Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fz1.exe Fz5.exe über ICQ-Link eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.04.2010, 11:02   #1
Tamad
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Hallo Trojaner-Board,

gestern wurde mir ein Link in ICQ geschickt welcher ein Bild sein sollte. Als ich diesen angeklickt habe wurde eine Installation-Datei runtergeladen(ich war misstrauisch) aber habe sie trotzdem installiert. Kurze Zeit später wurde automtisch an alle aus meiner Kontaktliste nacheinander dieser Link geschickt, ich habe dann den PC ausgeschaltet. Bis dahin dachte ich noch es ist das einzige was diese Datei bewirkt.
Jetzt habe ich meine Router-Firewall so eingestellt das Alles gemeldet wird was eine Verbindung zum Internet aufbauen möchte. Dabei sind mir die Programme Fz1.exe und Fz5.exe aufgefallen welche sich im Temp-Ordner befanden daraufhin habe ich diesen geleert(Darunter waren auch Dateien wie Fz2.exe Fz3.exe und Fz4.exe und diverse andere.)bis auf Fz1.exe und Fz5.exe ließen sich alle löschen. Diese beiden exes versuchen nun regelmäßig Verbindungen zu diversen Internetseiten aufzubauen. Außerdem wird regelmäßig der Internet-Explorer geöffnet jedoch ohne eine Seite anzuzeigen.

Das ist der Stand der Dinge.
Ich hoffe ihr könnt mir helfen.

Vielen Dank schonmal

mfg

Tamad

Alt 18.04.2010, 11:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 18.04.2010, 13:06   #3
hacki1942
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Hey.
Geh mal auf -> Start -> Ausführen -> Gib dort msconfig ein -> Dann auf ok.
Dann öffnet sich ein Systenkonfigurations Fenster geh dort auf SystemStart
Schau mal ob sich dort diese .exen die du genannt hast sich befinden.
Falls ja:
Mach das Häckchen vorne Weg.

Ich schätze das ist/sind BackDoor Trojaner. o.O
Das ist nicht so gut.

Such mal auf dem PC -> Also "Suchen"
diese .exen also (Fz1.exe und Fz5.exe)
Lade sie dann auf VirusTotal hoch
ht*p://www.virustotal.com/de/
Das * durch ein t ersetzen.

Also bei VirusTotal hochladen dann Anylisieren & Poste mal hier
was die AntiViren dazu sagen.

MFG Hacki1942...
__________________

Alt 18.04.2010, 13:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Bitte bring den TO jetzt nicht durcheinander, er soll Malwarebytes und dann OTL ausführen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.04.2010, 21:12   #5
Tamad
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Hallo,
Maleware hat etwas länger gedauert. Mein PC ist wohl ziemlich voll.
Maleware hat 32 infizierte Dateien/Registry gefunden davon konnten jedoch nicht alle gelöscht werden stand da.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4003

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

18.04.2010 21:07:32
mbam-log-2010-04-18 (21-07-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 337215
Laufzeit: 1 Stunde(n), 2 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 18
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Users\Thomas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (VirTool.DelfInject) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\xcek0a9t.default\Cache\4FC4ECE7d01 (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\xcek0a9t.default\Cache\D2506F16d01 (Trojan.Buzus) -> Quarantined and deleted successfully.
F:\User\Users\_Daten_\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Thomas\AppData\Local\Temp\Fz1.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Thomas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Hier ist OTL

OTL Extras logfile created on: 18.04.2010 21:39:19 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Thomas\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 39,55 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 103,13 Gb Free Space | 88,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 596,17 Gb Total Space | 518,83 Gb Free Space | 87,03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-PC
Current User Name: Thomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 4F FB DE 5F C7 89 C8 01 [binary data]
"VistaSp2" = 0F 45 E0 E0 AB DE C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12591BB9-25D9-4BBD-A47B-9684B93A6878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A3F537C-B46B-4140-BAF2-6EA78BE23F35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2AE8DEEB-B9F6-407C-B341-4F71082FE8A2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35F9275F-9250-42F6-99DC-8CDC3F1BEEF6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{604FECF1-5142-4827-9205-830727AEB5AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{73CAC076-3B5B-49B4-9288-D352C7F27FD8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ADEDBA0F-AE66-4D39-B84F-25289EAD6CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3758D33-749E-4703-946A-E2CD5DB78C22}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C34FDBEC-516C-4D4C-A18E-0A42DCCC0383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF9D10AC-EB70-4773-9EF2-FD52DA3B456B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063A17F0-9D3D-4C8B-B831-DF8565DAF340}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutlauncher.exe |
"{0EEB48BD-B1E6-474D-A108-56B8C4D35896}" = protocol=17 | dir=in | app=d:\burnout\burnoutconfigtool.exe |
"{10CA0480-3A9C-4745-BA0D-C7D14DC16DFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11663995-A4F6-456F-882E-9E2804FF15E5}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutparadise.exe |
"{158670B7-D399-4EC9-B396-75F4D9D1789D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{15F3DDD5-316F-48F3-84E7-690A93B1368C}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{230C2EC3-C02F-4704-9327-4B857CA38BE3}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutparadise.exe |
"{29F3EDF1-ECFE-410A-8ABD-099F9DAB2575}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{2CE2970B-6D1C-4D58-BAFD-55A681AC63D9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{30DFE133-4313-4AE5-AC64-1112207BF29D}" = protocol=6 | dir=in | app=d:\burnout\burnoutparadise.exe |
"{38ECF3AB-EDBB-433D-A0BC-6F150E436D44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{41B0E012-0F67-454C-9B4F-4944B253499A}" = protocol=17 | dir=in | app=d:\burnout\burnoutlauncher.exe |
"{441DF7EF-DBEC-4DCE-9D90-8844AEBAD46A}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{4934318B-74E2-475B-B2B6-9809D417B137}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{4B7B6776-DABA-4532-B9F5-E54573C52A5C}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{56377A8D-CEEC-4079-8273-48F859182EB3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{59761267-84C5-491C-B315-F88078D653B6}" = protocol=17 | dir=in | app=f:\bfbc2\limited edition\bfbc2updater.exe |
"{5B0C67F9-5CDF-4BE3-8931-00CAAB941F98}" = protocol=6 | dir=in | app=d:\burnout\burnoutlauncher.exe |
"{5DB48008-87D9-47F2-B593-C407022D7D55}" = protocol=6 | dir=in | app=d:\burnout\burnoutconfigtool.exe |
"{5EE5A329-1E79-4206-AE06-AB2D3BB81F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{6546E80C-C6F4-48DE-8CC1-E9633CE54DF8}" = protocol=6 | dir=in | app=f:\bfbc2\spiel\bfbc2betaupdater.exe |
"{66225BF0-E912-4E9A-8995-BFE2563C46EF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{79A6EEE0-D558-4DC5-A88E-1336046A97D7}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutconfigtool.exe |
"{7AD47396-5825-4779-8F87-FAFBF4B7C053}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{80638A31-0DEA-43B1-8431-B68657166BF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{88472D84-6477-42C6-873E-FCFD91633F2B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{8C32458A-D1CB-444D-A86B-F10670627438}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E634411-9395-46E3-994D-D3638378FB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{958F8326-EBA2-4A7A-ACA7-4DB76711F954}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9E25CAAD-F5FB-483D-9BD9-99F3BB71A566}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A372DDE4-9E2E-4644-98C2-60BF481368A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A426BA64-73FC-4029-9225-5E1399245F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{A42D2B8B-4437-418B-A83D-141C77922FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{A700CD85-1527-477A-BEC6-67D41D72AEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{ABFD5022-7763-4909-8790-D3C922488C7A}" = protocol=17 | dir=in | app=d:\burnout\burnoutparadise.exe |
"{BB676B27-5942-4B2A-BC19-DB266523314F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{C3A1052B-8DE7-48D8-8FB1-E2793D6DF223}" = protocol=17 | dir=in | app=f:\bfbc2\spiel\bfbc2betaupdater.exe |
"{C6737C74-D47C-455A-B833-5EFB84561146}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutlauncher.exe |
"{C804F183-7C66-409A-99CC-97E71AEE9135}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{CC9974E4-6E2A-4E79-A708-BB39328E5D74}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{D28B65C4-86A2-42CE-8FF3-86E3E308F918}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutconfigtool.exe |
"{D477FF95-237B-4D54-AD67-43BEFF44BB17}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{E01B93AD-E9AC-444B-96E3-6FFEEDAABB89}" = protocol=6 | dir=in | app=f:\bfbc2\limited edition\bfbc2updater.exe |
"{EBE4D24E-8E46-4700-A706-9F442F633AFB}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{FA93FBFA-1FB5-40CC-9DE1-D142B1D602BC}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"TCP Query User{05A2F318-18D5-4C6D-92F0-683953B379A1}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{1C3FEC39-B71A-4B34-8CFE-FECF3C048203}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"TCP Query User{62BA38B0-92CF-4E0C-8E13-3A08F5CBBA14}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8ADFC3AE-6E8D-40AB-A18F-FE2079A4D85E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{B1D210F6-D3F6-43ED-BB81-B4ABFD551D94}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"TCP Query User{CF73CEC9-5366-4C21-BFC8-5BFFD1E3E6EF}F:\bfbc2\spiel\bfbc2game.exe" = protocol=6 | dir=in | app=f:\bfbc2\spiel\bfbc2game.exe |
"TCP Query User{E624114E-E572-4C1D-B619-1CAF4FF80AEB}F:\bfbc2\limited edition\bfbc2game.exe" = protocol=6 | dir=in | app=f:\bfbc2\limited edition\bfbc2game.exe |
"TCP Query User{E6A230B5-1EF8-4185-9D2E-41ECC8A63F62}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{1C9728BF-5A91-4A65-9715-D45D81FC33DD}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{1F4EEEBA-589B-422C-A30C-9996E301B39D}F:\bfbc2\spiel\bfbc2game.exe" = protocol=17 | dir=in | app=f:\bfbc2\spiel\bfbc2game.exe |
"UDP Query User{54A22BE3-3CC7-4624-9EBD-82B98ECD3BB5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{54E25457-6023-48F0-9870-3C8AE414A576}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"UDP Query User{55A4AAB5-B734-44C5-A5F2-D553A4C7033B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{85E015CD-B529-49AB-A58F-EDA24C222252}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"UDP Query User{CC03EB54-7E2F-4864-A299-B4DEBE3E12F2}F:\bfbc2\limited edition\bfbc2game.exe" = protocol=17 | dir=in | app=f:\bfbc2\limited edition\bfbc2game.exe |
"UDP Query User{CF677E9A-0C17-485A-B9EE-A23A24592ACF}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{37A62E96-D157-487E-9954-84E8557DE9ED}" = ATI Catalyst Install Manager
"{5FCF5515-4CC4-4812-8C9A-755336AB85F8}" = Logitech Motion Detector Gadget
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D42F24B-6BFC-42F4-AD90-A25680063754}" = eDocPrintPro v3.13.4
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F250A44A-10C6-CF88-275C-899C259B1321}" = ccc-utility64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian
"{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch
"{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek
"{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common
"{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English
"{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy
"{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full
"{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian
"{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese
"{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean
"{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E74A7FE1-1324-23D1-A050-187B2A6B1DE1}" = Catalyst Control Center InstallProxy
"{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F57A7C3E-AA0D-4F1A-B7EC-F7583571A517}" = DW6 Demo
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"FL Studio 9" = FL Studio 9
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GeoGebra" = GeoGebra
"Host OpenAL" = Host OpenAL
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mp3tag" = Mp3tag v2.44
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Space Synthesizer_is1" = Space Synthesizer 2.0
"Steam App 15680" = Warhammer 40,000: Dawn of War II - Single-player Demo
"Steam App 16062" = Samantha Swift and the Golden Touch Demo
"Steam App 8180" = Battlestations: Pacific - Demo
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{F57A7C3E-AA0D-4F1A-B7EC-F7583571A517}" = DYNASTY WARRIORS 6 Playable Demo
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535
Description =

[ System Events ]
Error - 18.04.2010 03:48:32 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.04.2010 04:40:12 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.04.2010 04:40:12 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18.04.2010 05:02:21 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.04.2010 um 10:49:39 unerwartet heruntergefahren.

Error - 18.04.2010 05:03:52 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.04.2010 05:03:52 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18.04.2010 07:55:41 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.04.2010 07:55:41 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 18.04.2010 15:12:49 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.04.2010 15:36:34 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


Alt 18.04.2010, 21:13   #6
Tamad
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



hier der 2te Teil OTL

OTL logfile created on: 18.04.2010 21:39:19 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Thomas\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 39,55 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 103,13 Gb Free Space | 88,57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 596,17 Gb Total Space | 518,83 Gb Free Space | 87,03% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THOMAS-PC
Current User Name: Thomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (avfwot) -- C:\Windows\SysNative\DRIVERS\avfwot.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\DRIVERS\avfwim.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\DRIVERS\FlashUSB_x64.sys (Danish Wireless Design A/S)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (ATIAVAIW) -- C:\Windows\SysNative\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\DRIVERS\atl01v64.sys (Attansic Technology corporation.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH)
DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S)
DRV - (CSC) -- C:\Windows\CSC [2008.02.12 22:32:45 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (actser) -- C:\Windows\SysWOW64\drivers\actser.sys (BenQ Mobile GmbH & Co. OHG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:defficial"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.11 14:02:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.11 14:02:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 19:47:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.11 14:02:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.04.16 19:47:31 | 000,000,000 | ---D | M]

[2010.02.07 17:31:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.02.07 17:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.02.12 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2ea57zls.default\extensions
[2010.04.18 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions
[2009.06.25 23:25:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.12 23:47:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.16 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\battlefieldheroespatcher@ea.com
[2010.04.16 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\personas@christopher.beard
[2010.01.12 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\piclens@cooliris.com
[2008.02.29 14:22:45 | 000,002,920 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\daemon-search.xml
[2010.04.18 11:52:20 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-1.xml
[2007.11.02 11:47:59 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-2.xml
[2007.11.27 21:55:42 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-3.xml
[2007.12.01 15:48:50 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-4.xml
[2008.02.12 20:59:54 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-5.xml
[2008.02.21 19:19:02 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-6.xml
[2007.10.20 13:47:27 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin.xml
[2010.03.29 18:31:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.03.29 18:31:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.08.27 15:49:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.02.02 16:53:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.02 16:53:31 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.02 16:53:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.02 16:53:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.02 16:53:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe File not found
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} hxxp://service.maxdome.de/de/systemcheck/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{624c3bef-a43e-11de-ae33-001e8c336166}\Shell - "" = AutoRun
O33 - MountPoints2\{624c3bef-a43e-11de-ae33-001e8c336166}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{a43ce584-033d-11de-813c-001e8c336166}\Shell - "" = AutoRun
O33 - MountPoints2\{a43ce584-033d-11de-813c-001e8c336166}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.18 14:51:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2010.04.18 14:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.18 14:51:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.18 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.18 14:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.18 14:49:16 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2010.04.16 23:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.04.16 19:47:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.04.14 14:58:12 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.14 14:58:10 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.14 14:58:10 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.14 14:58:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 14:58:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.14 14:58:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 14:58:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.14 14:57:16 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010.04.14 14:57:16 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010.04.14 14:57:16 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010.04.14 14:57:16 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010.04.11 14:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010.04.03 13:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.03 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.04.02 11:04:10 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2010.04.02 11:04:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2010.04.02 11:04:10 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2010.04.02 11:04:10 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.04.02 11:04:09 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010.04.02 11:04:09 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2010.04.02 11:04:09 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010.04.02 11:04:09 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2010.04.02 11:04:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010.04.02 11:04:09 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010.04.02 11:04:09 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010.04.02 11:04:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010.04.02 11:04:09 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2010.04.02 11:04:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010.04.02 11:04:09 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2010.04.02 11:04:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010.04.02 11:04:09 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010.04.02 11:04:08 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2010.04.02 11:04:08 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2010.04.02 11:04:08 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010.04.02 11:04:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2010.04.02 11:04:08 | 001,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2010.04.02 11:04:08 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010.04.02 11:04:08 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010.04.02 11:04:08 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2010.04.02 11:04:08 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2010.04.02 11:04:08 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2010.04.02 11:04:08 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2010.04.02 11:04:08 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2010.04.02 11:04:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2010.04.02 11:04:08 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll
[2010.04.02 11:04:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll
[2010.04.02 11:04:08 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2010.04.02 11:04:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2010.04.02 11:04:08 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe
[2010.04.02 11:04:08 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010.04.02 11:04:08 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2010.04.02 11:04:08 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2010.04.02 11:04:08 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll
[2010.04.02 11:04:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2010.04.02 11:04:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010.04.02 11:04:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll
[2010.04.02 11:04:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll
[2010.04.02 11:04:07 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2010.04.02 11:04:07 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll
[2010.04.02 11:04:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2010.04.02 11:04:07 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2010.04.02 11:03:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe
[2010.04.02 11:03:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2010.04.02 11:03:35 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll
[2010.04.02 11:03:29 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll
[2010.04.02 11:03:29 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll
[2010.04.02 11:03:29 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2010.04.02 11:03:29 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010.04.02 11:03:29 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll
[2010.04.02 11:03:29 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll
[2010.04.02 11:03:29 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010.04.02 11:03:29 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll
[2010.04.02 11:03:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll
[2010.04.02 11:03:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2010.04.02 11:03:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll
[2010.04.02 11:03:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2010.04.02 11:03:29 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2010.04.02 11:03:29 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll
[2010.04.02 11:03:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2010.04.02 11:03:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll
[2010.04.02 11:03:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll
[2010.04.02 11:03:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll
[2010.04.02 11:03:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys
[2010.04.02 11:03:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll
[2010.04.02 11:02:37 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2010.04.02 11:02:37 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2010.04.02 11:02:37 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010.04.02 11:02:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2010.04.02 11:02:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2010.04.02 11:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.04.02 11:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.04.02 11:01:48 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010.04.02 11:01:48 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010.04.02 11:01:48 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.04.02 11:01:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- F:\User\Users\Diercke Globus Online
[2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Diercke Globus Online
[2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Diercke Globus Online
[2010.03.31 12:04:09 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.03.31 12:04:09 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.31 12:04:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.03.31 12:04:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.03.31 12:04:08 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.31 12:04:08 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.03.31 12:04:08 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.03.31 12:04:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.03.31 12:04:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.03.31 12:04:08 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.31 12:04:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.31 12:04:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.03.31 12:04:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.03.31 12:04:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.03.31 12:04:07 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.03.31 12:04:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.03.31 12:04:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.03.31 12:04:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.03.31 12:04:07 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.03.31 12:04:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.03.31 12:04:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.03.31 12:04:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.03.31 12:04:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.03.31 12:04:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.03.31 12:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.31 12:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.03.31 12:04:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.03.31 12:04:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.03.31 12:04:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.31 12:04:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.03.31 12:04:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.03.31 12:04:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.03.31 12:04:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.03.29 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.03.28 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2010.03.24 22:37:24 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2006.08.14 17:08:04 | 002,248,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\dsetup32.dll
[2006.08.14 17:08:04 | 000,484,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\DXSETUP.exe
[2006.08.14 17:08:04 | 000,074,520 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\DSETUP.dll
[2004.01.29 19:11:26 | 002,211,840 | ---- | C] (MHC) -- C:\Program Files (x86)\SpaceSynthesizer.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.18 21:39:35 | 005,242,880 | ---- | M] () -- C:\Users\Thomas\NTUSER.DAT
[2010.04.18 21:35:37 | 000,002,415 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2010.04.18 21:35:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.18 21:18:37 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.18 21:18:37 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.18 21:18:37 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.18 21:18:37 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.18 21:18:37 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.18 21:16:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.18 21:11:20 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.18 21:11:20 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.18 21:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.18 21:11:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.18 21:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2010.04.18 21:10:08 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TM.blf
[2010.04.18 21:10:02 | 004,857,162 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db
[2010.04.18 14:51:24 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.18 14:49:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2010.04.18 13:59:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58ED72A2-0BB6-46B4-BB0C-8674A68AE247}.job
[2010.04.18 11:39:10 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.04.18 11:39:10 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.18 09:32:00 | 000,000,865 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
[2010.04.11 14:11:05 | 000,203,991 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010.04.11 14:02:48 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.04.11 14:02:36 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.04.11 14:02:36 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.04.11 14:02:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.04.03 10:23:02 | 000,000,560 | ---- | M] () -- C:\Users\Thomas\Download - Verknüpfung.lnk
[2010.04.02 11:06:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.04.02 11:05:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.28 22:02:27 | 000,102,912 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.24 22:37:04 | 000,126,792 | ---- | M] (Avira GmbH) -- C:\Windows\SysWow64\drivers\avfwot.sys
[2010.03.24 22:37:04 | 000,126,792 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2010.03.24 22:37:04 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.03.24 22:37:04 | 000,098,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2010.03.24 22:37:04 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.18 14:51:24 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.18 09:31:57 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
[2010.04.03 10:23:02 | 000,000,560 | ---- | C] () -- C:\Users\Thomas\Download - Verknüpfung.lnk
[2010.04.03 10:21:35 | 000,022,786 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI273C.txt
[2010.04.02 11:06:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.04.02 11:05:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.03.10 20:02:30 | 000,423,058 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI10A9.txt
[2010.03.10 20:02:30 | 000,013,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI10A9.txt
[2010.03.10 20:01:41 | 000,417,756 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI1009.txt
[2010.03.10 20:01:41 | 000,013,878 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI1009.txt
[2010.01.29 00:37:31 | 000,372,590 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5FAC.txt
[2010.01.29 00:37:29 | 000,212,658 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5FAC.txt
[2010.01.07 20:49:40 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2010.01.07 20:49:40 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2010.01.07 20:49:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2010.01.07 20:49:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2010.01.07 20:49:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2010.01.07 20:49:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2010.01.07 20:49:40 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2010.01.07 20:49:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2010.01.07 20:49:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2010.01.07 20:49:40 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2010.01.07 20:20:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.07 20:20:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.02 18:36:21 | 000,140,856 | ---- | C] () -- C:\Users\Thomas\DesktopStCenter.txt
[2010.01.02 18:35:37 | 000,352,844 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5B40.txt
[2010.01.02 18:35:37 | 000,013,546 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5B40.txt
[2010.01.02 18:35:04 | 000,421,596 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5AD5.txt
[2010.01.02 18:35:04 | 000,013,562 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5AD5.txt
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.26 10:52:45 | 000,014,966 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI37F2.txt
[2009.10.22 16:09:27 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000002.regtrans-ms
[2009.10.22 16:09:27 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2009.10.22 16:09:27 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TM.blf
[2009.10.13 17:05:06 | 001,502,977 | ---- | C] () -- C:\Users\Thomas\AppData\Local\somoto.cab
[2009.09.20 16:58:02 | 000,221,291 | ---- | C] () -- C:\Windows\SysWow64\Imei_dll.dll
[2009.09.20 16:58:02 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Sublock.dll
[2009.09.18 17:39:38 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\sysmwwod.dll
[2009.09.18 13:31:11 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2009.09.18 13:31:11 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009.09.18 12:44:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2009.09.18 12:44:26 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009.09.04 22:03:00 | 000,000,137 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\default.rss
[2009.09.04 21:53:36 | 018,443,176 | ---- | C] () -- C:\Users\Thomas\toto.mpeg
[2009.09.04 21:45:28 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.04 20:57:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.29 15:50:01 | 000,230,834 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL90SP1_KB973924MSI71A1.txt
[2009.07.29 15:50:01 | 000,013,852 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL90SP1_KB973924UI71A1.txt
[2009.07.29 15:49:47 | 000,539,096 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923MSI7169.txt
[2009.07.29 15:49:44 | 000,013,868 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923UI7169.txt
[2009.07.29 15:49:29 | 000,538,338 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923MSI7138.txt
[2009.07.29 15:49:29 | 000,013,868 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923UI7138.txt
[2009.06.28 22:06:30 | 000,000,113 | ---- | C] () -- C:\Users\Thomas\SciTE.session
[2009.06.07 22:15:11 | 000,420,378 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI3982.txt
[2009.06.07 22:15:11 | 000,013,406 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI3982.txt
[2009.05.27 10:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.27 10:55:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.21 01:42:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.17 21:01:23 | 000,027,070 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png
[2009.04.26 17:21:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.19 21:09:37 | 000,331,252 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI1CAC.txt
[2009.03.19 21:09:36 | 000,144,590 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI1CAC.txt
[2009.03.19 16:42:41 | 000,329,352 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI505F.txt
[2009.03.19 16:42:40 | 000,143,946 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI505F.txt
[2009.03.19 16:38:46 | 000,412,886 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI4D5C.txt
[2009.03.19 16:38:44 | 000,145,322 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI4D5C.txt
[2009.03.02 20:59:15 | 000,810,094 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_NET_Framework35_LangPack_MSI647D.txt
[2009.03.02 20:59:05 | 000,036,116 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.03.02 20:58:59 | 000,076,488 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.03.02 20:58:59 | 000,001,602 | ---- | C] () -- C:\Users\Thomas\AppData\Local\uxeventlog.txt
[2009.03.02 20:58:59 | 000,000,002 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_dotnetfx35error_lp.txt
[2008.12.29 19:57:45 | 000,000,054 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.06 22:37:26 | 000,436,060 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI4836.txt
[2008.11.06 22:37:26 | 000,012,276 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI4836.txt
[2008.07.31 14:18:25 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TMContainer00000000000000000002.regtrans-ms
[2008.07.31 14:18:25 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2008.07.31 14:18:24 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TM.blf
[2008.07.31 14:14:17 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_87809.LOG1
[2008.07.31 14:14:17 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_87809.LOG2
[2008.07.02 14:46:04 | 000,001,100 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d8caps.dat
[2008.05.31 14:17:20 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TMContainer00000000000000000002.regtrans-ms
[2008.05.31 14:17:20 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2008.05.31 14:17:20 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TM.blf
[2008.05.31 14:15:36 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_38171.LOG1
[2008.05.31 14:15:36 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_38171.LOG2
[2008.05.31 12:24:48 | 000,000,732 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps64.dat
[2008.04.04 17:48:21 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TMContainer00000000000000000002.regtrans-ms
[2008.04.04 17:48:21 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2008.04.04 17:48:21 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TM.blf
[2008.04.04 17:46:38 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_15916.LOG1
[2008.04.04 17:46:38 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_15916.LOG2
[2008.03.19 15:02:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.02.26 21:54:04 | 000,001,356 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2008.02.21 23:47:54 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TMContainer00000000000000000002.regtrans-ms
[2008.02.21 23:47:54 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TMContainer00000000000000000001.regtrans-ms
[2008.02.21 23:47:54 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TM.blf
[2008.02.21 23:45:30 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_97906.LOG1
[2008.02.21 23:45:30 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_97906.LOG2
[2008.02.14 17:43:45 | 000,102,912 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.13 00:24:32 | 000,000,176 | ---- | C] () -- C:\Windows\wininit.ini
[2008.02.12 17:16:08 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.12 16:53:17 | 000,013,230 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.02.12 16:53:09 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.02.12 16:44:06 | 000,000,020 | -HS- | C] () -- C:\Users\Thomas\ntuser.ini
[2008.02.12 16:44:05 | 005,242,880 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT
[2008.02.12 16:44:05 | 002,621,440 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_87809
[2008.02.12 16:44:05 | 002,097,152 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_38171
[2008.02.12 16:44:05 | 002,097,152 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_15916
[2008.02.12 16:44:05 | 001,048,576 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_97906
[2008.02.12 16:44:05 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms
[2008.02.12 16:44:05 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2008.02.12 16:44:05 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\ntuser.dat.LOG1
[2008.02.12 16:44:05 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2008.02.12 16:44:05 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\ntuser.dat.LOG2
[2006.08.14 17:08:04 | 015,493,481 | ---- | C] () -- C:\Users\Thomas\DirectX.cab
[2006.08.14 17:08:04 | 013,265,040 | ---- | C] () -- C:\Users\Thomas\dxnt.cab
[2006.08.14 17:08:04 | 004,163,518 | ---- | C] () -- C:\Users\Thomas\Apr2006_MDX1_x86_Archive.cab
[2006.08.14 17:08:04 | 001,398,718 | ---- | C] () -- C:\Users\Thomas\Apr2006_d3dx9_30_x64.cab
[2006.08.14 17:08:04 | 001,363,684 | ---- | C] () -- C:\Users\Thomas\Feb2006_d3dx9_29_x64.cab
[2006.08.14 17:08:04 | 001,358,864 | ---- | C] () -- C:\Users\Thomas\Dec2005_d3dx9_28_x64.cab
[2006.08.14 17:08:04 | 001,351,430 | ---- | C] () -- C:\Users\Thomas\Aug2005_d3dx9_27_x64.cab
[2006.08.14 17:08:04 | 001,348,242 | ---- | C] () -- C:\Users\Thomas\Apr2005_d3dx9_25_x64.cab
[2006.08.14 17:08:04 | 001,336,890 | ---- | C] () -- C:\Users\Thomas\Jun2005_d3dx9_26_x64.cab
[2006.08.14 17:08:04 | 001,248,387 | ---- | C] () -- C:\Users\Thomas\Feb2005_d3dx9_24_x64.cab
[2006.08.14 17:08:04 | 001,156,363 | ---- | C] () -- C:\Users\Thomas\BDANT.cab
[2006.08.14 17:08:04 | 001,116,109 | ---- | C] () -- C:\Users\Thomas\Apr2006_d3dx9_30_x86.cab
[2006.08.14 17:08:04 | 001,085,608 | ---- | C] () -- C:\Users\Thomas\Feb2006_d3dx9_29_x86.cab
[2006.08.14 17:08:04 | 001,080,344 | ---- | C] () -- C:\Users\Thomas\Dec2005_d3dx9_28_x86.cab
[2006.08.14 17:08:04 | 001,079,850 | ---- | C] () -- C:\Users\Thomas\Apr2005_d3dx9_25_x86.cab
[2006.08.14 17:08:04 | 001,078,532 | ---- | C] () -- C:\Users\Thomas\Aug2005_d3dx9_27_x86.cab
[2006.08.14 17:08:04 | 001,065,813 | ---- | C] () -- C:\Users\Thomas\Jun2005_d3dx9_26_x86.cab
[2006.08.14 17:08:04 | 001,014,113 | ---- | C] () -- C:\Users\Thomas\Feb2005_d3dx9_24_x86.cab
[2006.08.14 17:08:04 | 000,976,020 | ---- | C] () -- C:\Users\Thomas\BDAXP.cab
[2006.08.14 17:08:04 | 000,917,318 | ---- | C] () -- C:\Users\Thomas\Apr2006_MDX1_x86.cab
[2006.08.14 17:08:04 | 000,703,080 | ---- | C] () -- C:\Users\Thomas\BDA.cab
[2006.08.14 17:08:04 | 000,183,863 | ---- | C] () -- C:\Users\Thomas\AUG2006_XACT_x64.cab
[2006.08.14 17:08:04 | 000,181,745 | ---- | C] () -- C:\Users\Thomas\JUN2006_XACT_x64.cab
[2006.08.14 17:08:04 | 000,180,021 | ---- | C] () -- C:\Users\Thomas\Apr2006_XACT_x64.cab
[2006.08.14 17:08:04 | 000,179,247 | ---- | C] () -- C:\Users\Thomas\Feb2006_XACT_x64.cab
[2006.08.14 17:08:04 | 000,138,195 | ---- | C] () -- C:\Users\Thomas\AUG2006_XACT_x86.cab
[2006.08.14 17:08:04 | 000,134,631 | ---- | C] () -- C:\Users\Thomas\JUN2006_XACT_x86.cab
[2006.08.14 17:08:04 | 000,133,991 | ---- | C] () -- C:\Users\Thomas\Apr2006_XACT_x86.cab
[2006.08.14 17:08:04 | 000,133,297 | ---- | C] () -- C:\Users\Thomas\Feb2006_XACT_x86.cab
[2006.08.14 17:08:04 | 000,088,102 | ---- | C] () -- C:\Users\Thomas\AUG2006_xinput_x64.cab
[2006.08.14 17:08:04 | 000,087,989 | ---- | C] () -- C:\Users\Thomas\Apr2006_xinput_x64.cab
[2006.08.14 17:08:04 | 000,086,925 | ---- | C] () -- C:\Users\Thomas\Oct2005_xinput_x64.cab
[2006.08.14 17:08:04 | 000,082,338 | ---- | C] () -- C:\Users\Thomas\dxupdate.cab
[2006.08.14 17:08:04 | 000,047,018 | ---- | C] () -- C:\Users\Thomas\AUG2006_xinput_x86.cab
[2006.08.14 17:08:04 | 000,046,898 | ---- | C] () -- C:\Users\Thomas\Apr2006_xinput_x86.cab
[2006.08.14 17:08:04 | 000,046,247 | ---- | C] () -- C:\Users\Thomas\Oct2005_xinput_x86.cab
[2006.08.14 17:08:04 | 000,041,995 | ---- | C] () -- C:\Users\Thomas\dxdllreg_x86.cab

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:B60254D39DCE091F
< End of report >

Alt 19.04.2010, 10:28   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Zitat:
F:\User\Users\_Daten_\Keygen.exe (Trojan.Agent)
Herzlichen Glückwunsch! Du hast ein format c: gewonnen! (und den Keygen auf F solltest Du auch nicht mehr anrühren )


Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.04.2010, 11:16   #8
Tamad
 
Fz1.exe Fz5.exe über ICQ-Link eingefangen - Standard

Fz1.exe Fz5.exe über ICQ-Link eingefangen



Hallo,

Vielen Dank für die Hilfe!
Das diese Datei auf meinem PC ist war mir nicht bewußt. In diesem _Daten_-Ordner befinden sich Dateien die sich auf meinem alten PC befanden. Aus dem ich einfach alle Dateien in diesen Ordner verschoben habe.
Ich versichere das ich diese Datei nie benutzt habe. Und auf einer Lanparty nehme ich an auf meinen PC geschickt wurde man weiß ja nie was Kumpels so mit ihrer Moral vereinbaren können wenn sie sich an meinen PC setzen.

Wenn mein PC nun sauber ist. Ist es nötig ihn neuaufzusetzen? Die Datensicherung von E-Mail programmen und persönlichen einstellung in Programmen empfinde ich als sehr aufwendig. Diese dann auch wieder an den richtigen Platz zu kopieren noch mehr. Die Bilder/Musik mal eben auf en USB ziehen wäre zwar kein Problem aber ich besitze leider kein solch großes Speichermedium. Und auch keinen Brenner.

Sind mit alle Passwörter auch die gemeint die ich nicht benutzt habe seitdem diese "ICQ-Datei" meinen PC befallen hat. (ich speichere grundsätzlich keine Passwörte automatisch)

Ich habe meine Lektion gelernt

mfg Tamad

Antwort

Themen zu Fz1.exe Fz5.exe über ICQ-Link eingefangen
autom, bild, dateien, diverse, eingefangen, eingestellt, einzige, gen, hoffe, icq, installiert, interne, internet, internet-explorer, internetseite, internetseiten, kurze, link, liste, programme, seite, seiten, temp-ordner, trojaner-board, verbindung, verbindungen, versuche




Ähnliche Themen: Fz1.exe Fz5.exe über ICQ-Link eingefangen


  1. Über 50 Schwachstellen in Netzwerkspeichern von D-Link
    Nachrichten - 29.05.2015 (0)
  2. Windows 8: .scr-Datei Download per Link über Steam
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (11)
  3. Verdächtigen Link geöffnet, der über Email von Freundin kam (driversnews.tv)
    Smartphone, Tablet & Handy Security - 07.11.2014 (2)
  4. Telekom Trojaner über E-Mail-Link eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (13)
  5. Trojaner/Virus über malwarebyte gefunden; Infizierung über Link - was nun?
    Log-Analyse und Auswertung - 14.09.2012 (5)
  6. MALWAREBYTES findet was, aber KIS2012 nicht - Link über MSN
    Log-Analyse und Auswertung - 07.01.2012 (2)
  7. GEMA - Trojaner über facebook-Link www.chinamartusa.com
    Log-Analyse und Auswertung - 03.01.2012 (16)
  8. TrojanDropper:Win32/Fignotok über Facebook Link
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (19)
  9. Link über Facebook geöffnet, Virus?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (28)
  10. ebenfalls Link über ICQ gesendet bekommen und geöffnet
    Plagegeister aller Art und deren Bekämpfung - 23.11.2010 (15)
  11. Link über Icq gesendet bekommen und geöffnet!Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (16)
  12. MSN Virus (verbreitet sich über Link)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (12)
  13. Trojaner über einen Link im Internet
    Log-Analyse und Auswertung - 01.05.2010 (4)
  14. Trojaner über Msn- Link
    Log-Analyse und Auswertung - 02.01.2009 (10)
  15. Trojaner über MSN -Link!
    Log-Analyse und Auswertung - 30.12.2008 (13)
  16. Freunde bekommen link mit virus über icq
    Log-Analyse und Auswertung - 29.10.2008 (1)
  17. Verseuchter Link über ICQ versendet
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (1)

Zum Thema Fz1.exe Fz5.exe über ICQ-Link eingefangen - Hallo Trojaner-Board, gestern wurde mir ein Link in ICQ geschickt welcher ein Bild sein sollte. Als ich diesen angeklickt habe wurde eine Installation-Datei runtergeladen(ich war misstrauisch) aber habe sie trotzdem - Fz1.exe Fz5.exe über ICQ-Link eingefangen...
Archiv
Du betrachtest: Fz1.exe Fz5.exe über ICQ-Link eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.