| |
| |||||||
Log-Analyse und Auswertung: Js/DarDuk.itWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.03.2012, 15:06
| #1 |
| |  Js/DarDuk.it Habe das Problem, das viele meiner Internet seiten nicht mehr funktionnieren nicht mehr. Im folgenden habe ich mir Avira von Chip gedownloaded und habe folgendes Ergebniss erhalthen: (Hab keinen Plan das war schon ganz schön schwer diesen report zu machen  )Avira Free Antivirus Erstellungsdatum der Reportdatei: Freitag, 2. März 2012 14:08 Es wird nach 3514412 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista x64 Windowsversion : (Service Pack 1) [6.0.6001] Boot Modus : Normal gebootet Benutzername : Jonas Computername : JONAS-PC Versionsinformationen: BUILD.DAT : 12.0.0.898 Bytes 31.01.2012 13:51:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 31.01.2012 07:55:52 AVSCAN.DLL : 12.1.0.18 65744 Bytes 31.01.2012 07:56:29 LUKE.DLL : 12.1.0.19 68304 Bytes 31.01.2012 07:56:01 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 31.01.2012 07:55:52 AVREG.DLL : 12.1.0.29 228048 Bytes 31.01.2012 07:55:51 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 07:56:15 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:56:21 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:03:02 VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 13:03:02 VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 13:03:02 VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 13:03:02 VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 13:03:03 VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 13:03:03 VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 13:03:03 VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 13:03:03 VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 13:03:03 VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 13:03:03 VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 13:03:05 VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 13:03:05 VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 13:03:05 VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 13:03:06 VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 13:03:06 VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 13:03:06 VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 13:03:06 VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 13:03:07 VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 13:03:07 VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 13:03:07 VBASE023.VDF : 7.11.24.53 2048 Bytes 28.02.2012 13:03:07 VBASE024.VDF : 7.11.24.54 2048 Bytes 28.02.2012 13:03:07 VBASE025.VDF : 7.11.24.55 2048 Bytes 28.02.2012 13:03:07 VBASE026.VDF : 7.11.24.56 2048 Bytes 28.02.2012 13:03:07 VBASE027.VDF : 7.11.24.57 2048 Bytes 28.02.2012 13:03:07 VBASE028.VDF : 7.11.24.58 2048 Bytes 28.02.2012 13:03:07 VBASE029.VDF : 7.11.24.59 2048 Bytes 28.02.2012 13:03:08 VBASE030.VDF : 7.11.24.60 2048 Bytes 28.02.2012 13:03:08 VBASE031.VDF : 7.11.24.130 110592 Bytes 02.03.2012 13:03:08 Engineversion : 8.2.10.8 AEVDF.DLL : 8.1.2.2 106868 Bytes 31.01.2012 07:55:38 AESCRIPT.DLL : 8.1.4.7 442746 Bytes 02.03.2012 13:03:12 AESCN.DLL : 8.1.8.2 131444 Bytes 02.03.2012 13:03:12 AESBX.DLL : 8.2.4.5 434549 Bytes 31.01.2012 07:55:37 AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 07:55:37 AEPACK.DLL : 8.2.16.3 799094 Bytes 02.03.2012 13:03:12 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31.01.2012 07:55:36 AEHEUR.DLL : 8.1.4.0 4436342 Bytes 02.03.2012 13:03:11 AEHELP.DLL : 8.1.19.0 254327 Bytes 02.03.2012 13:03:09 AEGEN.DLL : 8.1.5.21 409971 Bytes 02.03.2012 13:03:09 AEEXP.DLL : 8.1.0.23 70005 Bytes 02.03.2012 13:03:12 AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 07:55:34 AECORE.DLL : 8.1.25.4 201079 Bytes 02.03.2012 13:03:08 AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 07:55:33 AVWINLL.DLL : 12.1.0.17 27344 Bytes 31.01.2012 07:55:54 AVPREF.DLL : 12.1.0.17 51920 Bytes 31.01.2012 07:55:51 AVREP.DLL : 12.1.0.17 179408 Bytes 31.01.2012 07:55:51 AVARKT.DLL : 12.1.0.23 209360 Bytes 31.01.2012 07:55:46 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 31.01.2012 07:55:47 SQLITE3.DLL : 3.7.0.0 398288 Bytes 31.01.2012 07:56:07 AVSMTP.DLL : 12.1.0.17 62928 Bytes 31.01.2012 07:55:52 NETNT.DLL : 12.1.0.17 17104 Bytes 31.01.2012 07:56:02 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 31.01.2012 07:56:32 RCTEXT.DLL : 12.1.0.16 98512 Bytes 31.01.2012 07:56:32 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Jonas\AppData\Local\Temp\a3e3ad47.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Freitag, 2. März 2012 14:08 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <HP> C:\Users\Jonas\AppData\Local\Mozilla\Firefox\Profiles\l8gc8igm.default\Cache\C\27\0E594d01 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/DarDuk.IT Beginne mit der Desinfektion: C:\Users\Jonas\AppData\Local\Mozilla\Firefox\Profiles\l8gc8igm.default\Cache\C\27\0E594d01 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/DarDuk.IT [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a1d7e95.qua' verschoben! Ende des Suchlaufs: Freitag, 2. März 2012 14:52 Benötigte Zeit: 43:17 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 34454 Verzeichnisse wurden überprüft 556235 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 556234 Dateien ohne Befall 4061 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
|
02.03.2012, 16:05
| #2 |
| /// Malware-holic   | Js/DarDuk.it hi,
__________________was meinst du mit "meine seiten funktionieren nicht mehr" genau?
__________________ |
|
02.03.2012, 16:36
| #3 |
| | Js/DarDuk.it Sie laden einfach nicht.
__________________Einige aber schon z.b Seiten wie Facebook, leagueoflegends.com und viele weitere laden bei mir dann kommt eine fehlermeldung kann nicht geladen werden weil die zeit überloffen ist...... |
|
02.03.2012, 16:46
| #4 |
| /// Malware-holic | Js/DarDuk.it warum nicht gleich so. wenn du uns schlechte problem beschreibungen gibts, dann können wir dir auch nicht weiter helfen, also ist es in deinem interesse uns vernünftige aussagen zu bringen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2012, 18:08
| #5 |
| | Js/DarDuk.it -------------------------------------------------------------------------- Extra :OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.03.2012 17:52:30 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = c:\Users\Jonas\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 69,80% Memory free
12,19 Gb Paging File | 10,18 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 489,85 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
Drive D: | 13,84 Gb Total Space | 1,94 Gb Free Space | 14,02% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 567,68 Gb Free Space | 95,22% Space Free | Partition Type: NTFS
Drive F: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive M: | 964,00 Mb Total Space | 809,14 Mb Free Space | 83,94% Space Free | Partition Type: NTFS
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAE24B0-A1F5-45FC-B391-D7CF7664FAC7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{104C8301-31BB-4D5A-B388-CA0B2A2F21C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{18E5F230-7DE5-4B98-9A43-05A35BF95CA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{230CE759-79A9-4A6C-9748-256BD3F8DF3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{35E318B8-D6C5-4651-B300-0291A29DC4FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{378F3A58-5A2A-45E5-A766-BA3B4A69526E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{391DAD2D-BF1A-4AFC-98E8-4EB9118CE66F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{413266B8-B0ED-43A7-B14B-94CA94816E13}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{500CCE24-F335-48F6-9310-5C4F781E6C3E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{559010AB-F5FD-412B-A3E1-B6D2B11B5EF1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5B083104-6E0C-4E44-94A3-7BC87B7BC9F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{682CD00F-4FAD-4519-8405-DEC6FD460C7E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6FBAF1A4-AE74-4D71-A094-500E3324085A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7A9663BC-D9A5-49AE-8C80-AA1C6AEDA359}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7C74DC97-74EE-4996-9D1F-2EECCFE34442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8724711F-6691-4B35-87D9-EA152C5991EE}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\local\teamspeak 3 client\ts3client_win32.exe |
"{88CF537C-4807-4D4C-B690-4B61CAA1C8ED}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8A5D88A3-D746-4E5F-9098-4252B417E23F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{8AC5445A-D573-4451-9D7E-510D31D5A2D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8B915CB9-0F64-4A76-B86E-41C0C73B1FC9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{906B3773-0CED-44B2-BA4F-67349C05ABFF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{A67895BD-FC71-4304-8D00-9FEC3E6DBDE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{B42D7F8A-5A01-4D10-AC02-D77A94F81B26}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{BA9EC296-8434-4583-ACAB-0E78C783702F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{D1092CFC-491D-4BE8-AE34-2C91E1699292}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\local\teamspeak 3 client\ts3client_win32.exe |
"{D210E0E9-0842-4E57-9C6C-125817393DD2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{D7B4CA82-C862-4AFA-98BD-39FFB4F55472}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E343EA19-0728-4AF6-B772-3A944FC51D45}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{F77925DF-A43C-4700-95F4-F5EAB9DE3CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC99AE03-D292-48F7-BB91-477CDCDECF79}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Origin" = Origin
"pywin32-py2.6" = Python 2.6 pywin32-212
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2012 09:49:06 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0xa30, Anwendungsstartzeit
01ccf61fba28058e.
Error - 28.02.2012 09:50:21 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2012 12:08:38 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2012 12:13:59 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0xcdc, Anwendungsstartzeit
01ccf633f88ccd2b.
Error - 29.02.2012 05:26:06 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.02.2012 05:34:36 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0x514, Anwendungsstartzeit
01ccf6c5586b0a62.
Error - 29.02.2012 08:45:28 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0x8a0, Anwendungsstartzeit
01ccf6dff04745cf.
Error - 29.02.2012 08:46:09 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.02.2012 10:10:48 | Computer Name = Jonas-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.02.2012 10:15:13 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1231, Zeitstempel
0x495b4616, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0xc70, Anwendungsstartzeit
01ccf6ec8c737ee8.
[ System Events ]
Error - 28.02.2012 05:24:33 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 05:25:25 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 05:45:33 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 09:48:50 | Computer Name = Jonas-PC | Source = HTTP | ID = 15016
Description =
Error - 28.02.2012 09:48:52 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 09:49:42 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 10:09:52 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 12:07:08 | Computer Name = Jonas-PC | Source = HTTP | ID = 15016
Description =
Error - 28.02.2012 12:07:09 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 28.02.2012 12:07:59 | Computer Name = Jonas-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
< End of report >
Kleiner bekomm ichs leider nicht |
|
02.03.2012, 18:10
| #6 |
| | Js/DarDuk.it OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2012 17:52:30 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = c:\Users\Jonas\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,19 Gb Available Physical Memory | 69,80% Memory free 12,19 Gb Paging File | 10,18 Gb Available in Paging File | 83,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,33 Gb Total Space | 489,85 Gb Free Space | 84,12% Space Free | Partition Type: NTFS Drive D: | 13,84 Gb Total Space | 1,94 Gb Free Space | 14,02% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 567,68 Gb Free Space | 95,22% Space Free | Partition Type: NTFS Drive F: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive M: | 964,00 Mb Total Space | 809,14 Mb Free Space | 83,94% Space Free | Partition Type: NTFS Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.02 17:46:33 | 000,584,704 | ---- | M] (OldTimer Tools) -- c:\Users\Jonas\Downloads\OTL.exe PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2008.12.15 16:15:42 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.12.15 16:15:16 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.11.28 18:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.11.20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008.11.03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.11.03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.02.26 14:29:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll MOD - [2012.02.26 14:27:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2012.02.26 14:27:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2012.02.26 14:27:20 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2012.02.26 14:27:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll MOD - [2012.02.26 14:27:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2012.02.26 13:04:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2012.02.26 13:04:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2012.02.26 13:04:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2012.02.26 13:03:59 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2012.02.26 13:03:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2012.02.26 13:03:49 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2012.02.26 13:03:36 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2012.02.26 13:03:26 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2012.02.26 13:03:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2012.02.26 13:03:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.12.15 16:15:44 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.12.01 12:13:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.12.01 12:12:32 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.12.01 12:12:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.12.01 12:12:22 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.12.01 12:12:20 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.12.01 12:12:00 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.12.01 12:12:00 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.12.01 12:11:58 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.07.27 19:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2008.07.27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 19:01:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 19:01:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.01 00:01:27 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.07.01 00:01:27 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.01.21 03:49:49 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.08.24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008.11.03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2008.11.03 19:10:08 | 000,406,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.08.06 17:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV - [2008.11.28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/02/04 20:29:15] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE:64bit: - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE:64bit: - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE - HKLM\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {7C638C6B-5B27-4A85-83CB-40250D1E4AC4} IE - HKCU\..\SearchScopes\{7C638C6B-5B27-4A85-83CB-40250D1E4AC4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\..\SearchScopes\{CA8FE908-E845-4081-937D-C045FEC0FC98}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{EFA2CDF5-331C-4E0D-ADEE-706B5C3B0896}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.16 18:25:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.16 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions [2012.02.16 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll () O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft) O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] c:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A613AC85-778E-46D4-AF83-B95366D74E09}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awisp.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awisp.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.24 06:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.07 02:00:07 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ] O32 - AutoRun File - [2011.09.07 01:08:12 | 000,032,783 | R--- | M] () - F:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011.09.07 02:00:07 | 000,000,132 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{b7ad5b59-58b2-11e1-b51e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b7ad5b59-58b2-11e1-b51e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.08.24 06:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.02 14:07:11 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Avira [2012.03.02 14:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.03.02 14:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.03.02 14:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.03.01 21:27:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.03.01 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Origin [2012.03.01 18:06:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Origin [2012.03.01 18:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.03.01 18:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.03.01 18:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.03.01 18:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.03.01 18:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.02.27 17:57:07 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Adobe [2012.02.27 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.02.27 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.02.27 17:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.02.18 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.02.17 18:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.02.17 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.02.17 18:34:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.02.17 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.02.17 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.02.17 18:30:12 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Microsoft Help [2012.02.17 18:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.02.17 18:29:37 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.02.16 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Mozilla [2012.02.16 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Mozilla [2012.02.16 18:25:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\riotsGamesLogs [2012.02.16 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\LolClient [2012.02.16 18:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.02.16 17:48:42 | 000,000,000 | ---D | C] -- C:\Riot Games [2012.02.16 17:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012.02.16 17:44:49 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Skype [2012.02.16 17:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.02.16 17:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.02.16 17:44:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.02.16 17:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.02.16 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\TS3Client [2012.02.16 17:02:27 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.02.16 17:02:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\TeamSpeak 3 Client [2012.02.16 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\LeagueOfLegends [2012.02.16 16:54:05 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\PMB Files [2012.02.16 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.02.16 16:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.02.16 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Macromedia [2012.02.16 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Adobe [2012.02.16 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\AOL [2012.02.16 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Hewlett-Packard [2012.02.16 16:48:18 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Hewlett-Packard [2012.02.16 16:48:05 | 000,000,000 | R--D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.02.16 16:48:05 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Searches [2012.02.16 16:48:05 | 000,000,000 | R--D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.02.16 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Identities [2012.02.16 16:47:54 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Contacts [2012.02.16 16:43:13 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\HP TCS [2012.02.16 16:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.02.16 16:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2012.02.16 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.02.16 16:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benutzerhandbücher [2012.02.16 16:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testen Sie Microsoft Office 2007 60 Tage lang [2012.02.16 16:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager [2012.02.16 16:41:06 | 000,000,000 | ---D | C] -- C:\Intel [2012.02.16 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.02.16 16:41:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\InstallShield [2012.02.16 16:39:28 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\VirtualStore [2012.02.16 16:39:26 | 000,000,000 | --SD | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Videos [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Saved Games [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Pictures [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Music [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Links [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Favorites [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Downloads [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Documents [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\Desktop [2012.02.16 16:39:26 | 000,000,000 | R--D | C] -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Vorlagen [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\AppData\Local\Verlauf [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\AppData\Local\Temporary Internet Files [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Startmenü [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\SendTo [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Recent [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Netzwerkumgebung [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Lokale Einstellungen [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Documents\Eigene Videos [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Documents\Eigene Musik [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Eigene Dateien [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Documents\Eigene Bilder [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Druckumgebung [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Cookies [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\AppData\Local\Anwendungsdaten [2012.02.16 16:39:26 | 000,000,000 | -HSD | C] -- C:\Users\Jonas\Anwendungsdaten [2012.02.16 16:39:26 | 000,000,000 | -H-D | C] -- C:\Users\Jonas\AppData [2012.02.16 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Temp [2012.02.16 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Microsoft [2012.02.16 16:39:26 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\Media Center Programs [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Programme [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.02.16 16:36:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.02.16 16:32:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.02.16 16:30:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2012.03.02 16:05:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 16:05:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.02 14:06:40 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.03.02 14:05:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.01 18:06:25 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012.03.01 11:48:32 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.02.27 18:31:33 | 000,002,655 | ---- | M] () -- C:\Users\Jonas\Desktop\Microsoft Office Word 2007.lnk [2012.02.27 18:29:59 | 000,002,697 | ---- | M] () -- C:\Users\Jonas\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.02.27 17:57:40 | 000,071,328 | ---- | M] () -- C:\Users\Jonas\Documents\sport.xps [2012.02.27 17:52:35 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.25 09:50:51 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.25 09:50:51 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.25 09:50:51 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.25 09:50:51 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.25 09:50:51 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.24 08:02:49 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.02.18 10:33:54 | 000,310,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.16 18:25:12 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.16 17:52:42 | 000,001,672 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.02.16 17:44:41 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.16 17:02:28 | 000,001,016 | ---- | M] () -- C:\Users\Jonas\Desktop\TeamSpeak 3 Client.lnk [2012.02.16 16:57:59 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2012.02.16 16:40:59 | 000,001,864 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NQ840AA-ABD p6029de_YC_0Pavi_Q3CR910_E92CEv6PrA1_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.35_T081216_WUH1_L407_M6143_J640_7Intel_8Core2 Quad Q8200_92.33_#090430_N10EC8168_Z_G10DE0646.MRK [2012.02.16 16:40:59 | 000,001,864 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NQ840AA-ABD p6029de_YC_0Pavi_Q3CR910_E92CEv6PrA1_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.35_T081216_WUH1_L407_M6143_J640_7Intel_8Core2 Quad Q8200_92.33_#090430_N10EC8168_Z_G10DE0646.MRK [2012.02.16 16:40:04 | 000,001,384 | ---- | M] () -- C:\Users\Public\Desktop\Online fotos bestellen.lnk [2012.02.16 16:35:16 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.02.16 14:53:10 | 000,012,472 | ---- | M] () -- C:\Users\Jonas\Desktop\surrendix.JPG [2012.02.16 14:52:27 | 000,011,877 | ---- | M] () -- C:\Users\Jonas\Desktop\Aufzeichnen.JPG ========== Files Created - No Company Name ========== [2012.03.02 14:02:19 | 000,132,320 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2012.03.02 14:02:19 | 000,097,312 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.03.02 14:02:19 | 000,027,760 | ---- | C] () -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.03.01 21:27:49 | 000,518,488 | ---- | C] () -- C:\Windows\SysNative\XAudio2_7.dll [2012.03.01 21:27:49 | 000,077,656 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_5.dll [2012.03.01 21:27:48 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_7.dll [2012.03.01 21:27:46 | 002,526,056 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_43.dll [2012.03.01 21:27:45 | 001,907,552 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_43.dll [2012.03.01 21:27:44 | 000,276,832 | ---- | C] () -- C:\Windows\SysNative\d3dx11_43.dll [2012.03.01 21:27:39 | 000,511,328 | ---- | C] () -- C:\Windows\SysNative\d3dx10_43.dll [2012.03.01 21:27:38 | 002,401,112 | ---- | C] () -- C:\Windows\SysNative\D3DX9_43.dll [2012.03.01 21:27:32 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll [2012.03.01 21:27:32 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll [2012.03.01 21:27:26 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll [2012.03.01 21:27:25 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll [2012.03.01 21:27:24 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll [2012.03.01 21:27:23 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll [2012.03.01 21:27:22 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll [2012.03.01 21:27:21 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll [2012.03.01 21:27:20 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll [2012.03.01 21:27:19 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll [2012.03.01 21:27:18 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll [2012.03.01 21:27:12 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll [2012.03.01 21:27:12 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll [2012.03.01 21:27:11 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll [2012.03.01 21:27:10 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll [2012.03.01 21:27:10 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll [2012.03.01 21:27:09 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll [2012.03.01 21:27:08 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll [2012.03.01 21:27:04 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll [2012.03.01 21:27:04 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll [2012.03.01 21:27:02 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll [2012.03.01 21:26:53 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll [2012.03.01 21:26:53 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll [2012.03.01 21:26:52 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll [2012.03.01 21:26:51 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll [2012.03.01 21:26:49 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll [2012.03.01 21:26:49 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll [2012.03.01 21:26:48 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll [2012.03.01 21:26:38 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll [2012.03.01 21:26:38 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll [2012.03.01 21:26:37 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll [2012.03.01 21:26:35 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll [2012.03.01 21:26:35 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll [2012.03.01 21:26:35 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll [2012.03.01 21:26:34 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll [2012.03.01 21:26:32 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll [2012.03.01 21:26:32 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll [2012.03.01 21:26:31 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll [2012.03.01 21:26:30 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll [2012.03.01 21:26:29 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll [2012.03.01 21:26:28 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll [2012.03.01 21:26:26 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll [2012.03.01 21:26:26 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll [2012.03.01 21:26:25 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll [2012.03.01 21:26:24 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll [2012.03.01 21:26:23 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll [2012.03.01 21:26:23 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll [2012.03.01 21:26:21 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll [2012.03.01 21:26:20 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll [2012.03.01 21:26:19 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll [2012.03.01 21:26:19 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll [2012.03.01 21:26:18 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll [2012.03.01 21:26:17 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll [2012.03.01 21:26:17 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll [2012.03.01 21:26:16 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll [2012.03.01 21:26:16 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll [2012.03.01 21:26:14 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll [2012.03.01 21:26:14 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll [2012.03.01 21:26:12 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll [2012.03.01 21:26:11 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll [2012.03.01 21:26:11 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll [2012.03.01 21:26:10 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll [2012.03.01 21:26:09 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll [2012.03.01 21:26:08 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll [2012.03.01 21:26:07 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll [2012.03.01 21:26:06 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll [2012.03.01 21:26:05 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll [2012.03.01 21:26:05 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll [2012.03.01 21:26:04 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll [2012.03.01 21:26:03 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll [2012.03.01 21:26:02 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll [2012.03.01 21:26:01 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll [2012.03.01 21:26:00 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll [2012.03.01 21:25:59 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll [2012.03.01 21:25:35 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll [2012.03.01 21:25:34 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll [2012.03.01 21:25:34 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll [2012.03.01 21:25:32 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll [2012.03.01 21:25:31 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll [2012.03.01 21:25:28 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll [2012.03.01 21:25:25 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll [2012.03.01 21:25:23 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll [2012.03.01 21:25:22 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll [2012.03.01 18:06:25 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012.02.27 17:57:39 | 000,071,328 | ---- | C] () -- C:\Users\Jonas\Documents\sport.xps [2012.02.27 17:52:35 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.27 17:52:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.26 12:48:25 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll [2012.02.26 12:48:25 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll [2012.02.26 12:48:25 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe [2012.02.26 12:48:25 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll [2012.02.26 12:48:25 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll [2012.02.24 12:27:19 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl [2012.02.24 12:27:16 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll [2012.02.24 12:27:15 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe [2012.02.24 12:27:15 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll [2012.02.24 12:27:15 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll [2012.02.24 12:27:11 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2012.02.24 12:22:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll [2012.02.24 12:22:34 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll [2012.02.24 08:02:49 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.02.18 15:04:27 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll [2012.02.18 15:04:10 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll [2012.02.18 15:04:10 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll [2012.02.18 15:04:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll [2012.02.18 10:13:31 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll [2012.02.18 09:58:33 | 000,294,912 | ---- | C] () -- C:\Windows\SysNative\browserchoice.exe [2012.02.18 09:57:17 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll [2012.02.18 09:57:15 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys [2012.02.18 09:57:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll [2012.02.17 18:45:24 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2012.02.17 18:45:22 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll [2012.02.17 18:45:17 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll [2012.02.17 18:45:17 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll [2012.02.17 18:45:17 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll [2012.02.17 18:45:17 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll [2012.02.17 18:45:17 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll [2012.02.17 18:45:17 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll [2012.02.17 18:45:17 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll [2012.02.17 18:45:16 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll [2012.02.17 18:45:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll [2012.02.17 18:45:11 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2012.02.17 18:45:01 | 005,702,144 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2012.02.17 18:45:00 | 007,016,960 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2012.02.17 18:44:59 | 002,452,872 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat [2012.02.17 18:44:58 | 001,427,968 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2012.02.17 18:44:58 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2012.02.17 18:44:58 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2012.02.17 18:44:57 | 000,759,808 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2012.02.17 18:44:57 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2012.02.17 18:44:56 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2012.02.17 18:44:56 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2012.02.17 18:44:56 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2012.02.17 18:44:56 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2012.02.17 18:44:56 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2012.02.17 18:44:56 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2012.02.17 18:44:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2012.02.17 18:44:55 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2012.02.17 18:44:55 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec [2012.02.17 18:44:55 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll [2012.02.17 18:44:55 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2012.02.17 18:43:17 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll [2012.02.17 18:43:14 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll [2012.02.17 18:43:12 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll [2012.02.17 18:42:53 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll [2012.02.17 18:42:52 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL [2012.02.17 18:42:50 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll [2012.02.17 18:42:48 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll [2012.02.17 18:42:43 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll [2012.02.17 18:42:42 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll [2012.02.17 18:42:35 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll [2012.02.17 18:42:35 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll [2012.02.17 18:42:32 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll [2012.02.17 18:42:31 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll [2012.02.17 18:42:31 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll [2012.02.17 18:41:57 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll [2012.02.17 18:41:56 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL [2012.02.17 18:41:56 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe [2012.02.17 18:41:53 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2012.02.17 18:41:52 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2012.02.17 18:41:52 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2012.02.17 18:41:51 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2012.02.17 18:41:51 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2012.02.17 18:41:51 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2012.02.17 18:41:49 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys [2012.02.17 18:41:48 | 001,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll [2012.02.17 18:41:39 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll [2012.02.17 18:41:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll [2012.02.17 18:41:34 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll [2012.02.17 18:41:28 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll [2012.02.17 18:41:25 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL [2012.02.17 18:41:09 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2012.02.17 18:41:08 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll [2012.02.17 18:41:07 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll [2012.02.17 18:41:07 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll [2012.02.17 18:41:07 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2012.02.17 18:41:06 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll [2012.02.17 18:41:06 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll [2012.02.17 18:41:06 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe [2012.02.17 18:40:47 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2012.02.17 18:40:47 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2012.02.17 18:40:47 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2012.02.17 18:40:47 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2012.02.17 18:40:47 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2012.02.17 18:40:47 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2012.02.17 18:40:47 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2012.02.17 18:40:46 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\consent.exe [2012.02.17 18:40:45 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll [2012.02.17 18:40:44 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe [2012.02.17 18:40:38 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll [2012.02.17 18:40:27 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2012.02.17 18:40:27 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2012.02.17 18:40:23 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2012.02.17 18:40:21 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll [2012.02.17 18:40:21 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll [2012.02.17 18:40:21 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax [2012.02.17 18:40:21 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll [2012.02.17 18:40:19 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL [2012.02.17 18:40:17 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll [2012.02.17 18:40:06 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll [2012.02.17 18:40:06 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys [2012.02.17 18:40:06 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll [2012.02.17 18:40:06 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll [2012.02.17 18:40:06 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll [2012.02.17 18:40:06 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe [2012.02.17 18:40:04 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll [2012.02.17 18:39:53 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll [2012.02.17 18:39:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE [2012.02.17 18:39:53 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE [2012.02.17 18:39:53 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE [2012.02.17 18:39:52 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE [2012.02.17 18:39:52 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe [2012.02.17 18:39:52 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE [2012.02.17 18:39:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE [2012.02.17 18:39:12 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys [2012.02.17 18:39:11 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll [2012.02.17 18:39:08 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll [2012.02.17 18:39:07 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll [2012.02.17 18:39:06 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2012.02.17 18:39:05 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll [2012.02.17 18:39:04 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll [2012.02.17 18:39:02 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2012.02.17 18:39:02 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll [2012.02.17 18:38:42 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe [2012.02.17 18:38:40 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2012.02.17 18:38:40 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll [2012.02.17 18:38:40 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2012.02.17 18:38:39 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll [2012.02.17 18:38:39 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll [2012.02.17 18:38:35 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll [2012.02.17 18:38:21 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2012.02.17 18:38:19 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll [2012.02.17 18:38:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll [2012.02.17 18:38:17 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll [2012.02.17 18:38:06 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll [2012.02.17 18:38:05 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll [2012.02.17 18:38:05 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx [2012.02.17 18:38:05 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll [2012.02.17 18:38:04 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb [2012.02.17 18:38:04 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb [2012.02.17 18:37:51 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2012.02.17 18:37:50 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2012.02.17 18:37:46 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll [2012.02.17 18:37:42 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2012.02.17 18:37:42 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2012.02.17 18:37:42 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2012.02.17 18:37:37 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf [2012.02.17 18:37:36 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll [2012.02.17 18:37:36 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll [2012.02.17 18:37:36 | 000,279,656 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe [2012.02.17 18:37:33 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll [2012.02.17 18:37:33 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll [2012.02.17 18:37:32 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll [2012.02.17 18:37:32 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll [2012.02.17 18:37:24 | 000,854,528 | ---- | C] () -- C:\Windows\SysNative\schedsvc.dll [2012.02.17 18:37:24 | 000,655,872 | ---- | C] () -- C:\Windows\SysNative\taskschd.dll [2012.02.17 18:37:24 | 000,499,712 | ---- | C] () -- C:\Windows\SysNative\wmicmiplugin.dll [2012.02.17 18:37:23 | 000,410,112 | ---- | C] () -- C:\Windows\SysNative\taskcomp.dll [2012.02.17 18:37:23 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\taskeng.exe [2012.02.17 18:35:13 | 000,002,697 | ---- | C] () -- C:\Users\Jonas\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.02.17 18:35:13 | 000,002,655 | ---- | C] () -- C:\Users\Jonas\Desktop\Microsoft Office Word 2007.lnk [2012.02.16 18:25:12 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.16 18:25:12 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.16 17:52:42 | 000,001,672 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.02.16 17:44:41 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.16 17:02:28 | 000,001,016 | ---- | C] () -- C:\Users\Jonas\Desktop\TeamSpeak 3 Client.lnk [2012.02.16 16:54:31 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2012.02.16 16:54:30 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2012.02.16 16:52:41 | 000,012,472 | ---- | C] () -- C:\Users\Jonas\Desktop\surrendix.JPG [2012.02.16 16:52:39 | 000,011,877 | ---- | C] () -- C:\Users\Jonas\Desktop\Aufzeichnen.JPG [2012.02.16 16:48:12 | 000,000,951 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.02.16 16:48:08 | 000,000,981 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.16 16:48:05 | 000,000,976 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.02.16 16:47:54 | 000,000,917 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.02.16 16:44:59 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll [2012.02.16 16:44:59 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll [2012.02.16 16:44:59 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe [2012.02.16 16:44:59 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll [2012.02.16 16:44:33 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll [2012.02.16 16:44:33 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll [2012.02.16 16:44:32 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll [2012.02.16 16:44:16 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll [2012.02.16 16:44:16 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe [2012.02.16 16:43:14 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012.02.16 16:42:49 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.02.16 16:40:47 | 000,001,864 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NQ840AA-ABD p6029de_YC_0Pavi_Q3CR910_E92CEv6PrA1_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.35_T081216_WUH1_L407_M6143_J640_7Intel_8Core2 Quad Q8200_92.33_#090430_N10EC8168_Z_G10DE0646.MRK [2012.02.16 16:40:47 | 000,001,864 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NQ840AA-ABD p6029de_YC_0Pavi_Q3CR910_E92CEv6PrA1_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.35_T081216_WUH1_L407_M6143_J640_7Intel_8Core2 Quad Q8200_92.33_#090430_N10EC8168_Z_G10DE0646.MRK [2012.02.16 16:40:04 | 000,001,384 | ---- | C] () -- C:\Users\Public\Desktop\Online fotos bestellen.lnk [2012.02.16 16:39:50 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk [2012.02.16 16:39:50 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk [2012.02.16 16:39:47 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2012.02.16 16:39:47 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\Für Kinder.lnk [2012.02.16 16:39:47 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Testen Sie Microsoft Office 2007 60 Tage lang.lnk [2012.02.16 16:39:46 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2012.02.16 16:39:46 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Für Kinder.lnk [2012.02.16 16:39:26 | 000,001,374 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk ========== LOP Check ========== [2012.02.16 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\LolClient [2012.03.01 19:15:04 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Origin [2012.02.16 21:42:36 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TS3Client [2012.03.02 14:04:35 | 000,017,714 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.18 10:03:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.02.05 03:46:27 | 000,000,000 | -HSD | M] -- C:\Boot [2012.02.16 16:36:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.02.16 16:45:13 | 000,000,000 | -H-D | M] -- C:\hp [2012.02.16 16:41:06 | 000,000,000 | ---D | M] -- C:\Intel [2012.02.17 18:29:37 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.17 18:30:59 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.02 14:05:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.02 14:02:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.02.16 16:36:10 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.16 17:48:45 | 000,000,000 | ---D | M] -- C:\Riot Games [2009.02.04 20:29:22 | 000,000,000 | -H-D | M] -- C:\SWSetup [2012.03.02 17:53:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.18 10:03:18 | 000,000,000 | R--D | M] -- C:\Users [2012.03.01 21:25:23 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.02.05 04:26:21 | 003,079,680 | ---- | M] (Microsoft Corporation) MD5=513619A8ABBF19F34D4308E91D1EC89D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_b038be1d4865a6ca\explorer.exe [2009.02.05 04:26:21 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=5EF11AC92B68B4B8058A3A4F037F26CE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_ba8d686f7cc668c5\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SysWOW64\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTOR.SYS > [2008.11.03 17:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.11.03 19:10:08 | 000,406,040 | ---- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327022117 -- C:\hp\DRIVERS\Intel_Storage\IaStor.sys [2008.11.03 18:10:08 | 000,406,040 | ---- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327022117 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.11.03 19:10:08 | 000,406,040 | ---- | M] () MD5=5979854E6FDA990107E3170327022117 -- C:\Windows\SysNative\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011.04.21 15:57:48 | 006,078,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2011.04.21 15:57:48 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < %USERPROFILE%\*.* > [2012.03.02 17:52:38 | 000,786,432 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT [2012.03.02 17:52:38 | 000,262,144 | -H-- | M] () -- C:\Users\Jonas\ntuser.dat.LOG1 [2012.02.16 16:39:26 | 000,000,000 | -H-- | M] () -- C:\Users\Jonas\ntuser.dat.LOG2 [2012.03.02 14:04:37 | 000,065,536 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2012.03.02 14:04:37 | 000,524,288 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2012.02.16 16:55:12 | 000,524,288 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2012.02.16 16:39:26 | 000,000,020 | -HS- | M] () -- C:\Users\Jonas\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < > < End of report > |
|
02.03.2012, 18:48
| #7 |
| /// Malware-holic | Js/DarDuk.it hi, 1. warum ist kein servicepack 2 instaliert worden? 2. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2012, 19:39
| #8 |
| | Js/DarDuk.it Kannst du mir dazu einen download link senden? wenn ich unter google suche finde ich mehrere verschiedene Combofix "dinger" Danke für die Hilfe soweit. Lg Ditly |
|
05.03.2012, 20:57
| #9 |
| /// Malware-holic | Js/DarDuk.it stehen doch 2 stück im tutorial.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2012, 22:31
| #10 |
| | Js/DarDuk.it Combofix Logfile: Code:
ATTFilter ComboFix 12-03-04.02 - Jonas 05.03.2012 22:16:47.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.6142.4083 [GMT 1:00]
ausgeführt von:: c:\users\Jonas\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-05 bis 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-03-05 21:23 . 2012-03-05 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 13:02 . 2012-01-31 07:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-02 13:02 . 2012-01-31 07:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-02 13:02 . 2011-09-16 15:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-02 13:02 . 2012-03-02 13:02 -------- d-----w- c:\programdata\Avira
2012-03-02 13:02 . 2012-03-02 13:02 -------- d-----w- c:\program files (x86)\Avira
2012-03-02 12:26 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B6819B2-E553-4DD4-B541-615C33903C51}\mpengine.dll
2012-03-01 20:26 . 2008-10-27 09:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll
2012-03-01 17:06 . 2012-03-01 18:15 -------- d-----w- c:\programdata\Origin
2012-03-01 17:06 . 2012-03-01 18:16 -------- d-----w- c:\program files (x86)\Origin Games
2012-03-01 17:06 . 2012-03-01 17:06 -------- d-----w- c:\programdata\Electronic Arts
2012-03-01 17:05 . 2012-03-01 18:15 -------- d-----w- c:\program files (x86)\Origin
2012-02-27 16:52 . 2012-02-27 16:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-26 11:48 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-26 11:48 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-26 11:48 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-26 11:48 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-26 11:48 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-26 11:48 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-26 11:48 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-26 11:48 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-26 11:48 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-26 11:48 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-24 11:27 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-02-24 11:27 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
2012-02-24 11:27 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
2012-02-24 11:27 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
2012-02-24 11:27 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-02-24 11:27 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
2012-02-24 11:27 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
2012-02-24 11:27 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2012-02-24 11:27 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
2012-02-24 11:27 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
2012-02-24 11:27 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-02-24 11:27 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-02-24 11:22 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
2012-02-24 11:22 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
2012-02-24 11:22 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
2012-02-24 11:22 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
2012-02-18 14:04 . 2009-08-24 12:24 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-02-18 14:04 . 2009-08-24 12:16 378368 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-02-18 14:04 . 2009-11-03 22:42 35328 ----a-w- c:\windows\system32\drivers\de-DE\http.sys.mui
2012-02-18 14:04 . 2010-09-06 16:24 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-02-18 14:04 . 2010-09-06 16:23 17920 ----a-w- c:\windows\SysWow64\netevent.dll
2012-02-18 14:04 . 2010-09-06 15:59 179712 ----a-w- c:\windows\system32\srvsvc.dll
2012-02-18 14:04 . 2010-09-06 15:59 12288 ----a-w- c:\windows\system32\sscore.dll
2012-02-18 14:04 . 2010-09-06 15:57 17920 ----a-w- c:\windows\system32\netevent.dll
2012-02-18 09:13 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
2012-02-18 09:13 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-02-18 09:03 . 2012-02-18 09:03 -------- d-----w- c:\users\Horst&Astrid
2012-02-18 09:00 . 2012-02-18 09:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-18 08:58 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-02-18 08:57 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
2012-02-18 08:57 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
2012-02-18 08:57 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
2012-02-18 08:57 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
2012-02-18 08:57 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
2012-02-17 17:43 . 2009-04-23 13:17 791552 ----a-w- c:\windows\system32\localspl.dll
2012-02-17 17:43 . 2009-04-23 12:42 636928 ----a-w- c:\windows\SysWow64\localspl.dll
2012-02-17 17:43 . 2009-04-23 13:18 1280512 ----a-w- c:\windows\system32\rpcrt4.dll
2012-02-17 17:43 . 2009-04-23 12:44 677376 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2012-02-17 17:43 . 2009-06-15 15:43 656384 ----a-w- c:\windows\system32\kerberos.dll
2012-02-17 17:43 . 2009-06-15 15:21 499712 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-02-17 17:41 . 2010-06-18 17:17 50688 ----a-w- c:\windows\system32\rtutils.dll
2012-02-17 17:40 . 2011-02-27 15:53 18320 ----a-w- c:\windows\system32\kdcom.dll
2012-02-17 17:39 . 2009-08-14 17:29 141312 ----a-w- c:\windows\system32\netiohlp.dll
2012-02-17 17:38 . 2010-12-14 16:20 1251840 ----a-w- c:\windows\system32\sdclt.exe
2012-02-17 17:37 . 2011-03-10 16:30 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2012-02-17 17:34 . 2012-02-17 17:34 -------- d-----w- c:\windows\PCHEALTH
2012-02-17 17:34 . 2012-02-17 17:34 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-17 17:30 . 2012-02-17 17:35 -------- d-----w- c:\programdata\Microsoft Help
2012-02-17 17:29 . 2012-02-17 17:29 -------- d-----r- C:\MSOCache
2012-02-16 16:52 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-02-16 16:52 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-02-16 16:52 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-02-16 16:52 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-16 16:52 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-16 16:48 . 2012-02-16 16:48 -------- d-----w- C:\Riot Games
2012-02-16 16:44 . 2012-02-16 16:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-16 16:44 . 2012-02-16 16:44 -------- d-----r- c:\program files (x86)\Skype
2012-02-16 16:44 . 2012-02-16 16:44 -------- d-----w- c:\programdata\Skype
2012-02-16 15:54 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
2012-02-16 15:54 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
2012-02-16 15:54 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-16 15:54 . 2009-12-23 12:39 218112 ----a-w- c:\windows\system32\wintrust.dll
2012-02-16 15:54 . 2012-03-05 21:02 -------- d-----w- c:\programdata\PMB Files
2012-02-16 15:53 . 2012-02-16 15:53 -------- d-----w- c:\program files (x86)\Pando Networks
2012-02-16 15:42 . 2012-02-17 17:34 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-02-16 15:41 . 2006-11-10 07:25 319456 ----a-w- c:\windows\SysWow64\difxapi.dll
2012-02-16 15:41 . 2012-02-16 15:41 -------- d-----w- C:\Intel
2012-02-16 15:41 . 2012-02-16 15:41 -------- d-----w- c:\program files (x86)\Intel
2012-02-16 15:39 . 2012-02-16 17:25 -------- d-----w- c:\users\Jonas
2012-02-16 15:32 . 2008-01-21 02:47 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 15:57 . 2009-02-04 19:46 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-12-01 966656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-12-31 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-15 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-15 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-08 15942176]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-08 82464]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
mLocal Page = %SystemRoot%\system32\blank.htm
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\l8gc8igm.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-05 22:30:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-05 21:30
.
Vor Suchlauf: 8 Verzeichnis(se), 513.749.778.432 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 514.793.947.136 Bytes frei
.
- - End Of File - - D64716DE1ABB62F7AED4C8BF94423654
|
|
05.03.2012, 22:33
| #11 | |
| | Js/DarDuk.itZitat:
|
|
06.03.2012, 12:47
| #12 |
| /// Malware-holic | Js/DarDuk.it kommt noch. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.03.2012, 22:22
| #13 |
| | Js/DarDuk.it Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.12.05 Windows Vista Service Pack 1 x64 NTFS Internet Explorer 7.0.6001.18000 Jonas :: JONAS-PC [Administrator] Schutz: Aktiviert 12.03.2012 20:37:45 mbam-log-2012-03-12 (20-37-45).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 391928 Laufzeit: 1 Stunde(n), 14 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Warum kommt das? Antivir hat mir gemeldet das ich einen Virus habe?^^ |
|
13.03.2012, 10:38
| #14 |
| /// Malware-holic | Js/DarDuk.it und woher soll ich wissen was avira meldet, wenn du mir die meldungen nicht postest? ist esnoch die selbe? poste mal ein paar beispiele der neuesten meldungen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.03.2012, 17:24
| #15 |
| | Js/DarDuk.it Mir wurde die Meldung gegeben das ein bösartiges Datei oder Programm Js/DarkDuk.it auf meinen pc ist |
|
| Themen zu Js/DarDuk.it |
| .dll, appdata, avira, avira antivir, bytes, cache, chip, datei, firefox, folge, free, fund, internet, js/darduk.it, mas, mozilla, namen, nicht mehr, nt.dll, problem, programm, seite, seiten, temp, virus, vista, windows, windows vista |
Linear-Darstellung
