könnt ihr euch mal bitte mein log-file anschaun. hab seit heute komischer weiße beim starten eines spiel nach ca2-5 minuten einen absturz mit autom. neustart ... habt ihr eine idee bzw sagt mein log-file was darüber aus ??

Logfile of HijackThis v1.99.1
Scan saved at 16:26:49, on 19.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\FLO\Programme\ITunes\iTunesHelper.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\FLO\Programme\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\flo\programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CnOServerLauncher] CNOServerLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\FLO\Programme\ITunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\FLO\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\FLO\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - h**p://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - h**p://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - h**p://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166188082765
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - h**p://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - h**p://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://80.240.228.234/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - h**p://player.virtools.com/downloads/player/Install3.0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe

Hallo.

Es könnte sowohl an der Hardware liegen (Temperatur-Problem!) als auch an einem Schädling.

1.) Kennst du dieses Programm:

Zitat:

C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

2.) Hast du selbst die Registry DEAKTIVIERT???

Arbeiten mit MWAV (eScan)

* Lies dir folgende Anleitung genau durch und arbeite sie ab:
-> Anleitung eScan
* Wichtig: Poste im Anschluss das Ergebnis mit Hilfe der “find.bat”.
(steht alles ganz genau in der Anleitung.)

F-Secure Blacklight – Rootkitscanner:

* Scanne dein System mit Blacklight-
* Poste im Anschluss das Ergebnis des Reportes in dem du alles abkopierst und hier in einen Beitrag einfügst. (die Datei sollte auf C: angelegt werden.)

Gruß
Sunny

erstmal danke für deine rasche antwort und hilfe !!

zu 1) ich kenne dieses programm nur so weit ich weiß hab ichs selber deaktiviert.

zu 2) welche registry meinst du??

zu 3)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Microsoft Windows XP [Version 5.1.2600]
Sun Jan 21 11:47:33 2007 => Deleting Registry Key: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango
Sun Jan 21 11:15:34 2007 => Virus Database Date: 1/19/2007
Sun Jan 21 11:16:04 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 11:44:43 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 15:40:03 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 15:48:31 2007 => Virus Database Date: 1/21/2007
Sun Jan 21 11:12:37 2007 => Virus-Datenbank Datum: 1/19/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 21 11:47:30 2007 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: Entries Removed.
Sun Jan 21 11:47:30 2007 => System found infected with ibis Spyware/Adware ({1d4db7d2-6ec9-47a3-bd87-1e41684e07bb})! Action taken: Entries Removed.
Sun Jan 21 11:47:30 2007 => System found infected with istbar Spyware/Adware ({7c559105-9ecf-42b8-b3f7-832e75edd959})! Action taken: Entries Removed.
Sun Jan 21 11:47:35 2007 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: Entries Removed.
Sun Jan 21 11:47:51 2007 => System found infected with lop.com Spyware/Adware (backup.reg)! Action taken: Entries Removed.
Sun Jan 21 11:48:21 2007 => System found infected with spylax Trojan (C:\WINDOWS\unvise32.exe)! Action taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Sun Jan 21 11:55:54 2007 => File C:\Dokumente und Einstellungen\Mythos\Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook\Outlook.pst infected by "Trojan-Downloader.Win32.Small.dam" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Sun Jan 21 14:13:47 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\Del3D.tmp tagged as "not-a-virus:AdWare.Win32.180Solutions.x". Action Taken: File Deleted.
Sun Jan 21 14:14:03 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\New49.tmp\upgrade.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.f". Action Taken: File Deleted.
Sun Jan 21 14:14:13 2007 => File C:\RECYCLER\S-1-5-21-1547161642-1450960922-725345543-1003\Dc116\res25.tmp tagged as "not-a-virus:AdWare.Win32.180Solutions.q". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall6_90.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall6_98.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:24 2007 => File C:\WINDOWS\NDNuninstall7_14.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
Sun Jan 21 14:36:25 2007 => File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: File Deleted.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Sun Jan 21 11:47:35 2007 => Offending file found: C:\WINDOWS\system32\ide21201.vxd
Sun Jan 21 11:47:51 2007 => Offending file found: C:\DOKUME~1\Mythos\Desktop\backup.reg
Sun Jan 21 11:48:21 2007 => Offending file found: C:\WINDOWS\unvise32.exe
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Sun Jan 21 11:47:35 2007 => Offending Folder found: C:\Programme\aveo
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Sun Jan 21 11:47:32 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media gateway !!!
Sun Jan 21 11:47:32 2007 => Offending Key found: HKLM\Software\aveo !!!
Sun Jan 21 11:47:32 2007 => Offending Key found: HKCU\Software\ist !!!
Sun Jan 21 11:47:33 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 21 11:53:19 2007 => Scanning Folder: C:\Dokumente und Einstellungen\Mythos\Eigene Dateien\Eigene Bilder\Adobe\Gescannte Fotos\*.*


zu 4)
01/21/07 16:13:37 [Info]: BlackLight Engine 1.0.55 initialized
01/21/07 16:13:37 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/21/07 16:13:37 [Note]: 7019 4
01/21/07 16:13:37 [Note]: 7005 0
01/21/07 16:13:40 [Note]: 7006 0
01/21/07 16:13:40 [Note]: 7011 1816
01/21/07 16:13:41 [Note]: 7026 0
01/21/07 16:13:41 [Note]: 7026 0
01/21/07 16:13:51 [Note]: FSRAW library version 1.7.1021
01/21/07 16:19:29 [Note]: 2000 1012
01/21/07 16:22:22 [Note]: 7007 0

Soweit so gut, jetzt bitte noch das hier posten:

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen. (Option 1)
-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

Filelist.zip

1.) Lade dir die Filelist.zip auf den Desktop
2.) entpacke die Zip-Datei auf deinen Desktop (kostenlose Zip-Tools)
3.) starte deinen Rechner neu auf
4.) öffne die nun auf deinem Desktop vorhandene filelist.bat mit einem Doppelklick auf die Datei
5.) dein Editor (Textverarbeitungsprogramm) wird sich öffnen
6.) markiere von diesen Inhalt aus jedem Verzeichnis jeweils NUR die letzten 30 Tage, wähle kopieren, füge diese Dateien deinem nächsten Beitrag an.

Zitat:

Zitat von Verzeichnisse

* Verzeichnis von C:\
* Verzeichnis von C:\WINDOWS\system
* Verzeichnis von C:\WINDOWS\system32
* Verzeichnis von C:\WINDOWS
* Verzeichnis von C:\WINDOWS\Prefetch
* Verzeichnis von C:\WINDOWS\tasks
* Verzeichnis von C:\WINDOWS\Temp
* Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp

Sunny

halloooo

soda hab jetzt deine nächsten punkte durchgeführt, wobei ich mich leider verlsen habe und bei SmitfraudFix option 2 ausgeführt habe. hoffe ich habe damit nichts schlimmes angerichtet

zu 1)
SmitFraudFix v2.133

Scan done at 17:24:35,43, 22.01.2007
Run from C:\Dokumente und Einstellungen\***\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


zu 2)
----- Root -----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\

22.01.2007 17:46 43 filelist.txt
22.01.2007 17:43 1.610.612.736 pagefile.sys
22.01.2007 17:26 211 boot.ini
22.01.2007 17:25 1.107 rapport.txt
21.01.2007 15:40 0 23990098.$$$

----- Windows --------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS

22.01.2007 17:44 0 0.log
22.01.2007 17:44 159 wiadebug.log
22.01.2007 17:43 1.225.987 WindowsUpdate.log
22.01.2007 17:43 50 wiaservc.log
22.01.2007 17:43 0 TempFile
22.01.2007 17:43 2.048 bootstat.dat
22.01.2007 17:33 32.618 SchedLgU.Txt
22.01.2007 17:26 646 win.ini
22.01.2007 17:26 227 system.ini
22.01.2007 17:25 186.226 setupact.log
21.01.2007 11:47 5.566.316 REGBK00.ZIP
21.01.2007 11:44 50 Lic.xxx
19.01.2007 18:09 1.409 QTFont.for
19.01.2007 18:09 54.156 QTFont.qfn
13.01.2007 16:57 793.942 iis6.log
13.01.2007 16:57 243.137 comsetup.log
13.01.2007 16:57 146.568 ntdtcsetup.log
13.01.2007 16:57 328.628 tsoc.log
13.01.2007 16:57 35.773 tabletoc.log
13.01.2007 16:57 38.886 ocmsn.log
13.01.2007 16:57 1.374 imsins.log
13.01.2007 16:57 3.520 KB929969.log
13.01.2007 16:57 49.544 MedCtrOC.log
13.01.2007 16:57 124.530 netfxocm.log
13.01.2007 16:57 346.988 ocgen.log
13.01.2007 16:57 35.680 msgsocm.log
13.01.2007 16:57 699.616 FaxSetup.log
13.01.2007 16:57 221.110 msmqinst.log
11.01.2007 18:13 1.917 imsins.BAK
11.01.2007 18:09 0 setuperr.log
10.01.2007 18:40 116 NeroDigital.ini
10.01.2007 18:25 8.199 hhdrvi.log
10.01.2007 18:25 1.042.470 setupapi.log.0.old
09.01.2007 18:45 118.690 DirectX.log
09.01.2007 18:43 155 winamp.ini
24.12.2006 09:38 956 GEARInstall.log

----- System ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system

14.05.16745 12:49 398.416 VBRUN300.DLL
25.08.2006 01:35 4.096 LEXHDL5.DLL
18.01.2006 20:33 157.696 STORAGE.DLL

----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system32

22.01.2007 17:44 13.646 wpa.dbl
22.01.2007 17:24 0 tmp.txt
22.01.2007 17:24 4.098 tmp.reg
21.01.2007 21:50 952 KGyGaAvL.sys
19.01.2007 17:01 45 initdebug.nfo
12.01.2007 14:18 383.254 perfh009.dat
12.01.2007 14:18 394.500 perfh007.dat
12.01.2007 14:18 53.608 perfc009.dat
12.01.2007 14:18 64.598 perfc007.dat
12.01.2007 14:18 899.052 PerfStringBackup.INI
03.01.2007 00:19 10.980.776 MRT.exe
21.12.2006 21:48 9.132 jupdate-1.5.0_10-b03.log

----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\Prefetch

22.01.2007 17:46 11.510 FIND.EXE-0EEAD1A7.pf
22.01.2007 17:46 12.810 CMD.EXE-034B0549.pf
22.01.2007 17:45 22.538 WUAUCLT.EXE-1360D60A.pf
22.01.2007 17:45 1.047.548 NTOSBOOT-B00DFAAD.pf
22.01.2007 17:45 42.914 GOOGLETOOLBARNOTIFIER.EXE-0F12F50A.pf
22.01.2007 17:32 14.688 WINRAR.EXE-3588DFE8.pf
22.01.2007 17:30 85.784 IEXPLORE.EXE-360BBB5C.pf
22.01.2007 17:29 35.082 RUNDLL32.EXE-4EE39BB6.pf
22.01.2007 17:29 6.168 LOGON.SCR-24ADF392.pf
22.01.2007 17:21 18.886 LOGONUI.EXE-312BE1BF.pf
22.01.2007 17:21 32.946 MSCONFIG.EXE-1EF1EA0F.pf
22.01.2007 17:20 19.142 I_VIEW32.EXE-1A0A16FA.pf
21.01.2007 21:49 65.354 CORELPP.EXE-00A4A8A3.pf
21.01.2007 21:46 60.854 OUTLOOK.EXE-11202EC3.pf
21.01.2007 21:44 16.024 NOTEPAD.EXE-2F2D61E1.pf
21.01.2007 21:42 54.796 EPMWORKER.EXE-22C486BA.pf
21.01.2007 21:42 24.646 CONNECTIONWIZARD.EXE-0FDCD8C2.pf
21.01.2007 16:31 53.322 FINDSTR.EXE-1A4FC238.pf
21.01.2007 16:28 5.426 MORE.COM-32B5155B.pf
21.01.2007 16:28 10.914 VERCLSID.EXE-28F52AD2.pf
21.01.2007 16:23 35.144 BLBETA.EXE-3A08426C.pf
21.01.2007 16:12 14.380 BLBETA.EXE-356C64A4.pf
21.01.2007 15:58 31.680 WMIPRVSE.EXE-0D449B4F.pf
21.01.2007 15:58 62.374 SOFTWAREUPDATE.EXE-25CB4300.pf
21.01.2007 15:55 34.880 WGATRAY.EXE-350D4455.pf
21.01.2007 15:55 76.086 GENERIC.EXE-0D0328B3.pf
21.01.2007 15:55 15.970 ALG.EXE-275708CF.pf
21.01.2007 15:55 22.668 IPODSERVICE.EXE-07892C80.pf
28 Datei(en) 1.934.534 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei

----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\tasks

22.01.2007 17:43 6 SA.DAT
21.01.2007 15:58 276 AppleSoftwareUpdate.job
18.08.2001 11:00 65 desktop.ini
3 Datei(en) 347 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei

----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\Temp

22.01.2007 17:44 408 WGANotify.settings
22.01.2007 17:43 255 WGAErrLog.txt
19.01.2007 14:50 0 Upd2.tmp

----- Temp -----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\DOKUME~1\***\LOKALE~1\Temp

22.01.2007 17:33 173 jusched.log
1 Datei(en) 173 Bytes
0 Verzeichnis(se), 96.905.625.600 Bytes frei


weiters hab ich festgestellt nach dem ich den seitendeckel entfernt habe, dass mein pc wieder etwas besser läuft!! nach der bios-info hat meine cpu ca 65C° und das is doch schon etwas sehr hoch, kann es sein das meine cpu am abbrennen ist??

Zitat:

SmitfraudFix option 2 ausgeführt habe. hoffe ich habe damit nichts schlimmes angerichtet

Nein, hast du nicht!

Eigentlich müsste fast alles weg sein, aber sicher ist sicher:

Ad-Aware

Lade dir das Tool -> Hier
Starte es und lass es einmal durchlaufen.

Danach arbeite das hier ab:

Anleitung Avenger:

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:


2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein:

Zitat:

Files to delete:
c:\windows\System32\tmp.reg
c:\windows\system32\tmp.txt
C:\WINDOWS\unvise32.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall6_90.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\system32\ide21201.vxd

3.) Klicke nun auf die „grüne Ampel“, das Script fängt an zu arbeiten.

4.) Danach das System unverzüglich neu starten lassen
5.) Lass HijackThis nochmal laufen, erstelle und poste ein neues HijackThis Logfile.
Poste ausserdem den Inhalt der C:\avenger.txt Datei.

Poste im Anschluss ein neues Hijacklog, und führe nochmals einen eScan durch.
Dann solltest du es geschafft haben.

Gruß
Sunny

soda also hier nochmal die letzten log-files

Logfile of HijackThis v1.99.1
Scan saved at 19:18:53, on 23.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe
C:\FLO\Programme\ITunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\FLO\Programme\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\flo\programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CnOServerLauncher] CNOServerLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\FLO\Programme\ITunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\FLO\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\FLO\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166188082765
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.240.228.234/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
und hier das andre log-file

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\urudoorq

*******************

Script file located at: \??\C:\WINDOWS\imrhxqqh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\System32\tmp.reg deleted successfully.
File c:\windows\system32\tmp.txt deleted successfully.


File C:\WINDOWS\unvise32.exe not found!
Deletion of file C:\WINDOWS\unvise32.exe failed!

Could not process line:
C:\WINDOWS\unvise32.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall6_98.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall6_98.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall6_98.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall6_90.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall6_90.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall6_90.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall7_22.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall7_22.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall7_22.exe
Status: 0xc0000034



File C:\WINDOWS\NDNuninstall7_14.exe not found!
Deletion of file C:\WINDOWS\NDNuninstall7_14.exe failed!

Could not process line:
C:\WINDOWS\NDNuninstall7_14.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ide21201.vxd not found!
Deletion of file C:\WINDOWS\system32\ide21201.vxd failed!

Could not process line:
C:\WINDOWS\system32\ide21201.vxd
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

ahja das hier ist noch das log von ad-aware, muß hier noch was beachtet werden??


Ad-Aware SE Build 1.06r1
Logfile Created onienstag, 23. Jänner 2007 19:24:52
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R146 22.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):30 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Tracking Cookie(TAC index:3):5 total references
WindUpdates(TAC index:8):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


23.01.2007 19:24:52 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 680
ThreadCreationTime : 23.01.2007 18:13:56
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 23.01.2007 18:13:58
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 23.01.2007 18:13:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 988
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1152
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1240
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1288
ThreadCreationTime : 23.01.2007 18:14:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1504
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1696
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal


#:13 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1708
ThreadCreationTime : 23.01.2007 18:14:01
BasePriority : Normal


#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1896
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 6.14.10.6172
ProductVersion : 6.14.10.6172
ProductName : NVIDIA Driver Helper Service, Version 61.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [smagent.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 2040
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 23.01.2007 18:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [tbmux32.exe]
FilePath : C:\FLO\Programme\EtkBMW\transbase\
ProcessID : 304
ThreadCreationTime : 23.01.2007 18:14:03
BasePriority : Normal
FileVersion : V6.1.2.19 (Build 404)
ProductVersion : V6.1.2.19 (Build 404) $ProjectRevision: 4.119.1.19 $
ProductName : Transbase/CD Database System
CompanyName : Transaction Software, D 81737 Munich
FileDescription : Transbase/CD Database System
LegalCopyright : Copyright (c) 1987 - 2004

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 544
ThreadCreationTime : 23.01.2007 18:14:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:19 [smax4pnp.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1100
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:20 [smax4.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1112
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal
FileVersion : 4, 0, 4, 25
ProductVersion : 4, 0, 4, 25
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright © 2002-2003, Analog Devices
OriginalFilename : SMax4.EXE

#:21 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_10\bin\
ProcessID : 1128
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:22 [point32.exe]
FilePath : C:\Programme\Microsoft IntelliPoint\
ProcessID : 1136
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:23 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1192
ThreadCreationTime : 23.01.2007 18:14:04
BasePriority : Normal


#:24 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1304
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:25 [application launcher.exe]
FilePath : C:\Programme\Sony Ericsson K610\Application Launcher\
ProcessID : 1324
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 1.1.1.3
ProductVersion : 1.1.1.3
ProductName : Application Launcher
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : Application Launcher
InternalName : Application Launcher
LegalCopyright : Copyright (c) 2005 Popwire AB. All rights reserved.
OriginalFilename : Application Launcher.exe

#:26 [ituneshelper.exe]
FilePath : C:\FLO\Programme\ITunes\
ProcessID : 1356
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1552
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [capabilitymanager.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Teleca Shared\
ProcessID : 1624
ThreadCreationTime : 23.01.2007 18:14:05
BasePriority : Normal
FileVersion : 0.0.1.48
ProductVersion : 0.0.1.48
ProductName : CapabilityManager
CompanyName : Teleca Software Solutions AB
FileDescription : Capability Manager
InternalName : CapabilityManager.exe
LegalCopyright : Copyright © 2004 Teleca Software Solutions AB. All rights reserved.
OriginalFilename : CapabilityManager.exe
Comments : This is a generic version of this component

#:29 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 23.01.2007 18:14:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:30 [ipodservice.exe]
FilePath : C:\Programme\iPod\bin\
ProcessID : 2240
ThreadCreationTime : 23.01.2007 18:14:07
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:31 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2380
ThreadCreationTime : 23.01.2007 18:14:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:32 [generic.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Teleca Shared\
ProcessID : 2932
ThreadCreationTime : 23.01.2007 18:14:12
BasePriority : Normal
FileVersion : 1, 0, 3, 2
ProductVersion : 1, 0, 3, 2
ProductName : Device Management
CompanyName : Teleca Software Solutions
FileDescription : Generic Device Management Executable.
InternalName : Generic.exe
LegalCopyright : (c) Teleca Software Solutions. All rights reserved.
OriginalFilename : Generic.exe
Comments : Teleca main line.

#:33 [epmworker.exe]
FilePath : C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\
ProcessID : 3032
ThreadCreationTime : 23.01.2007 18:14:13
BasePriority : Normal
FileVersion : 1, 2, 0,1184
ProductVersion : 1,3,0,3
ProductName : CAPI_Worker Module
CompanyName : Sony Ericsson Mobile Communications AB
FileDescription : CAPI_Worker Module
InternalName : CAPI_Worker
LegalCopyright : Copyright © 2005 Popwire AB. All rights reserved.
OriginalFilename : EPMWorker.EXE

#:34 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3400
ThreadCreationTime : 23.01.2007 18:17:07
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:35 [googletoolbarnotifier.exe]
FilePath : C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\
ProcessID : 3504
ThreadCreationTime : 23.01.2007 18:17:12
BasePriority : Normal
FileVersion : 1, 2, 908, 5008
ProductVersion : 1, 2, 908, 5008
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:36 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3732
ThreadCreationTime : 23.01.2007 18:19:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:37 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3772
ThreadCreationTime : 23.01.2007 18:21:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Editor
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : NOTEPAD.EXE

#:38 [ad-aware.exe]
FilePath : C:\Ad-Aware\
ProcessID : 3876
ThreadCreationTime : 23.01.2007 18:24:42
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (http://static.zangocash.com/cab/zango/ie/bridge-c18.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/zango/ie/bridge-c18.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://static.zangocash.com/cab/zango/ie/bridge-c18.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:mythos@hitbox.com/
Expires : 21.01.2008 16:11:12
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mythos@statse.webtrendslive.com/
Expires : 18.01.2017 16:10:38
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@ehg-idg.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:mythos@ehg-idg.hitbox.com/
Expires : 21.01.2008 16:11:12
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:mythos@advertising.com/
Expires : 20.01.2012 16:09:24
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mythos@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mythos@doubleclick.net/
Expires : 20.01.2010 16:08:04
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 8



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\DOKUME~1\***\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8



MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Mythos\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1547161642-1450960922-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediagatewayx.installer

WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 40

19:26:28 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:36.469
Objects scanned:96809
Objects identified:10
Objects ignored:0
New critical objects:10

Hallo.

Der Avenger konnte leider nicht alle Dateien löschen, also versuchen wir es mal mit der Killbox

Lade dir das Programm und starte es. Klick die Option "delete on reboot"
an.

Suche nun nacheinander folgende Dateien.
WICHTIG: Nach jeder Datei wirst du gefragt ob das System neu gestartet werden soll, immer auf NO klicken, und erst nach der letzten Datei den Neustart bestätigen:

Zitat:

C:\WINDOWS\unvise32.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall6_90.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\system32\ide21201.vxd

Wenn du eine Datei nicht finden solltest, suche die nächste!
Ich will wirklich sicher gehen das alles entfernt wird./wurden ist.

Poste danach nochmal den Inhalt der Ordner mit Hilfe der filelist.zip, sowie der Scan mit SmitfraudFix.

Gruß
Sunny

nach der letzten datei will ich den neustart machen und während killbox den neustart vorbereitet kommt folgende fehlermeldung:

"PendingFileRenameOperations Registry Data has been removed by External Process!"

was tun ??

Das ist komisch, irgendwas blockiert da.

Also nochmal auf Anfang.

Poste ein Hijacklog, die Filelist.zip abarbeiten, und SmitfraudFix scannen lassen.
Ich muss wissen was, wo und wie gelöscht ist..

Sunny

• Hijacklog

Logfile of HijackThis v1.99.1
Scan saved at 18:44:14, on 25.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe
C:\FLO\Programme\ITunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\FLO\Programme\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\flo\programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CnOServerLauncher] CNOServerLauncher.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson K610\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\FLO\Programme\ITunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\FLO\Programme\Acrobat\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\DAP\dapextie2.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\FLO\PROGRA~1\MsOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ\ICQ.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\FLO\PROGRA~1\MsOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\FLO\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166188082765
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.240.228.234/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Transbase - Transaction Software, D 81737 Munich - C:\FLO\Programme\EtkBMW\transbase\tbmux32.exe

• Filelist.zip

----- Root -----------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\

25.01.2007 18:44 43 filelist.txt
25.01.2007 18:06 1.610.612.736 pagefile.sys
23.01.2007 19:13 3.454 avenger.txt
22.01.2007 17:26 211 boot.ini
22.01.2007 17:25 1.107 rapport.txt
21.01.2007 15:40 0 23990098.$$$
07.05.2006 11:46 342 VeaXDbgDebugLog.txt
29.11.2005 21:17 105 hf.path
25.02.2005 18:59 0 MSDOS.SYS
25.02.2005 18:59 0 AUTOEXEC.BAT
25.02.2005 18:59 0 IO.SYS
25.02.2005 18:59 0 CONFIG.SYS
03.08.2004 21:59 251.184 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
18.08.2001 11:00 4.952 bootfont.bin
15 Datei(en) 1.610.921.698 Bytes
0 Verzeichnis(se), 96.856.604.672 Bytes frei

----- Windows --------------------------
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS

25.01.2007 18:07 0 0.log
25.01.2007 18:07 159 wiadebug.log
25.01.2007 18:07 1.265.102 WindowsUpdate.log
25.01.2007 18:07 50 wiaservc.log
25.01.2007 18:07 0 TempFile
25.01.2007 18:07 2.048 bootstat.dat
24.01.2007 22:02 32.618 SchedLgU.Txt
24.01.2007 22:02 116 NeroDigital.ini
23.01.2007 18:51 7.811 setupapi.log
23.01.2007 18:51 186.301 setupact.log
22.01.2007 17:26 646 win.ini
22.01.2007 17:26 227 system.ini
21.01.2007 11:47 5.566.316 REGBK00.ZIP
21.01.2007 11:44 50 Lic.xxx
19.01.2007 18:09 1.409 QTFont.for
19.01.2007 18:09 54.156 QTFont.qfn
13.01.2007 16:57 793.942 iis6.log
13.01.2007 16:57 146.568 ntdtcsetup.log
13.01.2007 16:57 243.137 comsetup.log
13.01.2007 16:57 35.773 tabletoc.log
13.01.2007 16:57 328.628 tsoc.log
13.01.2007 16:57 38.886 ocmsn.log
13.01.2007 16:57 1.374 imsins.log
13.01.2007 16:57 3.520 KB929969.log
13.01.2007 16:57 35.680 msgsocm.log
13.01.2007 16:57 49.544 MedCtrOC.log
13.01.2007 16:57 346.988 ocgen.log
13.01.2007 16:57 124.530 netfxocm.log
13.01.2007 16:57 699.616 FaxSetup.log
13.01.2007 16:57 221.110 msmqinst.log
11.01.2007 18:13 1.917 imsins.BAK
11.01.2007 18:09 0 setuperr.log
10.01.2007 18:25 8.199 hhdrvi.log
10.01.2007 18:25 1.042.470 setupapi.log.0.old
09.01.2007 18:45 118.690 DirectX.log
09.01.2007 18:43 155 winamp.ini
24.12.2006 09:38 956 GEARInstall.log
15.12.2006 18:26 42.150 FontData.fdb
15.12.2006 15:17 93.641 wmsetup.log
15.12.2006 14:34 44.565 spupdsvc.log
15.12.2006 14:33 2.910 COM+.log
15.12.2006 14:32 68.459 KB925398.log
15.12.2006 14:32 73.380 KB923694.log
15.12.2006 14:32 73.020 KB926255.log
15.12.2006 14:32 77.537 updspapi.log
15.12.2006 14:31 87.652 KB925454.log
15.12.2006 14:31 23.177 ie7_main.log
15.12.2006 14:30 70.923 ie7.log
15.12.2006 14:29 15.801 IDNMitigationAPIs.log
15.12.2006 14:28 14.283 NLSDownlevelMapping.log
15.12.2006 14:28 11.856 KB915865.log
15.12.2006 14:27 9.577 KB914440.log
15.12.2006 14:27 26.860 KB920213.log
15.12.2006 14:27 19.158 KB904942.log
15.12.2006 13:58 780.837 setuplog.txt
10.12.2006 02:33 972 wmsetup10.log
10.12.2006 02:30 9.488 KB926239.log
10.12.2006 02:29 6.190 MSCompPackV1.log
10.12.2006 02:29 19.660 wmp11.log
10.12.2006 02:28 26.905 WMFDist11.log
10.12.2006 02:28 316.640 WMSysPr9.prx
10.12.2006 02:27 10.496 Wudf01000Inst.log
06.12.2006 16:21 83.320 aksdrvsetup.log
06.12.2006 16:12 98 etkinst.ini
17.11.2006 17:50 17.640 KB923980.log
17.11.2006 17:50 17.288 KB924270.log
17.11.2006 17:49 18.183 KB922760.log
14.10.2006 12:59 13.608 KB924191.log
14.10.2006 12:59 13.212 KB922819.log
14.10.2006 12:58 11.425 KB923414.log
14.10.2006 12:58 11.420 KB924496.log
14.10.2006 12:58 8.786 KB923191.log
09.10.2006 17:11 12.165 KB925486.log
16.09.2006 08:41 13.080 KB920685.log
16.09.2006 08:41 14.921 KB920872.log
16.09.2006 08:41 13.242 KB919007.log
16.09.2006 08:40 9.131 KB922582.log
14.09.2006 18:53 836.040 DPINST.LOG
13.08.2006 21:59 16.143 KB920214.log
13.08.2006 21:59 15.859 KB921883.log
13.08.2006 21:59 15.716 KB922616.log
13.08.2006 21:59 16.119 KB921398.log
13.08.2006 21:58 19.423 KB918899.log
13.08.2006 21:58 12.102 KB920670.log
13.08.2006 21:58 12.264 KB917422.log
13.08.2006 21:58 12.515 KB920683.log
06.08.2006 08:56 7.157 WgaNotify.log
13.07.2006 12:27 11.838 KB917159.log
13.07.2006 12:27 12.347 KB914388.log
13.07.2006 12:26 10.457 KB916595.log
15.06.2006 15:07 11.452 KB917734.log
15.06.2006 15:07 14.714 KB918439.log
15.06.2006 15:06 15.397 KB917344.log
15.06.2006 15:06 14.358 KB917953.log
15.06.2006 15:06 14.339 KB911280.log
15.06.2006 15:06 17.626 KB916281.log
15.06.2006 15:06 11.653 KB914389.log
02.06.2006 15:50 172 AOMUTL.log
02.06.2006 15:50 90 NVDrvInst.log
02.06.2006 15:50 157 arcobat5.log
13.05.2006 09:04 12.098 KB913580.log
04.05.2006 18:15 221 muma7dlx.INI
25.04.2006 20:00 11.307 KB900485.log
17.04.2006 10:42 16.102 KB908531.log
17.04.2006 10:42 15.407 KB911562.log
17.04.2006 10:42 18.237 KB912812.log
17.04.2006 10:42 13.330 KB911565.log
17.04.2006 10:41 10.895 KB911567.log
08.04.2006 10:58 107 SEA.INI
18.02.2006 18:17 10.693 KB911927.log
18.02.2006 18:17 6.631 KB911564.log
18.02.2006 18:17 6.704 KB913446.log
02.02.2006 19:06 11.279 HPSETUP.INI
02.02.2006 07:42 468.084 cluninst.exe
21.01.2006 12:21 37 ipixActivex.ini
18.01.2006 21:32 410 pinstall.log
18.01.2006 21:14 107 ETKVE.INI
12.01.2006 17:25 10.173 KB908519.log
06.01.2006 18:12 364 nsw.log
06.01.2006 15:44 11.089 KB912919.log
16.12.2005 18:04 10.477 KB910437.log
16.12.2005 18:03 17.423 KB905915.log
01.12.2005 18:06 114 magix.ini
20.11.2005 11:44 14.039 LUINSTALL.LOG
11.11.2005 14:22 11.943 KB896424.log
13.10.2005 18:25 23.345 KB901017.log
13.10.2005 18:25 26.941 KB902400.log
13.10.2005 18:25 17.680 KB899589.log
13.10.2005 18:24 17.996 KB905414.log
13.10.2005 18:24 21.224 KB896688.log
13.10.2005 18:24 14.297 KB900725.log
13.10.2005 18:24 11.510 KB904706.log
13.10.2005 18:24 12.146 KB905749.log
15.08.2005 11:36 18.255 KB899587.log
15.08.2005 11:35 17.750 KB899591.log
15.08.2005 11:35 17.938 KB893756.log
15.08.2005 11:35 17.213 KB896423.log
15.08.2005 11:35 18.669 KB896727.log
15.08.2005 11:35 13.613 KB899588.log
15.08.2005 11:35 13.406 KB894391.log
30.07.2005 15:59 74.752 ST6UNST.EXE
30.07.2005 15:49 0 nsreg.dat
30.07.2005 15:48 3.035 mozver.dat
14.07.2005 16:06 11.204 KB901214.log
14.07.2005 16:06 3.809 KB903235.log
29.06.2005 18:55 6.888 KB898461.log
25.06.2005 13:57 545 eReg.dat
25.06.2005 13:23 24 dlb.ini
18.06.2005 11:53 291 CorelDRAW.ini
16.06.2005 18:29 16.345 KB896422.log
16.06.2005 18:29 18.016 KB883939.log
16.06.2005 18:28 12.127 KB896358.log
16.06.2005 18:28 11.675 KB890046.log
16.06.2005 18:28 27.764 KB893066.log
16.06.2005 18:28 10.320 KB896428.log
07.06.2005 11:16 2.119 vminst.log
01.06.2005 22:38 8.448 SYMEVENT.LOG
27.05.2005 00:22 10.752 hh.exe
19.05.2005 11:49 5.300 KB893803v2.log
16.04.2005 15:18 18.098 KB890923.log
16.04.2005 15:18 13.669 KB893086.log
16.04.2005 15:17 15.186 KB890859.log
16.04.2005 15:17 6.910 KB893803.log
02.04.2005 09:13 3.230 Ascd_tmp.ini
30.03.2005 20:42 225.280 7FE1B8E1908011d4B33000001A112984.exe
28.03.2005 17:49 720.896 iun6002.exe
08.03.2005 10:33 28.252 corelpf.lrs
02.03.2005 20:16 59 LTDLG13N.INI
26.02.2005 19:16 400 ODBC.INI
25.02.2005 19:19 72.570 KB885835.log
25.02.2005 19:19 71.443 KB885836.log
25.02.2005 19:18 72.259 KB885250.log
25.02.2005 19:18 71.498 KB890175.log
25.02.2005 19:18 71.433 KB873339.log
25.02.2005 19:18 10.252 KB885626.log
25.02.2005 19:18 71.500 KB888113.log
25.02.2005 19:18 72.044 KB887742.log
25.02.2005 19:18 71.443 KB887472.log
25.02.2005 19:18 71.543 KB891781.log
25.02.2005 19:18 13.573 KB867282.log
25.02.2005 19:18 68.982 KB873333.log
25.02.2005 19:18 66.764 KB890047.log
25.02.2005 19:18 52.461 KB888302.log
25.02.2005 19:18 6.696 KB886185.log
25.02.2005 19:03 829 OEWABLog.txt
25.02.2005 19:02 8.192 REGLOCS.OLD
25.02.2005 18:59 0 control.ini
25.02.2005 18:59 4.161 ODBCINST.INI
25.02.2005 18:58 749 WindowsShell.Manifest
25.02.2005 18:57 1.023 sessmgr.setup.log
25.02.2005 18:56 36 vb.ini
25.02.2005 18:56 37 vbaddin.ini
25.02.2005 18:56 133 DtcInstall.log
25.02.2005 18:55 200 cmsetacl.log
25.02.2005 18:53 2.014 regopt.log
25.02.2005 18:51 0 Sti_Trace.log
21.01.2005 19:58 136.672 UNNeroVision.cfg
20.01.2005 12:29 2.658.304 UNNeroVision.exe
07.01.2005 10:42 45.313 UNNMP.cfg
04.01.2005 16:41 2.670.592 UNNMP.exe
30.11.2004 17:14 67.990 UNNVEContent.cfg
04.08.2004 00:59 1.014.663 SET3.tmp
04.08.2004 00:55 14.043 SET8.tmp
04.08.2004 00:53 1.086.058 SET4.tmp
03.08.2004 23:58 288.768 winhlp32.exe
03.08.2004 23:58 153.600 REGEDIT.COM
03.08.2004 23:58 153.600 regedit.exe
03.08.2004 23:58 153.600 R.COM
03.08.2004 23:58 70.144 NOTEPAD.EXE
03.08.2004 23:57 1.035.264 explorer.exe
03.08.2004 23:57 50.688 twain_32.dll
14.05.2004 15:12 1.916.928 UNNVEContent.exe
05.12.2003 15:50 594.018 ETKEU.EXE
21.05.2003 23:50 156.910 WMSysPr8.prx
28.02.2003 17:26 46.352 setdebug.exe
28.02.2003 15:35 6.550 jautoexp.dat
28.08.2002 05:27 597.191 SEAU.EXE
18.08.2001 11:00 49.680 twunk_16.exe
18.08.2001 11:00 94.800 twain.dll
18.08.2001 11:00 2 desktop.ini
18.08.2001 11:00 15.872 TASKMAN.EXE
18.08.2001 11:00 80 explorer.scf
18.08.2001 11:00 18.944 vmmreg32.dll
18.08.2001 11:00 16.730 Feder.bmp
18.08.2001 11:00 65.978 Seifenblase.bmp
18.08.2001 11:00 25.600 twunk_32.exe
18.08.2001 11:00 26.680 F„cher.bmp
18.08.2001 11:00 65.832 Santa Fe-Stuck.bmp
18.08.2001 11:00 17.362 Rhododendron.bmp
18.08.2001 11:00 82.944 clock.avi
18.08.2001 11:00 257.568 winhelp.exe
18.08.2001 11:00 26.582 Granit.bmp
18.08.2001 11:00 48.680 winnt.bmp
18.08.2001 11:00 48.680 winnt256.bmp
18.08.2001 11:00 1.272 Blaue Spitzen 16.bmp
18.08.2001 11:00 65.954 Pr„riewind.bmp
18.08.2001 11:00 34.818 wmprfDEU.prx
18.08.2001 11:00 9.522 Zapotek.bmp
18.08.2001 11:00 1.405 msdfmap.ini
18.08.2001 11:00 17.062 Kaffeetasse.bmp
18.08.2001 11:00 17.336 Angler.bmp
18.08.2001 11:00 707 _default.pif
15.12.1999 20:21 140.158 WMSysPrf.PRX
17.11.1998 11:44 328.704 IsUn0407.exe
29.10.1998 15:45 306.688 IsUninst.exe
01.07.1997 05:37 484 zipserv.use
246 Datei(en) 32.420.141 Bytes
0 Verzeichnis(se), 96.856.596.480 Bytes frei

----- System ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system

14.05.16745 12:49 398.416 VBRUN300.DLL
25.08.2006 01:35 4.096 LEXHDL5.DLL
18.01.2006 20:33 157.696 STORAGE.DLL
03.08.2004 23:58 146.944 WINSPOOL.DRV
03.08.2004 23:37 69.632 MMSYSTEM.DLL
19.09.2001 13:47 765.952 crlds3d.dll
18.08.2001 11:00 59.167 setup.inf
18.08.2001 11:00 33.744 COMMDLG.DLL
18.08.2001 11:00 13.600 WFWNET.DRV
18.08.2001 11:00 1.744 SOUND.DRV
18.08.2001 11:00 109.504 AVIFILE.DLL
18.08.2001 11:00 9.936 LZEXPAND.DLL
18.08.2001 11:00 73.760 MCIAVI.DRV
18.08.2001 11:00 25.296 MCISEQ.DRV
18.08.2001 11:00 28.160 MCIWAVE.DRV
18.08.2001 11:00 5.120 SHELL.DLL
18.08.2001 11:00 1.152 MMTASK.TSK
18.08.2001 11:00 2.032 MOUSE.DRV
18.08.2001 11:00 2.000 KEYBOARD.DRV
18.08.2001 11:00 127.104 MSVIDEO.DLL
18.08.2001 11:00 2.176 VGA.DRV
18.08.2001 11:00 9.200 VER.DLL
18.08.2001 11:00 70.368 AVICAP.DLL
18.08.2001 11:00 4.048 TIMER.DRV
18.08.2001 11:00 19.200 TAPI.DLL
18.08.2001 11:00 3.360 SYSTEM.DRV
18.08.2001 11:00 24.064 OLESVR.DLL
18.08.2001 11:00 82.944 OLECLI.DLL
18.08.2001 11:00 5.532 stdole.tlb
13.04.1997 08:30 236.774 ZIPSRV.DLL
27.03.1997 04:59 31.744 MSAFINX.DLL
06.03.1997 09:41 63.598 ZIPDIR.DLL
25.08.1996 07:15 21.906 ZIPADAT.DLL
24.08.1996 04:46 83.936 ZSUNZIP.DLL
15.08.1995 00:00 5.120 STKIT416.DLL
15.08.1995 00:00 12.976 SCP.DLL
15.08.1995 00:00 152.976 OLE2NLS.DLL
15.08.1995 00:00 164.960 OLE2DISP.DLL
15.08.1995 00:00 57.328 OLE2CONV.DLL
15.08.1995 00:00 109.056 COMPOBJ.DLL
15.08.1995 00:00 177.824 TYPELIB.DLL
15.08.1995 00:00 35.200 VAEN21.OLB
15.08.1995 00:00 935.632 VB40016.DLL
15.08.1995 00:00 51.712 OLE2PROX.DLL
15.08.1995 00:00 304.640 OLE2.DLL
15.08.1995 00:00 536.048 OC25.DLL
15.08.1995 00:00 26.992 CTL3DV2.DLL
14.08.1995 16:45 28.113 OLE2.REG
14.08.1995 16:45 14.933 VSHARE.386
18.07.1994 07:16 40.320 COMPRESS.DLL
05.05.1994 00:40 328.720 TRUEGRID.VBX
18.02.1994 12:33 3.776 CALL32.DLL
27.04.1993 18:45 18.688 CMDIALOG.VBX
53 Datei(en) 5.698.919 Bytes
0 Verzeichnis(se), 96.856.596.480 Bytes frei

----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist Festplatte C
Volumeseriennummer: ACD8-30B4

Verzeichnis von C:\WINDOWS\system32

25.01.2007 18:07 13.646 wpa.dbl
21.01.2007 21:50 952 KGyGaAvL.sys
19.01.2007 17:01 45 initdebug.nfo
12.01.2007 14:18 383.254 perfh009.dat
12.01.2007 14:18 394.500 perfh007.dat
12.01.2007 14:18 53.608 perfc009.dat
12.01.2007 14:18 64.598 perfc007.dat
12.01.2007 14:18 899.052 PerfStringBackup.INI
03.01.2007 00:19 10.980.776 MRT.exe
21.12.2006 21:48 9.132 jupdate-1.5.0_10-b03.log
15.12.2006 14:34 278.152 FNTCACHE.DAT
15.12.2006 13:58 13.588 wpa.bak
10.12.2006 02:29 23.392 nscompat.tlb
10.12.2006 02:29 16.832 amcompat.tlb
06.12.2006 16:21 191.488 hlvdd.dll
01.12.2006 05:20 79.360 swxcacls.exe
22.11.2006 17:49 8.892 jupdate-1.5.0_09-b03.log
17.11.2006 18:54 1.040.384 ieframe.dll.mui
17.11.2006 18:53 12.288 advpack.dll.mui
09.11.2006 15:07 127.078 javaws.exe
09.11.2006 15:07 49.265 jpicpl32.cpl
09.11.2006 13:28 53.346 javaw.exe
09.11.2006 13:28 49.248 java.exe
08.11.2006 06:06 679.424 inetcomm.dll
07.11.2006 21:03 670.720 mstime.dll
07.11.2006 21:03 27.136 jsproxy.dll
07.11.2006 21:03 231.424 webcheck.dll
07.11.2006 21:03 156.160 msls31.dll
07.11.2006 21:03 180.736 ieui.dll
07.11.2006 21:03 191.488 iepeers.dll
07.11.2006 21:03 475.648 mshtmled.dll
07.11.2006 21:03 6.049.280 ieframe.dll
07.11.2006 21:03 50.688 msfeedsbs.dll
07.11.2006 21:03 1.162.240 urlmon.dll
07.11.2006 21:03 818.688 wininet.dll
07.11.2006 21:03 131.584 extmgr.dll
07.11.2006 21:03 458.752 msfeeds.dll
07.11.2006 21:03 413.696 vbscript.dll
07.11.2006 21:03 3.577.856 mshtml.dll
07.11.2006 03:27 382.976 iedkcs32.dll
07.11.2006 03:27 229.376 ieaksie.dll
07.11.2006 03:26 152.064 ieakeng.dll
07.11.2006 03:26 71.680 admparse.dll
07.11.2006 03:26 55.296 iesetup.dll
07.11.2006 03:26 13.312 ieudinit.exe
07.11.2006 03:26 43.008 iernonce.dll
07.11.2006 03:26 54.784 ie4uinit.exe
07.11.2006 03:26 123.904 advpack.dll
07.11.2006 03:26 92.672 inseng.dll
07.11.2006 03:25 161.792 ieakui.dll
07.11.2006 03:24 56.483 ieuinit.inf
04.11.2006 14:14 1.245.696 msxml4.dll
03.11.2006 10:02 8.282.112 wmploc.dll
03.11.2006 09:56 99.840 wmpshell.dll
03.11.2006 09:55 275.968 wmerror.dll
03.11.2006 09:54 8.192 asferror.dll
02.11.2006 11:51 43.008 wpdshextres.dll
25.10.2006 19:15 65.536 QuickTimeVR.qtx
25.10.2006 19:15 49.152 QuickTime.qts
23.10.2006 16:34 474.624 shlwapi.dll
23.10.2006 16:34 1.497.600 shdocvw.dll
23.10.2006 16:34 1.056.256 danim.dll
23.10.2006 16:34 1.022.976 browseui.dll
23.10.2006 16:34 152.064 cdfview.dll
23.10.2006 12:43 270.336 xpsp3res.dll
20.10.2006 02:38 715.776 sxs.dll
18.10.2006 21:58 8.704 uwdf.exe
18.10.2006 21:58 8.704 wdfmgr.exe
18.10.2006 21:47 603.648 WMSPDMOD.dll
18.10.2006 21:47 2.450.944 SET46.tmp
18.10.2006 21:47 4.096 WMVADVE.DLL
18.10.2006 21:47 2.450.944 wmvcore.dll
18.10.2006 21:47 4.096 wmsdmoe2.dll
18.10.2006 21:47 1.543.680 WMVDECOD.dll
18.10.2006 21:47 4.096 wmvdmoe2.dll
18.10.2006 21:47 629.760 wpd_ci.dll
18.10.2006 21:47 1.574.912 WMVENCOD.dll
18.10.2006 21:47 4.096 WMVADVD.dll
18.10.2006 21:47 133.632 WPDShServiceObj.dll
18.10.2006 21:47 1.382.912 WMVSDECD.dll
18.10.2006 21:47 4.096 wmsdmod.dll
18.10.2006 21:47 767.488 WMVSENCD.dll
18.10.2006 21:47 2.603.008 WpdShext.dll
18.10.2006 21:47 63.488 wpdmtpus.dll
18.10.2006 21:47 4.096 wmvdmod.dll
18.10.2006 21:47 656.896 WMVXENCD.dll
18.10.2006 21:47 154.624 wpdmtp.dll
18.10.2006 21:47 35.840 wpdconns.dll
18.10.2006 21:47 1.329.152 WMSPDMOE.dll
18.10.2006 21:47 356.352 wpdsp.dll
18.10.2006 21:47 1.661.440 wmpencen.dll
18.10.2006 21:47 204.288 wmpsrcwp.dll
18.10.2006 21:47 613.376 wmpmde.dll
18.10.2006 21:47 295.936 wmpeffects.dll
18.10.2006 21:47 314.880 wmpdxm.dll
18.10.2006 21:47 242.688 wmpasf.dll
18.10.2006 21:47 10.834.432 wmp.dll
18.10.2006 21:47 937.984 WMNetMgr.dll
18.10.2006 21:47 157.184 wmidx.dll
18.10.2006 21:47 130.048 wmpps.dll
18.10.2006 21:47 535.040 wmdrmsdk.dll
18.10.2006 21:47 348.672 wmdrmnet.dll
18.10.2006 21:47 429.056 wmdrmdev.dll
18.10.2006 21:47 37.376 wmdmps.dll
18.10.2006 21:47 33.792 wmdmlog.dll
18.10.2006 21:47 222.208 wmasf.dll
18.10.2006 21:47 101.888 PortableDeviceClassExtension.dll
18.10.2006 21:47 166.912 PortableDeviceTypes.dll
18.10.2006 21:47 1.117.696 WMADMOE.dll
18.10.2006 21:47 757.248 WMADMOD.dll
18.10.2006 21:47 4.096 wdfapi.dll
18.10.2006 21:47 211.456 qasf.dll
18.10.2006 21:47 199.168 PortableDeviceWMDRM.dll
18.10.2006 21:47 284.160 PortableDeviceApi.dll
18.10.2006 21:47 132.096 PortableDeviceWiaCompat.dll
18.10.2006 21:47 222.208 SET3A.tmp
18.10.2006 21:47 175.616 mspmsp.dll
18.10.2006 21:47 179.712 msnetobj.dll
18.10.2006 21:47 321.536 mswmdm.dll
18.10.2006 21:47 414.208 msscp.dll
18.10.2006 21:47 27.136 mspmsnsv.dll
18.10.2006 21:47 4.096 MP4SDMOD.dll
18.10.2006 21:47 259.072 MPG4DECD.dll
18.10.2006 21:47 4.096 MP43DMOD.dll
18.10.2006 21:47 11.264 LAPRXY.dll
18.10.2006 21:47 259.072 MP43DECD.dll
18.10.2006 21:47 317.440 MP4SDECD.dll
18.10.2006 21:47 4.096 MPG4DMOD.dll
18.10.2006 21:47 212.992 MFPLAT.dll
18.10.2006 21:47 542.720 blackbox.dll
18.10.2006 21:47 229.376 cewmdm.dll
18.10.2006 21:47 991.744 drmv2clt.dll
18.10.2006 21:47 276.992 SET53.tmp
18.10.2006 20:05 232.448 l3codecp.acm
18.10.2006 20:03 100.864 logagent.exe
18.10.2006 20:00 249.856 drmupgds.exe
18.10.2006 20:00 17.408 wpdshextautoplay.exe
17.10.2006 12:06 443.904 html.iec
17.10.2006 12:06 78.336 ieencode.dll
17.10.2006 12:05 206.336 WinFXDocObj.exe
17.10.2006 12:05 1.817.088 inetcpl.cpl
17.10.2006 12:05 105.984 url.dll
17.10.2006 12:05 40.960 licmgr10.dll
17.10.2006 12:05 192.000 msrating.dll
17.10.2006 12:04 101.376 occache.dll
17.10.2006 12:00 491.520 jscript.dll
17.10.2006 11:58 12.288 msfeedssync.exe
17.10.2006 11:58 61.952 icardie.dll
17.10.2006 11:58 44.544 pngfilt.dll
17.10.2006 11:58 346.624 dxtmsft.dll
17.10.2006 11:57 36.352 imgutil.dll
17.10.2006 11:57 214.528 dxtrans.dll
17.10.2006 11:57 266.752 iertutil.dll
17.10.2006 11:56 45.568 mshta.exe
17.10.2006 11:55 66.560 tdc.ocx
17.10.2006 11:28 48.128 mshtmler.dll
17.10.2006 11:27 380.928 ieapfltr.dll
17.10.2006 11:19 1.383.424 mshtml.tlb
13.10.2006 13:35 146.432 nwprovau.dll
13.10.2006 13:35 64.000 nwapi32.dll
13.10.2006 13:35 65.536 nwwks.dll
02.10.2006 15:28 312.128 msdelta.dll
28.09.2006 20:13 95.344 WUDFCoinstaller.dll
28.09.2006 18:56 146.432 WudfHost.exe
28.09.2006 18:56 316.416 WUDFx.dll
28.09.2006 18:56 165.376 WudfPlatform.dll
28.09.2006 18:56 55.808 WudfSvc.dll
25.09.2006 17:58 14.640 spmsg.dll
25.09.2006 17:58 23.856 spupdsvc.exe
24.09.2006 14:28 5.248 speedfan.sys
23.09.2006 12:12 82.428 IE7Eula.rtf
19.09.2006 15:43 109.360 GEARAspi.dll
13.09.2006 06:02 1.084.416 msxml3.dll
05.09.2006 23:01 2.451.824 ieapfltr.dat
01.09.2006 07:44 1.988 ticrf.rat
01.09.2006 07:44 8.798 icrav03.rat
29.08.2006 18:43 135.168 swreg.exe
25.08.2006 16:46 617.472 comctl32.dll
24.08.2006 13:19 246.814 strmdll.dll
24.08.2006 13:17 500.278 dxmasf.dll
21.08.2006 13:26 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
20.08.2006 20:53 8.892 jupdate-1.5.0_08-b03.log
17.08.2006 13:28 332.288 netapi32.dll
17.08.2006 13:28 132.096 wkssvc.dll
17.08.2006 13:28 729.600 lsasrv.dll
16.08.2006 12:58 100.352 6to4svc.dll
07.08.2006 08:50 1.484.592 LegitCheckControl.DLL
21.07.2006 09:29 72.704 hlink.dll
14.07.2006 16:51 121.856 xmllite.dll
14.07.2006 16:25 546.304 hhctrl.ocx
13.07.2006 14:34 8.494.592 shell32.dll
05.07.2006 11:55 1.057.792 kernel32.dll
29.06.2006 08:05 23.552 normaliz.dll
29.06.2006 08:05 26.112 idndl.dll
28.06.2006 17:59 24.576 nlsdl.dll
26.06.2006 18:40 148.480 dnsapi.dll
26.06.2006 18:40 8.192 rasadhlp.dll
25.06.2006 18:26 57.384 avsda.dll
22.06.2006 06:06 1.441.792 query.dll
22.06.2006 06:06 69.120 ciodm.dll
19.06.2006 15:20 702.768 WgaLogon.dll
19.06.2006 15:19 304.944 WgaTray.exe
08.06.2006 12:06 39.284 normnfd.nls
08.06.2006 12:06 45.794 normnfc.nls
08.06.2006 12:06 66.384 normnfkc.nls
08.06.2006 12:06 60.294 normnfkd.nls
08.06.2006 12:06 59.342 normidna.nls
01.06.2006 19:47 27.648 jgpl400.dll
01.06.2006 19:47 163.840 jgdw400.dll
19.05.2006 14:09 95.744 iphlpapi.dll
19.05.2006 14:09 112.128 dhcpcsvc.dll
14.05.2006 09:48 181.248 rasmans.dll
07.05.2006 14:52 1.409 tmpD4A1A.FOT
07.05.2006 14:52 1.409 tmpE1A1A.FOT
27.04.2006 16:49 288.417 SrchSTS.exe
24.03.2006 05:37 49.152 wdigest.dll
17.03.2006 01:38 28.672 verclsid.exe
15.03.2006 10:19 98.304 CmdLineExt.dll
10.03.2006 23:08 413.184 cpeaut32.dll
10.03.2006 23:07 51.200 ltlst13n.dll
10.03.2006 23:07 32.256 lttmb13n.dll
10.03.2006 23:07 44.032 lttwn13n.dll
10.03.2006 23:07 212.480 PCDLIB32.DLL
10.03.2006 23:07 30.208 LTWND13n.DLL
10.03.2006 23:07 49.664 lfXbm13n.dll
10.03.2006 23:07 25.600 lfxwd13n.dll
10.03.2006 23:07 19.968 lfwfx13n.dll
10.03.2006 23:07 20.480 lfwpg13n.dll
10.03.2006 23:07 51.200 lfXpm13n.dll
10.03.2006 23:07 29.184 lflma13n.dll
10.03.2006 23:07 31.232 LFPNM13n.dll
10.03.2006 23:07 118.784 lfkodak.dll
10.03.2006 23:07 18.944 lfmsp13n.dll
10.03.2006 23:07 102.400 lfmpg13n.dll
10.03.2006 23:07 18.944 lfmac13n.dll
10.03.2006 23:07 48.128 lfica13n.dll
10.03.2006 23:07 27.648 lfiff13n.dll
10.03.2006 23:07 184.320 lfdxf13n.dll
10.03.2006 23:07 47.104 lfgif13n.dll
10.03.2006 23:07 338.944 lffpx7.dll
10.03.2006 23:07 31.744 lfclp13n.dll
10.03.2006 23:07 38.400 lfflc13n.dll
10.03.2006 23:07 94.208 lfdrw13n.dll
10.03.2006 23:07 79.872 Lfdgn13n.dll
10.03.2006 23:07 20.480 lfCUT13n.dll
10.03.2006 23:07 19.968 lfitg13n.dll
10.03.2006 23:07 56.320 lfcal13n.dll
10.03.2006 23:07 23.040 lfawd13n.dll
10.03.2006 23:07 19.968 lfavi13n.dll
10.03.2006 23:07 25.600 lfani13n.dll
10.03.2006 23:07 89.600 Lfcgm13n.dll
01.03.2006 20:43 11.776 xolehlp.dll
01.03.2006 20:43 91.136 mtxoci.dll
01.03.2006 20:43 161.280 msdtcuiu.dll
01.03.2006 20:43 956.416 msdtctm.dll
01.03.2006 20:43 426.496 msdtcprx.dll
01.03.2006 20:43 66.560 mtxclu.dll
15.02.2006 21:16 61.440 madCHook.dll
25.01.2006 04:34 118.784 sirenacm.dll
09.01.2006 09:36 40.960 swsc.exe
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll
21.12.2005 18:27 7.006 jupdate-1.5.0_06-b05.log
05.12.2005 18:09 2.323.664 d3dx9_28.dll
05.12.2005 18:07 61.136 xinput9_1_0.dll
01.12.2005 18:06 2.272 w95inf16.dll
01.12.2005 18:06 4.608 w95inf32.dll
20.11.2005 11:32 100 LuResult.txt
05.11.2005 10:07 4.058 hdd32.log
26.10.2005 08:41 5.618 jupdate-1.5.0_05-b05.log
20.10.2005 23:25 1.094.144 esent.dll
19.10.2005 17:02 34.308 BASSMOD.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
08.10.2005 18:33 8.464 sporder.dll
06.10.2005 04:08 1.839.616 win32k.sys
10.09.2005 02:54 2.067.968 cdosys.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
11.08.2005 15:29 73.728 ISUSPM.cpl
09.08.2005 23:14 692.224 divxdec.ax
09.08.2005 23:13 4.276 divxsm.tlb
09.08.2005 23:13 524.288 DivXsm.exe
09.08.2005 23:13 692.736 DivX.dll
09.08.2005 23:13 688.128 divx_xx07.dll
09.08.2005 23:13 10.775 dsm_ja.qm
09.08.2005 23:13 15.351 dsm_de.qm
09.08.2005 23:13 15.153 dsm_fr.qm
09.08.2005 23:13 688.128 divx_xx0c.dll
09.08.2005 23:13 671.744 divx_xx11.dll
09.08.2005 23:13 831.488 libeay32.dll
09.08.2005 23:13 245.408 unicows.dll
09.08.2005 23:13 159.744 ssleay32.dll
09.08.2005 23:12 3.596.288 qt-dx331.dll
09.08.2005 23:12 8.523 dpude.qm
09.08.2005 23:12 86.016 dpl100.dll
09.08.2005 23:12 581.632 dpuGUI11.dll
09.08.2005 23:12 200.704 dtu100.dll
09.08.2005 23:12 303.104 dpus11.dll
09.08.2005 23:12 57.344 dpv11.dll
09.08.2005 23:12 245.760 dpu11.dll
09.08.2005 23:12 3.136 dtu_de.qm
09.08.2005 23:12 356.436 DivXMedia.ax
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 110.080 clbcatex.dll
26.07.2005 05:39 625.152 catsrvut.dll
26.07.2005 05:39 225.792 catsrv.dll
22.07.2005 19:59 2.319.568 d3dx9_27.dll
16.07.2005 14:44 3.799 jupdate-1.5.0_04-b05.log
08.07.2005 17:28 76.800 remotesp.tsp
08.07.2005 17:28 249.344 tapisrv.dll
29.06.2005 02:49 254.976 icm32.dll
29.06.2005 02:49 74.240 mscms.dll
25.06.2005 00:59 183.296 crpaig32.dll
25.06.2005 00:59 5.350.912 crpe32.dll
25.06.2005 00:59 171.520 P2smon.dll
25.06.2005 00:59 18.944 implode.dll
25.06.2005 00:59 679.424 cr2c70de.dll
25.06.2005 00:58 3.776.512 vfp8t.dll
25.06.2005 00:58 1.187.840 vfp8rdeu.dll
25.06.2005 00:58 1.171.456 vfp8rrus.dll
25.06.2005 00:58 1.187.840 vfp8resn.dll
25.06.2005 00:58 1.187.840 vfp8rfra.dll
25.06.2005 00:58 1.150.976 VFP8RENU.DLL
25.06.2005 00:58 1.150.976 vfp8rchs.dll
25.06.2005 00:58 4.300.800 vfp8r.dll
25.06.2005 00:58 1.150.976 vfp8rcht.dll
25.06.2005 00:58 1.159.168 vfp8rcsy.dll
25.06.2005 00:58 1.150.976 vfp8rkor.dll
25.06.2005 00:58 1.693.696 LTCLR13n.dll
25.06.2005 00:58 1.402.880 ltdlg13n.dll
25.06.2005 00:58 65.536 Lfpct13n.dll
25.06.2005 00:58 26.112 lfpcx13n.dll
25.06.2005 00:58 177.664 lfpdf13n.dll
25.06.2005 00:58 149.504 Lfpng13n.dll
25.06.2005 00:58 453.120 ltkrn13n.dll
25.06.2005 00:58 206.848 ltefx13n.dll
25.06.2005 00:58 20.480 lfras13n.dll
25.06.2005 00:58 46.080 lfwmf13n.dll
25.06.2005 00:58 154.112 ltfil13n.DLL
25.06.2005 00:58 387.584 LFCMP13n.DLL
25.06.2005 00:58 444.928 ltimg13n.dll
25.06.2005 00:58 47.616 lfeps13n.dll
25.06.2005 00:58 31.744 lflmb13n.dll
25.06.2005 00:58 84.480 lffpx13n.dll
25.06.2005 00:58 143.360 lftif13n.dll
25.06.2005 00:58 265.728 LTDIS13n.dll
25.06.2005 00:58 24.576 lftga13n.dll
25.06.2005 00:58 90.112 lfjbg13n.dll
25.06.2005 00:58 19.968 lfpcd13n.dll
25.06.2005 00:58 57.344 lfpsd13n.dll
25.06.2005 00:58 20.992 lfimg13n.dll
25.06.2005 00:58 30.208 lfbmp13n.dll
25.06.2005 00:58 73.728 lffax13n.dll
19.06.2005 18:48 493 WebPlayerInstaller.log
15.06.2005 18:49 295.936 kerberos.dll
11.06.2005 00:53 57.856 spoolsv.exe
27.05.2005 03:04 41.472 hhsetup.dll
27.05.2005 03:04 155.136 itircl.dll
27.05.2005 03:04 137.216 itss.dll
26.05.2005 15:34 2.297.552 d3dx9_26.dll
26.05.2005 04:19 178.408 muweb.dll
26.05.2005 04:16 128.232 mucltui.dll
26.05.2005 03:16 173.536 wuweb.dll
26.05.2005 03:16 18.200 wups2.dll
26.05.2005 03:16 1.343.768 wuaueng.dll
26.05.2005 03:16 41.240 wups.dll
26.05.2005 03:16 198.424 iuengine.dll
26.05.2005 03:16 75.544 cdm.dll
26.05.2005 03:16 124.696 wuauclt.exe
26.05.2005 03:16 466.200 wuapi.dll
26.05.2005 03:16 174.872 wuaucpl.cpl
26.05.2005 03:16 174.872 wuauclt1.exe
26.05.2005 03:16 128.280 wucltui.dll
26.05.2005 03:16 194.840 wuaueng1.dll
18.05.2005 20:11 581.632 dfxg11.dll
14.05.2005 13:15 344.064 msvcr70.dll
11.05.2005 03:30 78.336 telnet.exe
04.05.2005 13:45 2.890.240 msi.dll
03.04.2005 08:22 3.069 jupdate-1.5.0_02-b09.log
21.03.2005 14:00 78.848 msiexec.exe
21.03.2005 14:00 884.736 msimsg.dll
21.03.2005 14:00 15.360 msisip.dll
21.03.2005 14:00 271.360 msihnd.dll
18.03.2005 17:19 2.337.488 d3dx9_25.dll
17.03.2005 14:39 1.146.320 FM20.DLL
11.03.2005 23:48 108.544 pxcpyi64.exe
11.03.2005 23:48 109.568 pxinsi64.exe
11.03.2005 23:48 56.832 pxcpya64.exe
11.03.2005 23:48 56.320 pxinsa64.exe
11.03.2005 23:48 61.440 pxhpinst.exe
11.03.2005 23:28 339.968 pxwave.dll
11.03.2005 23:28 151.552 pxwma.dll
11.03.2005 23:28 28.672 vxblock.dll
11.03.2005 23:28 405.504 pxdrv.dll
11.03.2005 23:28 172.032 pxmas.dll
11.03.2005 23:28 339.968 px.dll
02.03.2005 19:21 1.343 HLDRV.LOG
02.03.2005 19:09 56.832 authz.dll
02.03.2005 19:09 578.560 user32.dll
02.03.2005 19:06 2.017.792 ntkrnlpa.exe
02.03.2005 19:06 2.138.112 ntoskrnl.exe
26.02.2005 09:00 479.298 wbocx.ocx
26.02.2005 09:00 172.032 AniGIF.ocx
26.02.2005 09:00 50.688 wbhelp2.dll
25.02.2005 19:01 550 $winnt$.inf
25.02.2005 18:59 2.951 CONFIG.NT
25.02.2005 18:58 488 WindowsLogon.manifest
25.02.2005 18:58 488 logonui.exe.manifest
25.02.2005 18:58 749 cdplayer.exe.manifest
25.02.2005 18:58 749 sapi.cpl.manifest
25.02.2005 18:58 749 wuaucpl.cpl.manifest
25.02.2005 18:58 749 ncpa.cpl.manifest
25.02.2005 18:58 749 nwc.cpl.manifest
25.02.2005 18:56 21.740 emptyregdb.dat
25.02.2005 18:54 0 h323log.txt
05.02.2005 19:45 2.222.800 d3dx9_24.dll
27.01.2005 14:39 466.944 capicom.dll