|
Log-Analyse und Auswertung: GEMA 100 € Virus - brauche nun ein Script..Vielen Dank!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.02.2012, 02:03 | #1 |
| GEMA 100 € Virus - brauche nun ein Script..Vielen Dank! Huhu...habe auch den GEMA Virus....habe OTLPE CD schon gebrannt und durchlaufen lassen....habe selber mir die OTL Log schon angesehen und "da wo ich denke wo Fehler sind" schon rot fett kursiv unterstrichen markiert. Ich hoffe auf ein Skript was mir hilft....Vielen Dank Neuer Edit: Habe diese Datei "in Rot" Per Hand gelöscht...nun kam auch die GEMA Sperrung nciht mehr...dafür geht aber zur Zeit kein msconfig oder der task manager.!.......... Neuer Edit: So habe auch schon was gefunden....und zwar habe ich ein Programm das heisst autoruns von sysinternals...hier hat er mir aufgezeigt das in der registry der taskmanager der regedit und msconfig der autorun auf disabled im ordner autoruns disabled (siehe HLM/SOFTWARE/Microsoft/Windows NT/CurrentVerison/Image File Execution Options/ Autorunsdisabled) gesetzt wurde...habe die werte gelöscht und msconfig taskmanager und regedit laufen wieder Vielleicht hilft euch das ja auch weiter Gruß Fragstuff [QUOTE]OTl Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/28/2012 1:22:47 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78.13 Gb Total Space | 45.94 Gb Free Space | 58.80% Space Free | Partition Type: NTFS Drive D: | 53.71 Gb Total Space | 10.60 Gb Free Space | 19.74% Space Free | Partition Type: NTFS Drive E: | 54.46 Gb Total Space | 16.87 Gb Free Space | 30.98% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - [2012/02/07 07:18:28 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/03/16 05:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/02/10 06:02:28 | 000,385,240 | R--- | M] (cFos Software GmbH) [Auto] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2008/04/13 23:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 23:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 23:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/01/31 11:29:34 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/05/12 21:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/05/12 21:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/05/12 21:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/10/20 08:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010/05/10 04:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009/03/18 11:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009/02/10 06:02:34 | 000,787,672 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed) DRV - [2006/11/16 01:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/08/22 08:36:58 | 000,035,712 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2004/08/13 11:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Fragstuff_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Fragstuff_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Fragstuff\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012/02/04 17:10:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012/01/08 18:11:41 | 000,000,000 | ---D | M] [2011/11/22 19:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fragstuff\Application Data\Mozilla\Extensions [2011/11/22 18:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fragstuff\Application Data\Mozilla\Firefox\Profiles\kdf2pprs.default\extensions [2012/01/08 18:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/11/22 19:22:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/02/04 17:10:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/22 19:22:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/01/08 18:11:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/01/08 18:11:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/01/12 20:55:32 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe () O4 - HKU\.DEFAULT..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (dgelwin ) O4 - HKU\Fragstuff_ON_C..\Run: [Steam] File not found O4 - HKU\LocalService_ON_C..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (dgelwin ) O4 - HKU\NetworkService_ON_C..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (dgelwin ) O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation) F3 - HKU\Fragstuff_ON_C WinNT: Load - (E:\DOCUME~1\FRAGST~1\LOCALS~1\Temp\0D68D5C02006E772A4AC.exe) - File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 59250 = E:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmn.com (The cURL library) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\Fragstuff_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\Fragstuff_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\7D0A839E2006E772D922.exe) - File not found O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll () O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll () O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/27 17:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings [2012/02/27 17:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\kodak [2012/02/27 10:23:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fragstuff\Recent [2012/02/27 07:15:36 | 000,000,000 | ---D | C] -- C:\löschen [2012/02/26 19:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\BigHugeEngine [2012/02/26 18:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\My Documents\Remedy [2012/02/26 18:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\SKIDROW [2012/02/26 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games [2012/02/26 15:06:04 | 000,000,000 | ---D | C] -- C:\Externe Festplatte BAckup [2012/02/26 14:40:42 | 000,000,000 | ---D | C] -- C:\Games [2012/02/26 09:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\Google [2012/02/26 09:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/02/26 07:10:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2012/02/26 05:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\BigHugeEngine [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2012/02/26 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2012/02/26 05:13:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/02/25 20:59:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2012/02/25 20:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2012/02/25 20:59:08 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2012/02/25 20:59:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll [2012/02/25 20:58:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys [2012/02/25 20:58:54 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe [2012/02/25 20:58:44 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll [2012/02/25 20:58:44 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll [2012/02/25 20:58:44 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2012/02/25 20:58:44 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll [2012/02/25 20:58:44 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll [2012/02/25 20:58:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2012/02/25 20:58:44 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2012/02/25 20:58:44 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2012/02/25 20:58:44 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2012/02/25 20:58:43 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll [2012/02/25 20:58:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2012/02/25 20:58:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe [2012/02/25 20:58:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2012/02/25 20:58:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2012/02/25 20:58:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2012/02/25 20:58:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2012/02/25 20:58:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2012/02/25 20:58:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2012/02/25 20:58:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2012/02/25 20:58:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2012/02/25 20:58:41 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2012/02/25 20:58:41 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2012/02/25 20:58:41 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2012/02/25 20:58:41 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2012/02/25 20:58:41 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2012/02/25 20:58:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2012/02/25 20:58:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2012/02/25 20:58:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2012/02/25 20:58:40 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2012/02/25 20:58:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2012/02/25 20:58:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2012/02/25 20:58:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2012/02/25 20:58:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2012/02/25 20:58:37 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2012/02/25 20:58:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2012/02/25 20:58:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2012/02/25 20:58:37 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll [2012/02/25 20:58:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2012/02/25 20:58:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2012/02/25 20:58:36 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2012/02/25 20:58:36 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2012/02/25 20:58:36 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2012/02/25 20:58:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2012/02/25 20:58:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2012/02/25 20:58:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2012/02/25 20:58:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2012/02/25 20:58:34 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2012/02/25 20:58:34 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2012/02/25 20:58:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2012/02/25 20:58:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2012/02/25 20:58:34 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2012/02/25 20:58:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2012/02/25 20:58:33 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll [2012/02/25 20:58:33 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll [2012/02/25 20:58:33 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll [2012/02/25 20:58:33 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe [2012/02/25 20:58:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2012/02/25 20:58:33 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe [2012/02/25 20:58:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2012/02/25 20:58:32 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2012/02/25 20:58:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe [2012/02/25 20:58:30 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2012/02/25 20:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2012/02/25 20:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2012/02/25 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\msn [2012/02/25 20:58:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2012/02/25 20:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2012/02/25 20:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2012/02/25 20:51:14 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2012/02/25 20:51:14 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2012/02/25 20:51:14 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2012/02/25 20:51:14 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2012/02/25 20:51:14 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2012/02/25 20:51:14 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2012/02/25 20:51:13 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2012/02/25 20:51:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2012/02/25 20:51:13 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2012/02/25 20:51:13 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2012/02/25 20:51:13 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2012/02/25 20:51:13 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2012/02/25 20:51:12 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2012/02/25 20:51:12 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2012/02/25 20:51:12 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2012/02/25 20:51:12 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2012/02/25 20:51:12 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2012/02/25 20:51:12 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2012/02/25 20:51:12 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2012/02/25 20:51:12 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2012/02/25 20:51:12 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2012/02/25 20:51:12 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2012/02/25 20:51:12 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2012/02/25 20:51:11 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2012/02/25 20:51:11 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2012/02/25 20:51:11 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2012/02/25 20:51:11 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2012/02/25 20:51:11 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2012/02/25 20:51:11 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2012/02/25 20:51:11 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2012/02/25 20:51:11 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2012/02/25 20:51:11 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2012/02/25 20:51:11 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2012/02/25 20:51:10 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2012/02/25 20:51:10 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2012/02/25 20:51:10 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2012/02/25 20:51:08 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2012/02/25 20:51:08 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2012/02/25 20:51:08 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2012/02/25 20:51:08 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2012/02/25 20:51:08 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2012/02/25 20:51:08 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2012/02/25 20:51:08 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2012/02/25 20:51:08 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2012/02/25 20:51:07 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2012/02/25 20:51:07 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2012/02/25 20:51:07 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2012/02/25 20:51:07 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2012/02/25 20:51:07 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2012/02/25 20:51:07 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2012/02/25 20:51:06 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2012/02/25 20:51:06 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2012/02/25 20:51:06 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2012/02/25 20:51:05 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2012/02/25 20:51:05 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2012/02/25 20:51:05 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2012/02/25 20:51:05 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2012/02/25 20:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2012/02/25 20:43:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2012/02/24 19:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\Basilisk Games [2012/02/24 19:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eschalon Book II [2012/02/21 16:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\RotMG.Production [2012/02/18 05:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\AIDA32 - Enterprise System Information [2012/02/18 05:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIDA32 - Enterprise System Information [2012/02/16 06:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\.Nitrous [2012/02/16 06:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Desktop\Minecraft Mod [2012/02/15 18:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\AirMouse [2012/02/15 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Air Mouse [2012/02/15 18:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Air Mouse [2012/02/15 18:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\Downloaded Installations [2012/02/14 08:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Desktop\Mazes [2012/02/13 10:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\gtk-2.0 [2012/02/13 10:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\.thumbnails [2012/02/13 10:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\.gimp-2.6 [2012/02/13 10:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\My Documents\gegl-0.0 [2012/02/13 10:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2012/02/12 13:48:29 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys [2012/02/12 13:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012/02/12 13:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi [2012/02/12 13:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\LogMeIn Hamachi [2012/02/12 13:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi [2012/02/12 13:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Desktop\Minecraft Bukkit Server 1.1 [2012/02/12 13:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Desktop\Strassennamen [2012/01/31 11:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\Skyrim [2012/01/31 11:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Razor 1911 [2012/01/31 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite [2012/01/31 11:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012/01/30 17:32:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller [2012/01/30 17:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\Origin [2012/01/30 17:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fragstuff\Application Data\Origin [2012/01/30 17:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin [2012/01/30 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin [2012/01/30 17:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2012/01/30 17:11:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ [2012/01/30 17:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2012/01/29 17:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Fragstuff\*.tmp files -> C:\Documents and Settings\Fragstuff\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/27 18:28:44 | 000,544,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/02/27 18:28:44 | 000,101,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/02/27 18:24:33 | 000,183,009 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012/02/27 18:24:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/27 17:50:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/27 17:34:42 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Syndicate.lnk [2012/02/27 17:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games [2012/02/27 17:30:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/02/27 16:30:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-1482476501-2147137731-1003UA.job [2012/02/27 07:30:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-839522115-1482476501-2147137731-1003Core.job [2012/02/26 15:38:31 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kingdoms of Amalur Reckoning.lnk [2012/02/26 15:22:20 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/26 12:12:26 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/02/26 05:47:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/26 05:13:24 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2012/02/26 05:12:45 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/02/25 21:05:03 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Desktop\shutdown.exe.lnk [2012/02/25 20:59:25 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories [2012/02/25 20:50:45 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/02/24 19:57:26 | 000,000,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Eschalon Book II.lnk [2012/02/24 19:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Eschalon Book II [2012/02/24 18:26:14 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Desktop\Unepic.lnk [2012/02/24 07:19:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Desktop\Minecraft Server starten.bat.lnk [2012/02/23 13:44:58 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh324 [2012/02/18 05:53:06 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Desktop\AIDA32.lnk [2012/02/18 05:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AIDA32 - Enterprise System Information [2012/02/16 18:32:29 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Fragstuff\Desktop\Shortcut to .minecraft.lnk [2012/02/16 18:11:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/02/16 06:02:52 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2012/02/15 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Air Mouse [2012/02/13 10:31:42 | 000,001,471 | ---- | M] () -- C:\Documents and Settings\Fragstuff\.recently-used.xbel [2012/02/12 13:48:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk [2012/02/12 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi [2012/02/02 08:37:28 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh323 [2012/02/02 07:01:48 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh320 [2012/02/02 06:56:54 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh321 [2012/02/02 06:54:18 | 001,440,054 | ---- | M] () -- C:\WINDOWS\System32\winsh322 [2012/01/31 11:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Razor 1911 [2012/01/31 11:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite [2012/01/31 11:29:34 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012/01/30 17:11:58 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk [2012/01/30 17:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Fragstuff\*.tmp files -> C:\Documents and Settings\Fragstuff\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/27 17:44:02 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh324 [2012/02/27 17:44:02 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh323 [2012/02/27 17:44:02 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh322 [2012/02/27 17:44:02 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh321 [2012/02/27 17:44:02 | 001,440,054 | ---- | C] () -- C:\WINDOWS\System32\winsh320 [2012/02/27 17:34:42 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Syndicate.lnk [2012/02/26 15:38:31 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kingdoms of Amalur Reckoning.lnk [2012/02/26 12:12:26 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/02/25 20:51:11 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2012/02/25 20:51:10 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2012/02/25 20:51:08 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2012/02/25 20:46:12 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Desktop\shutdown.exe.lnk [2012/02/24 19:57:26 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Eschalon Book II.lnk [2012/02/24 18:26:14 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Desktop\Unepic.lnk [2012/02/24 07:19:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Desktop\Minecraft Server starten.bat.lnk [2012/02/18 05:53:06 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Desktop\AIDA32.lnk [2012/02/16 18:32:28 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Desktop\Shortcut to .minecraft.lnk [2012/02/13 10:31:42 | 000,001,471 | ---- | C] () -- C:\Documents and Settings\Fragstuff\.recently-used.xbel [2012/02/12 13:47:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LogMeIn Hamachi.lnk [2012/01/30 17:11:58 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Origin.lnk [2012/01/06 08:40:23 | 000,003,039 | ---- | C] () -- C:\Documents and Settings\Fragstuff\.TransferManager.db [2011/12/26 15:25:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2011/11/30 21:41:06 | 000,099,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-839522115-1482476501-2147137731-1003-0.dat [2011/11/30 21:41:03 | 000,099,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/11/30 19:00:52 | 000,458,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/11/25 10:07:03 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/23 06:41:14 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll [2011/11/22 20:36:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2011/11/22 20:34:43 | 000,005,656 | ---- | C] () -- C:\Documents and Settings\Fragstuff\Utility.xml [2011/11/22 19:46:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011/11/22 19:19:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/11/22 19:12:38 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2011/11/22 19:12:38 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2011/11/22 19:12:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2011/11/22 19:12:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2011/11/22 19:12:28 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2011/11/22 18:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/11/22 18:52:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011/11/22 18:47:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011/11/22 18:46:41 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2011/11/22 18:46:39 | 000,002,293 | ---- | C] () -- C:\WINDOWS\mozver.dat [2011/11/22 18:42:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011/11/22 18:34:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011/11/22 18:30:05 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2011/11/22 18:29:56 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/10 16:18:00 | 000,239,496 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll [2008/10/21 23:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008/06/20 09:31:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll [2008/06/20 09:29:20 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2008/05/03 05:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/03 05:16:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/03 05:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/03 05:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/03 05:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/03 05:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/03 05:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/05/03 05:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/05/03 05:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/01/18 02:51:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\WinSys2.exe [2006/08/14 05:31:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2006/07/12 23:00:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll [2006/01/12 21:05:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/01/12 21:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006/01/12 21:01:02 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/01/12 20:59:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/01/12 20:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2006/01/12 20:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe [2006/01/12 20:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll [2006/01/12 20:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006/01/12 20:50:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/01/12 20:44:46 | 000,080,003 | ---- | C] () -- C:\WINDOWS\System32\GSpot25.dat [2006/01/12 20:44:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/01/12 20:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2006/01/12 20:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2006/01/12 20:39:44 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/01/12 20:39:43 | 000,101,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/01/12 20:39:41 | 000,544,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/01/12 20:39:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/01/12 20:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll [2006/01/12 20:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll [2006/01/12 20:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe [2006/01/12 20:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2006/01/12 20:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini [2006/01/12 20:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe [2006/01/12 20:23:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/01/12 20:15:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/01/12 20:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe [2006/01/12 20:14:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2011/11/22 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2012/01/30 17:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2011/11/22 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2012/01/30 17:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin [2011/12/17 06:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/02/27 07:30:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-1482476501-2147137731-1003Core.job [2012/02/27 16:30:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-839522115-1482476501-2147137731-1003UA.job ========== Purity Check ========== < End of report > Geändert von Fragstuff (28.02.2012 um 02:31 Uhr) Grund: Quote setzen |
28.02.2012, 11:25 | #2 |
/// Malware-holic | GEMA 100 € Virus - brauche nun ein Script..Vielen Dank! hi,
__________________O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll () C:\WINDOWS\System32\antiwpa.dll wird verwendet, um illegale windows kopieen freizuschalten, dies unterstützen wir hier nicht, da gibts hilfe beim formatieren, neu aufsetzen und pc absichern
__________________ |
Themen zu GEMA 100 € Virus - brauche nun ein Script..Vielen Dank! |
.dll, bho, bonjour, c:\windows\system32\cmd.exe, desktop, device driver, disabletaskmgr, dllcache, explorer, externe festplatte, fehler, festplatte, firefox, format, limited.com/facebook, log, logfile, nvidia, plug-in, realtek, registry, scan, server, software, temp, unterstrichen, usb, version=1.0, virus, windows, windows xp, winlogon |