 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Roaming\Megaupload [2011.04.25 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Megaupload [2011.04.25 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mega Manager [2011.04.23 23:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.04.23 23:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.04.23 23:15:53 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Roaming\PeerNetworking [2011.04.21 23:39:54 | 000,000,000 | ---D | C] -- C:\Users\Yannick\Documents\My Cheat Tables [2011.04.20 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\Yannick\AppData\Roaming\FreeScreenToVideo [2011.04.14 13:52:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 13:52:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 13:52:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.14 13:52:40 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 13:52:39 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 13:52:39 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 13:52:39 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 13:52:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 13:52:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 13:52:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.14 13:52:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.14 13:52:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.14 13:52:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.14 13:52:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.14 13:52:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.14 13:52:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 13:52:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 13:52:38 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.14 13:52:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.14 13:52:33 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 13:52:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 13:52:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 13:52:26 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 13:52:22 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 13:52:22 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2007.12.27 12:03:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.05.23 14:19:48 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.14 13:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{23F296AD-D5DF-4F56-B3F6-5A8BBBDD26D3}.job [2011.05.14 12:57:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC3B5929-3798-4C23-B694-410812ED8230}.job [2011.05.14 12:52:05 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.05.14 12:50:12 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.14 12:45:29 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.05.14 12:04:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.14 11:49:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.14 11:49:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.14 10:44:45 | 000,002,617 | ---- | M] () -- C:\Users\Yannick\Desktop\HiJackThis.lnk [2011.05.14 09:56:03 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.14 09:56:03 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.14 09:56:03 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.14 09:56:03 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.14 09:49:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.14 09:49:16 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.05.14 09:49:14 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2011.05.14 03:54:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 03:42:14 | 001,402,880 | ---- | M] () -- C:\Users\Yannick\Desktop\HiJackThis.msi [2011.05.14 03:16:34 | 000,049,664 | ---- | M] () -- C:\Users\Yannick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.14 03:12:07 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2011.05.14 03:01:58 | 000,152,576 | ---- | M] () -- C:\Windows\Rdotya.exe [2011.05.14 03:01:56 | 000,196,608 | ---- | M] (Simon Tatham) -- C:\Windows\System32\sshnas21.dll [2011.05.12 20:59:13 | 000,000,414 | ---- | M] () -- C:\Users\Yannick\Desktop\pedopriest.png [2011.05.12 20:49:35 | 001,153,254 | ---- | M] () -- C:\Users\Yannick\Desktop\edo7d97y.bmp [2011.05.12 20:29:31 | 000,270,142 | ---- | M] () -- C:\Users\Yannick\Desktop\Minecraft.exe [2011.05.11 21:34:23 | 000,914,841 | ---- | M] () -- C:\Users\Yannick\Desktop\mcpatcher-2.0.1.exe [2011.05.11 19:40:26 | 000,504,478 | ---- | M] () -- C:\Users\Yannick\Desktop\yoshcraft.jpg [2011.05.07 21:57:45 | 000,009,698 | ---- | M] () -- C:\Users\Yannick\Desktop\DoodlePicture2.png [2011.05.07 21:54:29 | 000,010,560 | ---- | M] () -- C:\Users\Yannick\Desktop\DoodlePicture 1.png [2011.04.30 18:23:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.04.28 16:01:53 | 000,001,888 | ---- | M] () -- C:\Users\Yannick\Desktop\MCEdit.lnk [2011.04.27 19:50:28 | 200,690,339 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.25 20:29:08 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\Mega Manager.lnk [2011.04.24 21:27:12 | 000,000,680 | ---- | M] () -- C:\Users\Yannick\AppData\Local\d3d9caps.dat [2011.04.20 00:04:12 | 018,675,146 | ---- | M] () -- C:\Users\Yannick\Documents\clip0003.avi [2011.04.19 10:45:04 | 002,012,917 | ---- | M] () -- C:\Users\Yannick\Redwood.tls [2011.04.17 21:55:58 | 000,392,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.14 03:45:29 | 000,002,617 | ---- | C] () -- C:\Users\Yannick\Desktop\HiJackThis.lnk [2011.05.14 03:42:12 | 001,402,880 | ---- | C] () -- C:\Users\Yannick\Desktop\HiJackThis.msi [2011.05.14 03:12:07 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2011.05.14 03:11:16 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.14 03:02:08 | 000,152,576 | ---- | C] () -- C:\Windows\Rdotya.exe [2011.05.14 03:02:03 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.05.14 03:02:01 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.05.12 20:59:12 | 000,000,414 | ---- | C] () -- C:\Users\Yannick\Desktop\pedopriest.png [2011.05.12 20:49:04 | 001,153,254 | ---- | C] () -- C:\Users\Yannick\Desktop\edo7d97y.bmp [2011.05.12 20:29:30 | 000,270,142 | ---- | C] () -- C:\Users\Yannick\Desktop\Minecraft.exe [2011.05.11 21:34:21 | 000,914,841 | ---- | C] () -- C:\Users\Yannick\Desktop\mcpatcher-2.0.1.exe [2011.05.11 19:38:34 | 000,504,478 | ---- | C] () -- C:\Users\Yannick\Desktop\yoshcraft.jpg [2011.05.07 21:57:45 | 000,009,698 | ---- | C] () -- C:\Users\Yannick\Desktop\DoodlePicture2.png [2011.05.07 21:54:28 | 000,010,560 | ---- | C] () -- C:\Users\Yannick\Desktop\DoodlePicture 1.png [2011.04.30 18:23:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.04.28 16:01:53 | 000,001,888 | ---- | C] () -- C:\Users\Yannick\Desktop\MCEdit.lnk [2011.04.25 20:29:08 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\Mega Manager.lnk [2011.04.20 00:04:01 | 018,675,146 | ---- | C] () -- C:\Users\Yannick\Documents\clip0003.avi [2011.04.19 10:55:10 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.19 10:45:03 | 002,012,917 | ---- | C] () -- C:\Users\Yannick\Redwood.tls [2011.03.22 15:25:17 | 000,000,646 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\.minecraft - Verknüpfung.lnk [2011.03.06 09:46:12 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2011.03.06 09:46:12 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.03.06 09:45:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.03.06 09:38:06 | 000,004,916 | ---- | C] () -- C:\ProgramData\ojobkspa.ako [2011.02.21 16:35:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.02.21 16:33:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.02.21 16:33:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.10.04 15:29:24 | 000,000,632 | ---- | C] () -- C:\Windows\Thps3.INI [2010.03.11 14:57:04 | 000,000,552 | ---- | C] () -- C:\Users\Yannick\AppData\Local\d3d8caps.dat [2009.10.21 11:22:00 | 000,312,832 | ---- | C] () -- C:\Windows\System32\drivers\yk60x86.sys [2009.10.01 20:34:12 | 000,027,892 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe3.dat [2009.10.01 20:34:11 | 000,157,763 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe1.dat [2009.10.01 20:34:11 | 000,046,342 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe2.dat [2009.10.01 20:34:10 | 000,044,756 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe0.dat [2009.07.17 10:26:02 | 000,805,469 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\NMM-MetaData.db [2009.04.17 19:01:13 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.04.17 19:01:13 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7030.DAT [2009.02.26 19:23:56 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll [2008.11.18 20:21:35 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.11.18 20:21:35 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.11.18 20:21:35 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.11.18 20:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini [2008.09.07 17:24:30 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2008.07.16 18:43:02 | 000,000,496 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe.ini [2008.07.16 18:43:02 | 000,000,000 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\Patch-Master.exe.dat [2008.04.13 10:04:47 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.16 09:55:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Autorun.ini [2008.01.18 18:47:21 | 000,031,007 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\UserTile.png [2008.01.16 22:15:51 | 000,000,784 | ---- | C] () -- C:\Users\Yannick\AppData\Roaming\wklnhst.dat [2008.01.12 21:29:12 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2008.01.12 21:18:51 | 000,000,283 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.01.02 14:45:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.29 19:28:11 | 000,049,664 | ---- | C] () -- C:\Users\Yannick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.27 12:05:05 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007.12.27 12:05:05 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2007.12.27 12:03:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.12.27 12:01:21 | 000,000,680 | ---- | C] () -- C:\Users\Yannick\AppData\Local\d3d9caps.dat [2007.05.23 21:39:26 | 000,000,689 | ---- | C] () -- C:\Windows\generic.ini [2007.05.23 21:39:26 | 000,000,109 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.23 21:39:23 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.05.23 21:39:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.23 21:39:23 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.05.23 14:19:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.05.23 13:19:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.05.23 13:19:23 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.05.23 13:12:14 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2007.05.23 13:12:12 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini [2007.05.23 13:07:36 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.05.19 00:23:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.11.16 19:21:34 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\rt73.bin [2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2011.05.13 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\.minecraft [2011.03.06 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\.Nitrous [2010.03.07 16:09:55 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Audacity [2010.06.09 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\avidemux [2011.02.20 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ClickPotatoLite [2011.03.06 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\DVDVideoSoft [2011.03.06 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.20 00:27:21 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\FreeScreenToVideo [2009.09.30 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\gtk-2.0 [2011.05.11 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ICQ [2011.01.24 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\LolEditor16 [2007.12.29 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\MAGIX [2010.04.15 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\McLoad [2011.04.25 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Megaupload [2011.03.06 09:38:10 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\MOVAVI [2009.07.17 10:26:02 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Nokia [2009.08.10 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Nokia Multimedia Player [2011.04.09 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\OpenCandy [2008.09.07 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\PC Suite [2011.04.23 23:15:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\PeerNetworking [2011.02.21 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Publish Providers [2010.03.07 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Screaming Bee [2011.02.20 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ShopperReports3 [2011.02.21 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Sony [2011.03.06 00:59:16 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Sony Creative Software Inc [2011.02.20 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Teeworlds [2008.01.16 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Template [2010.10.14 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TS3Client [2007.12.29 20:14:16 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TuneUp Software [2008.01.02 15:15:15 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TVcentral-Core [2010.06.09 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Ulead Systems [2010.06.09 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Uniblue [2008.01.02 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\VMedia [2011.05.14 03:58:19 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.14 13:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{23F296AD-D5DF-4F56-B3F6-5A8BBBDD26D3}.job [2011.05.14 12:57:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EC3B5929-3798-4C23-B694-410812ED8230}.job [2011.05.14 12:52:05 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.05.14 12:50:12 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.14 12:45:29 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.13 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\.minecraft [2011.03.06 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\.Nitrous [2008.02.02 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Adobe [2007.12.27 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\AdobeUM [2010.03.07 16:09:55 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Audacity [2010.06.09 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\avidemux [2011.03.24 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Avira [2011.02.20 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ClickPotatoLite [2008.10.17 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\CyberLink [2011.05.02 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\dvdcss [2011.03.06 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\DVDVideoSoft [2011.03.06 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.20 00:27:21 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\FreeScreenToVideo [2009.12.29 00:26:24 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Google [2009.09.30 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\gtk-2.0 [2011.05.11 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ICQ [2007.12.27 12:02:17 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Identities [2008.10.14 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\InstallShield [2011.01.24 14:45:33 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\LolEditor16 [2007.12.27 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Macromedia [2007.12.29 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\MAGIX [2010.04.15 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\McLoad [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Media Center Programs [2008.10.17 14:29:22 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Media Player Classic [2011.04.25 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Megaupload [2011.03.23 18:45:28 | 000,000,000 | --SD | M] -- C:\Users\Yannick\AppData\Roaming\Microsoft [2011.03.06 09:38:10 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\MOVAVI [2010.06.06 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Mozilla [2010.06.09 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\NCH Software [2008.09.07 16:15:51 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Nero [2009.07.17 10:26:02 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Nokia [2009.08.10 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Nokia Multimedia Player [2011.04.09 15:05:41 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\OpenCandy [2008.09.07 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\PC Suite [2011.04.23 23:15:53 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\PeerNetworking [2011.02.21 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Publish Providers [2011.03.06 09:29:06 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Real [2008.01.29 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Roxio [2010.03.07 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Screaming Bee [2011.02.20 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\ShopperReports3 [2011.05.14 12:58:13 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Skype [2011.02.21 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Sony [2011.03.06 00:59:16 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Sony Creative Software Inc [2011.02.20 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Teeworlds [2008.01.16 22:16:50 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Template [2010.10.14 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TS3Client [2007.12.29 20:14:16 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TuneUp Software [2008.01.02 15:15:15 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\TVcentral-Core [2010.06.09 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Ulead Systems [2010.06.09 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\Uniblue [2011.05.02 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\vlc [2008.10.17 12:44:06 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\vlc(55) [2008.01.02 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\VMedia [2010.01.22 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\Yannick\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2007.12.27 13:33:24 | 023,813,608 | ---- | M] ( ) -- C:\Users\Yannick\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2010.11.02 13:37:42 | 000,095,744 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\LolEditor16\LolEditor.exe [2010.10.07 14:37:08 | 000,044,544 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\LolEditor16\bin\lolmapeditor.exe [2009.04.14 14:48:19 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Yannick\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.05.14 03:45:30 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011.03.06 09:37:56 | 000,071,008 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\ARPPRODUCTICON.exe [2011.03.06 09:37:56 | 000,087,392 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe [2011.03.06 09:37:56 | 000,087,392 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe [2011.03.06 09:37:56 | 000,136,544 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe [2011.03.06 09:37:56 | 000,071,008 | R--- | M] (Acresso Software Inc.) -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe [2008.01.24 14:31:11 | 000,065,536 | R--- | M] () -- C:\Users\Yannick\AppData\Roaming\Microsoft\Installer\{9AA761E6-CA51-4FF2-A552-D51638BF0595}\_F8287203FA05_4196_A6DF_946113EFA737.exe [2011.03.23 15:33:42 | 000,425,984 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe [2011.03.23 15:33:42 | 000,546,304 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\0saicai7.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe [2010.07.29 15:33:40 | 000,294,912 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\NCH Software\Components\dcraw\dcraw.exe [2010.10.29 22:17:08 | 000,094,016 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\OpenCandy\OpenCandy_C20DAC85C7054F6F809F11D8961C1A2F\GutscheinrauschFirefox.exe [2011.04.09 15:05:42 | 000,416,160 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\OpenCandy\OpenCandy_C20DAC85C7054F6F809F11D8961C1A2F\LatestDLMgr.exe [2010.10.21 00:36:44 | 001,870,848 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\OpenCandy\OpenCandy_C20DAC85C7054F6F809F11D8961C1A2F\OpenCandyUtil.exe [2010.10.29 23:18:18 | 000,061,024 | ---- | M] () -- C:\Users\Yannick\AppData\Roaming\OpenCandy\OpenCandy_C20DAC85C7054F6F809F11D8961C1A2F\StartGutscheinrausch.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.12.19 23:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\ATI\Support\8-4_vista32-64_sb_61010\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\Support\8-4_vista32-64_sb_61010\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Users\Yannick\Documents\DriverGenius\Backup\Driver Backup 6-24-2010-18028\IDE-Kanal#1\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Users\Yannick\Documents\DriverGenius\Backup\Driver Backup 6-24-2010-18028\IDE-Kanal#2\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Users\Yannick\Documents\DriverGenius\Backup\Driver Backup 6-24-2010-18028\IDE-Kanal#3\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Users\Yannick\Documents\DriverGenius\Backup\Driver Backup 6-24-2010-18028\IDE-Kanal\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 22:38:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 22:38:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.27 14:20:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.27 14:20:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.05.23 13:03:44 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.05.23 13:03:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll [2011.02.22 08:16:39 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Yannick\Documents\My Games:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Yannick\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Yannick\Documents\CivCity Rom:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Yannick\Desktop\Acer:Roxio EMC Stream @Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
14.05.2011, 14:48
| #4 |
| /// Malware-holic | Internet Explorer öffnet ständig Werbung • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Yannick\AppData\Local\Temp\Rc6.exe () PRC - C:\Users\Yannick\AppData\Local\Temp\Rcx.exe () PRC - C:\Windows\Rdotya.exe () SRV - (FirebirdServerMAGIXInstance) -- File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found O4 - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-1223014135-2266382336-1267655671-1000..\Run: [R8388QA8U8] C:\Users\Yannick\AppData\Local\Temp\Rcx.exe () [2011.05.14 13:00:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{23F296AD-D5DF-4F56-B3F6-5A8BBBDD26D3}.job [2011.05.14 12:57:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC3B5929-3798-4C23-B694-410812ED8230}.job [2011.05.14 12:52:05 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.05.14 12:50:12 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.14 12:45:29 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.05.14 03:01:56 | 000,196,608 | ---- | M] (Simon Tatham) -- C:\Windows\System32\sshnas21.dll :Files C:\Windows\Rdotya.exe C:\Users\Yannick\AppData\Local\Temp\Rcx.exe C:\Users\Yannick\AppData\Local\Temp\Rc6.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Internet Explorer öffnet ständig Werbung |
| adobe, antivir, antivir guard, avg, avira, bho, defender, desktop, explorer, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, object, plug-in, pop-up-blocker, rundll, senden, software, system, temp, vista, werbung, windows |
Linear-Darstellung
