|
Plagegeister aller Art und deren Bekämpfung: C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) ua mit mwbam gefunden...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.11.2010, 11:23 | #1 |
| C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) ua mit mwbam gefunden... Hallo Leute, bin grad am rechner von meinem lebensgefährten um den zu prüfen und finde natürlich auch gleich n paar sachen, die mir zu denken geben. hab ich die nun erfolgreich entfernt oder sind die schädlinge noch drauf? Danke schonmal, daß ihr euch meiner annehmt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5118 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 15.11.2010 10:54:13 mbam-log-2010-11-15 (10-54-13).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|F:\|) Durchsuchte Objekte: 220371 Laufzeit: 1 Stunde(n), 40 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully. OTL logfile created on: 15.11.2010 11:15:08 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Enrico\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 26,57 Gb Free Space | 34,65% Space Free | Partition Type: NTFS Computer Name: ENNO | User Name: Enrico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Enrico\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Apps\2.0\0PGGTNK5.VGG\3CVVLDAY.Z99\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe (Curse) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Enrico\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Prime95 Service) -- C:\Programme\Prime95\prime95.exe File not found SRV - (HotSpotFSvc) -- C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (btwdins) -- C:\Programme\ASUS\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (TSMPacket) -- C:\WINDOWS\System32\DRIVERS\tsmpkt.sys File not found DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found DRV - (dsltestSp5) -- C:\WINDOWS\System32\Drivers\dsltestSp5.sys File not found DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (krait03) -- C:\WINDOWS\system32\drivers\krait.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (Razerlow) -- C:\WINDOWS\system32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKU\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1801674531-527237240-839522115-1004\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1801674531-527237240-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.11.15 08:55:06 | 000,000,000 | ---D | M] [2010.01.24 11:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Extensions [2009.08.26 19:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.01.24 11:46:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Firefox\Profiles\dvvmiu0u.default\extensions [2010.01.24 11:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Firefox\Profiles\dvvmiu0u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.24 11:46:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Firefox\Profiles\dvvmiu0u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 11:46:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Firefox\Profiles\dvvmiu0u.default\extensions\staged-xpis [2008.02.19 18:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Mozilla\Firefox\Profiles\dvvmiu0u.default\searchplugins\icqplugin.xml [2010.02.18 23:19:02 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.24 17:06:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru O1 HOSTS File: ([2009.09.11 16:06:32 | 000,329,945 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11301 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-1801674531-527237240-839522115-1004\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1801674531-527237240-839522115-1004\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [PPort11reminder] C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\Enrico\Startmenü\Programme\Autostart\CurseClientStartup.ccip () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: &ICQ Toolbar Search - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ASUS\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ASUS\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ASUS\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230139466250 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/x-mrml {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Programme\Gemeinsame Dateien\A&W\MidRadio.ocx (YAMAHA CORPORATION) O20 - AppInit_DLLs: (C:\DOKUME~1\ALLUSE~1\AVP11\mzvkbd3.dll) - C:\Dokumente und Einstellungen\All Users\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\DOKUME~1\ALLUSE~1\AVP11\kloehk.dll) - C:\Dokumente und Einstellungen\All Users\AVP11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.12 17:14:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{da5f7c3d-926c-11de-88f0-00138f9375f1}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell - "" = AutoRun O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\1\Command - "" = G:\Recycled.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\2\Command - "" = G:\Recycled.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.15 11:14:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Enrico\Recent [2010.11.15 11:13:36 | 002,811,584 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Enrico\Desktop\ccsetup300.exe [2010.11.15 11:08:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.15 11:06:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Enrico\IECompatCache [2010.11.15 10:51:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Enrico\Desktop\OTL.exe [2010.11.15 09:06:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Malwarebytes [2010.11.15 09:06:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.15 09:06:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.15 09:06:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.15 09:06:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.15 08:57:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\AVP11 [2010.11.15 08:47:21 | 111,361,648 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Enrico\Desktop\kis11.0.1.400de.exe [2010.10.24 19:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\DivX [2010.10.24 19:30:31 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010.10.24 19:30:30 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010.10.24 19:30:30 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010.10.24 19:30:30 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010.10.24 19:30:30 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010.10.24 19:30:30 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010.10.24 19:30:30 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010.10.24 19:30:30 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010.10.24 19:30:30 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010.10.24 19:30:30 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010.10.24 19:30:30 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010.10.24 19:30:30 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010.10.24 19:30:30 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010.10.24 19:30:30 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010.10.24 19:29:45 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared [2010.10.24 19:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2009.05.03 12:33:23 | 002,938,128 | ---- | C] (ParetoLogic Inc.) -- C:\Programme\ParetoLogic DriverCure.exe [2009.03.31 20:23:47 | 000,607,640 | ---- | C] (Sun Microsystems, Inc.) -- C:\Programme\jre-6u13-windows-i586-p-iftw.exe [2006.06.01 16:22:00 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\Programme\nvudisp.exe [2006.06.01 16:22:00 | 000,116,880 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\setup.exe [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.15 11:14:09 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2010.11.15 11:13:41 | 002,811,584 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Enrico\Desktop\ccsetup300.exe [2010.11.15 11:06:10 | 000,000,820 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Status Monitor.lnk [2010.11.15 11:03:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.15 10:51:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Enrico\Desktop\OTL.exe [2010.11.15 10:51:13 | 000,471,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Enrico\Desktop\Load.exe [2010.11.15 09:06:45 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.15 08:52:47 | 111,361,648 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Enrico\Desktop\kis11.0.1.400de.exe [2010.11.14 19:06:05 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2010.11.14 12:46:10 | 000,000,643 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\World of Warcraft.lnk [2010.11.13 00:33:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job [2010.11.10 19:06:32 | 000,012,676 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.31 07:39:15 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.31 07:39:15 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.31 07:39:14 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.31 07:39:14 | 000,080,104 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.30 18:29:07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.10.24 19:31:25 | 000,001,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Enrico\Desktop\DivX Movies.lnk [2010.10.24 19:30:51 | 000,000,773 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.10.24 19:30:19 | 000,000,819 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk [2010.10.24 00:46:36 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.17 02:52:21 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.15 11:14:09 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2010.11.15 10:51:13 | 000,471,642 | ---- | C] () -- C:\Dokumente und Einstellungen\Enrico\Desktop\Load.exe [2010.11.15 09:06:45 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.24 19:31:25 | 000,001,489 | ---- | C] () -- C:\Dokumente und Einstellungen\Enrico\Desktop\DivX Movies.lnk [2010.10.24 19:30:51 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Player.lnk [2010.10.24 19:30:19 | 000,000,819 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk [2010.01.24 00:11:15 | 000,582,376 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.10.16 17:24:54 | 000,000,179 | ---- | C] () -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\setup.log [2009.10.16 17:24:51 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\setup_ldm.iss [2009.08.20 12:48:12 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009.08.14 14:06:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO6050D.INI [2009.08.14 14:05:54 | 000,000,053 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.03.29 20:49:03 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2008.07.12 13:56:00 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.12.18 18:30:12 | 000,003,333 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.11.15 22:16:42 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.10.20 19:10:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2007.10.20 19:05:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.06.25 09:03:19 | 003,655,608 | ---- | C] () -- C:\Programme\FLV PlayerRCATSetup.exe [2007.06.25 08:59:51 | 025,990,432 | ---- | C] () -- C:\Programme\FLV PlayerRCSetup.exe [2007.05.30 15:25:18 | 000,003,038 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.05.09 17:59:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007.04.01 08:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.04.01 07:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.03.03 14:53:52 | 000,000,855 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2007.03.03 14:53:52 | 000,000,550 | ---- | C] () -- C:\WINDOWS\brqikmon.ini [2006.08.11 14:34:25 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS [2006.07.16 10:23:02 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.07.13 00:00:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.07.12 20:28:35 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.07.12 17:42:22 | 000,004,110 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006.07.12 17:42:21 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.06.08 03:12:18 | 000,029,771 | ---- | C] () -- C:\Programme\nv4_disp.cat [2006.06.01 16:22:00 | 005,089,167 | ---- | C] () -- C:\Programme\NvCpl.dl_ [2006.06.01 16:22:00 | 004,885,833 | ---- | C] () -- C:\Programme\data1.cab [2006.06.01 16:22:00 | 004,871,770 | ---- | C] () -- C:\Programme\nvDispS.dl_ [2006.06.01 16:22:00 | 003,154,410 | ---- | C] () -- C:\Programme\nvDispSR.dl_ [2006.06.01 16:22:00 | 002,854,132 | ---- | C] () -- C:\Programme\nvoglnt.dl_ [2006.06.01 16:22:00 | 002,552,660 | ---- | C] () -- C:\Programme\nvViTvS.dl_ [2006.06.01 16:22:00 | 002,482,864 | ---- | C] () -- C:\Programme\nv4_disp.dl_ [2006.06.01 16:22:00 | 002,223,867 | ---- | C] () -- C:\Programme\nvViTvSR.dl_ [2006.06.01 16:22:00 | 002,130,330 | ---- | C] () -- C:\Programme\nv4_mini.sy_ [2006.06.01 16:22:00 | 002,077,420 | ---- | C] () -- C:\Programme\nvGameS.dl_ [2006.06.01 16:22:00 | 001,621,793 | ---- | C] () -- C:\Programme\nvMoblSR.dl_ [2006.06.01 16:22:00 | 001,007,854 | ---- | C] () -- C:\Programme\nvGameSR.dl_ [2006.06.01 16:22:00 | 000,909,469 | ---- | C] () -- C:\Programme\nvwss.dl_ [2006.06.01 16:22:00 | 000,862,548 | ---- | C] () -- C:\Programme\nvwdmcpl.dl_ [2006.06.01 16:22:00 | 000,775,950 | ---- | C] () -- C:\Programme\nvwssr.dl_ [2006.06.01 16:22:00 | 000,651,818 | ---- | C] () -- C:\Programme\nview.dl_ [2006.06.01 16:22:00 | 000,643,821 | ---- | C] () -- C:\Programme\nwiz.ex_ [2006.06.01 16:22:00 | 000,574,412 | ---- | C] () -- C:\Programme\nvMoblS.dl_ [2006.06.01 16:22:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.06.01 16:22:00 | 000,468,523 | ---- | C] () -- C:\Programme\nvdspsch.ex_ [2006.06.01 16:22:00 | 000,459,544 | ---- | C] () -- C:\Programme\engine32.cab [2006.06.01 16:22:00 | 000,435,969 | ---- | C] () -- C:\Programme\setup.ibt [2006.06.01 16:22:00 | 000,430,506 | ---- | C] () -- C:\Programme\nvcplui.ex_ [2006.06.01 16:22:00 | 000,336,369 | ---- | C] () -- C:\Programme\nvwimg.dl_ [2006.06.01 16:22:00 | 000,320,874 | ---- | C] () -- C:\Programme\nvcpluir.dl_ [2006.06.01 16:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006.06.01 16:22:00 | 000,237,685 | ---- | C] () -- C:\Programme\nvdspJPN.chm [2006.06.01 16:22:00 | 000,236,552 | ---- | C] () -- C:\Programme\setup.inx [2006.06.01 16:22:00 | 000,223,301 | ---- | C] () -- C:\Programme\nvdspKOR.chm [2006.06.01 16:22:00 | 000,222,683 | ---- | C] () -- C:\Programme\nvdspTHA.chm [2006.06.01 16:22:00 | 000,218,823 | ---- | C] () -- C:\Programme\nvdspELL.chm [2006.06.01 16:22:00 | 000,218,813 | ---- | C] () -- C:\Programme\nvdspCHT.chm [2006.06.01 16:22:00 | 000,216,226 | ---- | C] () -- C:\Programme\keystone.ex_ [2006.06.01 16:22:00 | 000,213,815 | ---- | C] () -- C:\Programme\nvdspCHS.chm [2006.06.01 16:22:00 | 000,210,619 | ---- | C] () -- C:\Programme\nvdspSKY.chm [2006.06.01 16:22:00 | 000,209,645 | ---- | C] () -- C:\Programme\nvdspRUS.chm [2006.06.01 16:22:00 | 000,207,771 | ---- | C] () -- C:\Programme\nvdspSLV.chm [2006.06.01 16:22:00 | 000,207,223 | ---- | C] () -- C:\Programme\nvdspHUN.chm [2006.06.01 16:22:00 | 000,206,647 | ---- | C] () -- C:\Programme\nvdspPLK.chm [2006.06.01 16:22:00 | 000,206,549 | ---- | C] () -- C:\Programme\nvdspHEB.chm [2006.06.01 16:22:00 | 000,204,597 | ---- | C] () -- C:\Programme\nvdspTRK.chm [2006.06.01 16:22:00 | 000,204,593 | ---- | C] () -- C:\Programme\nvappbar.ex_ [2006.06.01 16:22:00 | 000,204,403 | ---- | C] () -- C:\Programme\nvdspCSY.chm [2006.06.01 16:22:00 | 000,201,575 | ---- | C] () -- C:\Programme\nvdspARA.chm [2006.06.01 16:22:00 | 000,200,469 | ---- | C] () -- C:\Programme\nvdspDEU.chm [2006.06.01 16:22:00 | 000,199,911 | ---- | C] () -- C:\Programme\nvshell.dl_ [2006.06.01 16:22:00 | 000,199,129 | ---- | C] () -- C:\Programme\nvdspFIN.chm [2006.06.01 16:22:00 | 000,198,663 | ---- | C] () -- C:\Programme\nvdspITA.chm [2006.06.01 16:22:00 | 000,196,205 | ---- | C] () -- C:\Programme\nvdspNLD.chm [2006.06.01 16:22:00 | 000,195,673 | ---- | C] () -- C:\Programme\nvdspPTG.chm [2006.06.01 16:22:00 | 000,195,361 | ---- | C] () -- C:\Programme\nvdspPTB.chm [2006.06.01 16:22:00 | 000,193,581 | ---- | C] () -- C:\Programme\nvdspESN.chm [2006.06.01 16:22:00 | 000,193,463 | ---- | C] () -- C:\Programme\nvdspESM.chm [2006.06.01 16:22:00 | 000,189,993 | ---- | C] () -- C:\Programme\nvdspFRA.chm [2006.06.01 16:22:00 | 000,188,933 | ---- | C] () -- C:\Programme\nvdspDAN.chm [2006.06.01 16:22:00 | 000,187,809 | ---- | C] () -- C:\Programme\NVCPHU.HL_ [2006.06.01 16:22:00 | 000,187,583 | ---- | C] () -- C:\Programme\nvdspSVE.chm [2006.06.01 16:22:00 | 000,187,317 | ---- | C] () -- C:\Programme\nvdspNOR.chm [2006.06.01 16:22:00 | 000,182,237 | ---- | C] () -- C:\Programme\nvdsp.chm [2006.06.01 16:22:00 | 000,178,432 | ---- | C] () -- C:\Programme\NVCPTR.HL_ [2006.06.01 16:22:00 | 000,176,760 | ---- | C] () -- C:\Programme\setup.bmp [2006.06.01 16:22:00 | 000,170,522 | ---- | C] () -- C:\Programme\NVCPDE.HL_ [2006.06.01 16:22:00 | 000,170,440 | ---- | C] () -- C:\Programme\NVCPPL.HL_ [2006.06.01 16:22:00 | 000,170,358 | ---- | C] () -- C:\Programme\nvMccsSR.dl_ [2006.06.01 16:22:00 | 000,167,948 | ---- | C] () -- C:\Programme\NVCPHE.HL_ [2006.06.01 16:22:00 | 000,166,046 | ---- | C] () -- C:\Programme\NVCPSL.HL_ [2006.06.01 16:22:00 | 000,165,790 | ---- | C] () -- C:\Programme\NVCPFI.HL_ [2006.06.01 16:22:00 | 000,164,855 | ---- | C] () -- C:\Programme\NVCPPT.HL_ [2006.06.01 16:22:00 | 000,164,431 | ---- | C] () -- C:\Programme\NVCPSV.HL_ [2006.06.01 16:22:00 | 000,164,091 | ---- | C] () -- C:\Programme\nvmccs.dl_ [2006.06.01 16:22:00 | 000,163,556 | ---- | C] () -- C:\Programme\NVCPPTB.HL_ [2006.06.01 16:22:00 | 000,163,306 | ---- | C] () -- C:\Programme\NVCPFR.HL_ [2006.06.01 16:22:00 | 000,162,460 | ---- | C] () -- C:\Programme\NVCPES.HL_ [2006.06.01 16:22:00 | 000,161,942 | ---- | C] () -- C:\Programme\NVCPESM.HL_ [2006.06.01 16:22:00 | 000,161,823 | ---- | C] () -- C:\Programme\NVCPDA.HL_ [2006.06.01 16:22:00 | 000,157,650 | ---- | C] () -- C:\Programme\NVCPRU.HL_ [2006.06.01 16:22:00 | 000,157,341 | ---- | C] () -- C:\Programme\NVCPJA.HL_ [2006.06.01 16:22:00 | 000,157,304 | ---- | C] () -- C:\Programme\NVCPNL.HL_ [2006.06.01 16:22:00 | 000,155,845 | ---- | C] () -- C:\Programme\nvnt4cpl.dl_ [2006.06.01 16:22:00 | 000,155,762 | ---- | C] () -- C:\Programme\NVCPNO.HL_ [2006.06.01 16:22:00 | 000,154,236 | ---- | C] () -- C:\Programme\NVCPIT.HL_ [2006.06.01 16:22:00 | 000,153,963 | ---- | C] () -- C:\Programme\nvhwvid.dl_ [2006.06.01 16:22:00 | 000,153,650 | ---- | C] () -- C:\Programme\nvexpbar.dl_ [2006.06.01 16:22:00 | 000,152,109 | ---- | C] () -- C:\Programme\NVCPTH.HL_ [2006.06.01 16:22:00 | 000,149,608 | ---- | C] () -- C:\Programme\NVCPZHT.HL_ [2006.06.01 16:22:00 | 000,149,486 | ---- | C] () -- C:\Programme\NVCPZHC.HL_ [2006.06.01 16:22:00 | 000,149,357 | ---- | C] () -- C:\Programme\NVCPL.HL_ [2006.06.01 16:22:00 | 000,148,645 | ---- | C] () -- C:\Programme\NVCPENG.HL_ [2006.06.01 16:22:00 | 000,147,387 | ---- | C] () -- C:\Programme\NVCPEL.HL_ [2006.06.01 16:22:00 | 000,143,674 | ---- | C] () -- C:\Programme\NVCPAR.HL_ [2006.06.01 16:22:00 | 000,141,079 | ---- | C] () -- C:\Programme\NVCPSK.HL_ [2006.06.01 16:22:00 | 000,140,903 | ---- | C] () -- C:\Programme\NVCPKO.HL_ [2006.06.01 16:22:00 | 000,139,615 | ---- | C] () -- C:\Programme\NVCPCS.HL_ [2006.06.01 16:22:00 | 000,116,333 | ---- | C] () -- C:\Programme\nv3dJPN.chm [2006.06.01 16:22:00 | 000,112,329 | ---- | C] () -- C:\Programme\nvcpljpn.chm [2006.06.01 16:22:00 | 000,111,149 | ---- | C] () -- C:\Programme\nvcpltha.chm [2006.06.01 16:22:00 | 000,110,927 | ---- | C] () -- C:\Programme\nv3dTHA.chm [2006.06.01 16:22:00 | 000,110,495 | ---- | C] () -- C:\Programme\nvcplell.chm [2006.06.01 16:22:00 | 000,109,653 | ---- | C] () -- C:\Programme\nvcplplk.chm [2006.06.01 16:22:00 | 000,109,511 | ---- | C] () -- C:\Programme\nvcpltrk.chm [2006.06.01 16:22:00 | 000,109,375 | ---- | C] () -- C:\Programme\nvcplslv.chm [2006.06.01 16:22:00 | 000,109,143 | ---- | C] () -- C:\Programme\nvcplsky.chm [2006.06.01 16:22:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplheb.chm [2006.06.01 16:22:00 | 000,108,949 | ---- | C] () -- C:\Programme\nvcplfin.chm [2006.06.01 16:22:00 | 000,108,793 | ---- | C] () -- C:\Programme\nvcplhun.chm [2006.06.01 16:22:00 | 000,108,587 | ---- | C] () -- C:\Programme\nvcplkor.chm [2006.06.01 16:22:00 | 000,108,497 | ---- | C] () -- C:\Programme\nvcplcsy.chm [2006.06.01 16:22:00 | 000,108,491 | ---- | C] () -- C:\Programme\nvcplrus.chm [2006.06.01 16:22:00 | 000,108,159 | ---- | C] () -- C:\Programme\nvcplcht.chm [2006.06.01 16:22:00 | 000,108,110 | ---- | C] () -- C:\Programme\NVRSHE.dl_ [2006.06.01 16:22:00 | 000,107,787 | ---- | C] () -- C:\Programme\nvcplara.chm [2006.06.01 16:22:00 | 000,107,715 | ---- | C] () -- C:\Programme\nvcplesn.chm [2006.06.01 16:22:00 | 000,107,619 | ---- | C] () -- C:\Programme\NVRSAR.dl_ [2006.06.01 16:22:00 | 000,107,557 | ---- | C] () -- C:\Programme\nv3dHEB.chm [2006.06.01 16:22:00 | 000,107,365 | ---- | C] () -- C:\Programme\nvcplita.chm [2006.06.01 16:22:00 | 000,106,941 | ---- | C] () -- C:\Programme\nvcplchs.chm [2006.06.01 16:22:00 | 000,106,767 | ---- | C] () -- C:\Programme\nv3dELL.chm [2006.06.01 16:22:00 | 000,106,693 | ---- | C] () -- C:\Programme\nv3dKOR.chm [2006.06.01 16:22:00 | 000,106,659 | ---- | C] () -- C:\Programme\nvcplptg.chm [2006.06.01 16:22:00 | 000,106,571 | ---- | C] () -- C:\Programme\nvcplptb.chm [2006.06.01 16:22:00 | 000,106,513 | ---- | C] () -- C:\Programme\nvcpldeu.chm [2006.06.01 16:22:00 | 000,106,413 | ---- | C] () -- C:\Programme\nv3dPLK.chm [2006.06.01 16:22:00 | 000,106,413 | ---- | C] () -- C:\Programme\nv3dARA.chm [2006.06.01 16:22:00 | 000,106,245 | ---- | C] () -- C:\Programme\nvcplesm.chm [2006.06.01 16:22:00 | 000,105,997 | ---- | C] () -- C:\Programme\nv3dSKY.chm [2006.06.01 16:22:00 | 000,105,933 | ---- | C] () -- C:\Programme\nv3dCHT.chm [2006.06.01 16:22:00 | 000,105,689 | ---- | C] () -- C:\Programme\nv3dRUS.chm [2006.06.01 16:22:00 | 000,105,603 | ---- | C] () -- C:\Programme\nv3dTRK.chm [2006.06.01 16:22:00 | 000,105,249 | ---- | C] () -- C:\Programme\nvcplsve.chm [2006.06.01 16:22:00 | 000,105,211 | ---- | C] () -- C:\Programme\nvcplnld.chm [2006.06.01 16:22:00 | 000,105,121 | ---- | C] () -- C:\Programme\nvcplfra.chm [2006.06.01 16:22:00 | 000,105,025 | ---- | C] () -- C:\Programme\nvcplnor.chm [2006.06.01 16:22:00 | 000,104,809 | ---- | C] () -- C:\Programme\nvcpldan.chm [2006.06.01 16:22:00 | 000,104,248 | ---- | C] () -- C:\Programme\nvcpl.chm [2006.06.01 16:22:00 | 000,104,183 | ---- | C] () -- C:\Programme\nvcpleng.chm [2006.06.01 16:22:00 | 000,103,867 | ---- | C] () -- C:\Programme\nv3dSLV.chm [2006.06.01 16:22:00 | 000,103,723 | ---- | C] () -- C:\Programme\nv3dDEU.chm [2006.06.01 16:22:00 | 000,103,591 | ---- | C] () -- C:\Programme\nv3dCHS.chm [2006.06.01 16:22:00 | 000,103,238 | ---- | C] () -- C:\Programme\nvMccsS.dl_ [2006.06.01 16:22:00 | 000,103,225 | ---- | C] () -- C:\Programme\nv3dCSY.chm [2006.06.01 16:22:00 | 000,102,949 | ---- | C] () -- C:\Programme\nv3dESM.chm [2006.06.01 16:22:00 | 000,102,737 | ---- | C] () -- C:\Programme\nv3dHUN.chm [2006.06.01 16:22:00 | 000,102,605 | ---- | C] () -- C:\Programme\nv3dFIN.chm [2006.06.01 16:22:00 | 000,102,543 | ---- | C] () -- C:\Programme\nv3dESN.chm [2006.06.01 16:22:00 | 000,100,466 | ---- | C] () -- C:\Programme\NVRSJA.dl_ [2006.06.01 16:22:00 | 000,100,227 | ---- | C] () -- C:\Programme\nv3dITA.chm [2006.06.01 16:22:00 | 000,099,455 | ---- | C] () -- C:\Programme\nv3dPTG.chm [2006.06.01 16:22:00 | 000,099,438 | ---- | C] () -- C:\Programme\nv3d.chm [2006.06.01 16:22:00 | 000,099,405 | ---- | C] () -- C:\Programme\nv3dPTB.chm [2006.06.01 16:22:00 | 000,099,389 | ---- | C] () -- C:\Programme\nvwrsel.dl_ [2006.06.01 16:22:00 | 000,099,189 | ---- | C] () -- C:\Programme\NVRSKO.dl_ [2006.06.01 16:22:00 | 000,099,181 | ---- | C] () -- C:\Programme\nv3dDAN.chm [2006.06.01 16:22:00 | 000,098,529 | ---- | C] () -- C:\Programme\nv3dSVE.chm [2006.06.01 16:22:00 | 000,098,529 | ---- | C] () -- C:\Programme\nv3dNLD.chm [2006.06.01 16:22:00 | 000,097,581 | ---- | C] () -- C:\Programme\nv3dNOR.chm [2006.06.01 16:22:00 | 000,097,459 | ---- | C] () -- C:\Programme\nv3dFRA.chm [2006.06.01 16:22:00 | 000,096,145 | ---- | C] () -- C:\Programme\nv3dENG.chm [2006.06.01 16:22:00 | 000,095,226 | ---- | C] () -- C:\Programme\nvwrsru.dl_ [2006.06.01 16:22:00 | 000,093,693 | ---- | C] () -- C:\Programme\nvwrshu.dl_ [2006.06.01 16:22:00 | 000,093,302 | ---- | C] () -- C:\Programme\NVRSZHC.dl_ [2006.06.01 16:22:00 | 000,092,516 | ---- | C] () -- C:\Programme\nvwrses.dl_ [2006.06.01 16:22:00 | 000,090,968 | ---- | C] () -- C:\Programme\nvwrsfr.dl_ [2006.06.01 16:22:00 | 000,090,925 | ---- | C] () -- C:\Programme\nvwrspt.dl_ [2006.06.01 16:22:00 | 000,090,406 | ---- | C] () -- C:\Programme\nvwrsesm.dl_ [2006.06.01 16:22:00 | 000,090,361 | ---- | C] () -- C:\Programme\nvwrsnl.dl_ [2006.06.01 16:22:00 | 000,090,357 | ---- | C] () -- C:\Programme\nvapi.dl_ [2006.06.01 16:22:00 | 000,090,104 | ---- | C] () -- C:\Programme\nvwrsde.dl_ [2006.06.01 16:22:00 | 000,090,002 | ---- | C] () -- C:\Programme\nvwrssk.dl_ [2006.06.01 16:22:00 | 000,089,669 | ---- | C] () -- C:\Programme\nvwrspl.dl_ [2006.06.01 16:22:00 | 000,089,560 | ---- | C] () -- C:\Programme\nvwrsit.dl_ [2006.06.01 16:22:00 | 000,089,507 | ---- | C] () -- C:\Programme\nvwrsptb.dl_ [2006.06.01 16:22:00 | 000,088,830 | ---- | C] () -- C:\Programme\nvwrstr.dl_ [2006.06.01 16:22:00 | 000,088,232 | ---- | C] () -- C:\Programme\nvwrssl.dl_ [2006.06.01 16:22:00 | 000,088,197 | ---- | C] () -- C:\Programme\NVRSEL.dl_ [2006.06.01 16:22:00 | 000,087,448 | ---- | C] () -- C:\Programme\nvwrsfi.dl_ [2006.06.01 16:22:00 | 000,087,214 | ---- | C] () -- C:\Programme\nvwrscs.dl_ [2006.06.01 16:22:00 | 000,087,042 | ---- | C] () -- C:\Programme\nvsvc32.ex_ [2006.06.01 16:22:00 | 000,086,200 | ---- | C] () -- C:\Programme\NvColor.ex_ [2006.06.01 16:22:00 | 000,085,244 | ---- | C] () -- C:\Programme\nvwrsda.dl_ [2006.06.01 16:22:00 | 000,085,082 | ---- | C] () -- C:\Programme\nvwrsno.dl_ [2006.06.01 16:22:00 | 000,085,066 | ---- | C] () -- C:\Programme\nvwrssv.dl_ [2006.06.01 16:22:00 | 000,085,028 | ---- | C] () -- C:\Programme\NVRSRU.dl_ [2006.06.01 16:22:00 | 000,084,018 | ---- | C] () -- C:\Programme\nvwrshe.dl_ [2006.06.01 16:22:00 | 000,083,744 | ---- | C] () -- C:\Programme\nvwrsar.dl_ [2006.06.01 16:22:00 | 000,083,305 | ---- | C] () -- C:\Programme\NVRSDE.dl_ [2006.06.01 16:22:00 | 000,081,945 | ---- | C] () -- C:\Programme\NVRSSK.dl_ [2006.06.01 16:22:00 | 000,081,709 | ---- | C] () -- C:\Programme\NVRSFR.dl_ [2006.06.01 16:22:00 | 000,081,603 | ---- | C] () -- C:\Programme\nvwrseng.dl_ [2006.06.01 16:22:00 | 000,081,370 | ---- | C] () -- C:\Programme\NVRSES.dl_ [2006.06.01 16:22:00 | 000,080,831 | ---- | C] () -- C:\Programme\NVRSHU.dl_ [2006.06.01 16:22:00 | 000,080,695 | ---- | C] () -- C:\Programme\NVEPClnt.ex_ [2006.06.01 16:22:00 | 000,080,624 | ---- | C] () -- C:\Programme\NVRSNL.dl_ [2006.06.01 16:22:00 | 000,080,607 | ---- | C] () -- C:\Programme\NVRSIT.dl_ [2006.06.01 16:22:00 | 000,080,383 | ---- | C] () -- C:\Programme\NVRSPL.dl_ [2006.06.01 16:22:00 | 000,079,977 | ---- | C] () -- C:\Programme\NVRSTH.dl_ [2006.06.01 16:22:00 | 000,079,945 | ---- | C] () -- C:\Programme\NVRSPT.dl_ [2006.06.01 16:22:00 | 000,079,309 | ---- | C] () -- C:\Programme\NVRSCS.dl_ [2006.06.01 16:22:00 | 000,079,235 | ---- | C] () -- C:\Programme\NVRSTR.dl_ [2006.06.01 16:22:00 | 000,079,092 | ---- | C] () -- C:\Programme\NVRSESM.dl_ [2006.06.01 16:22:00 | 000,078,597 | ---- | C] () -- C:\Programme\NVRSPTB.dl_ [2006.06.01 16:22:00 | 000,078,369 | ---- | C] () -- C:\Programme\NVRSSL.dl_ [2006.06.01 16:22:00 | 000,076,320 | ---- | C] () -- C:\Programme\NVRSDA.dl_ [2006.06.01 16:22:00 | 000,075,822 | ---- | C] () -- C:\Programme\NVRSSV.dl_ [2006.06.01 16:22:00 | 000,075,584 | ---- | C] () -- C:\Programme\NVRSFI.dl_ [2006.06.01 16:22:00 | 000,075,541 | ---- | C] () -- C:\Programme\NVRSNO.dl_ [2006.06.01 16:22:00 | 000,073,899 | ---- | C] () -- C:\Programme\NVRSENG.dl_ [2006.06.01 16:22:00 | 000,073,248 | ---- | C] () -- C:\Programme\nvwrsja.dl_ [2006.06.01 16:22:00 | 000,069,681 | ---- | C] () -- C:\Programme\nvwrsko.dl_ [2006.06.01 16:22:00 | 000,068,593 | ---- | C] () -- C:\Programme\setup.skin [2006.06.01 16:22:00 | 000,066,670 | ---- | C] () -- C:\Programme\modes.txt [2006.06.01 16:22:00 | 000,066,220 | ---- | C] () -- C:\Programme\nvwrszht.dl_ [2006.06.01 16:22:00 | 000,065,203 | ---- | C] () -- C:\Programme\nvwrszhc.dl_ [2006.06.01 16:22:00 | 000,060,169 | ---- | C] () -- C:\Programme\nvmobJPN.chm [2006.06.01 16:22:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobKOR.chm [2006.06.01 16:22:00 | 000,058,989 | ---- | C] () -- C:\Programme\nvmobCHT.chm [2006.06.01 16:22:00 | 000,058,975 | ---- | C] () -- C:\Programme\nvmobTHA.chm [2006.06.01 16:22:00 | 000,058,433 | ---- | C] () -- C:\Programme\nvmobELL.chm [2006.06.01 16:22:00 | 000,058,265 | ---- | C] () -- C:\Programme\nvmobHEB.chm [2006.06.01 16:22:00 | 000,058,009 | ---- | C] () -- C:\Programme\nvmobCHS.chm [2006.06.01 16:22:00 | 000,057,505 | ---- | C] () -- C:\Programme\nvmobPLK.chm [2006.06.01 16:22:00 | 000,057,271 | ---- | C] () -- C:\Programme\nvmobARA.chm [2006.06.01 16:22:00 | 000,057,135 | ---- | C] () -- C:\Programme\nvmobHUN.chm [2006.06.01 16:22:00 | 000,057,085 | ---- | C] () -- C:\Programme\nvmobTRK.chm [2006.06.01 16:22:00 | 000,057,065 | ---- | C] () -- C:\Programme\NVRSZHT.dl_ [2006.06.01 16:22:00 | 000,057,065 | ---- | C] () -- C:\Programme\nvmobRUS.chm [2006.06.01 16:22:00 | 000,057,003 | ---- | C] () -- C:\Programme\nvmobSKY.chm [2006.06.01 16:22:00 | 000,056,769 | ---- | C] () -- C:\Programme\nvmobSLV.chm [2006.06.01 16:22:00 | 000,056,641 | ---- | C] () -- C:\Programme\nvmobFIN.chm [2006.06.01 16:22:00 | 000,056,411 | ---- | C] () -- C:\Programme\nvmobCSY.chm [2006.06.01 16:22:00 | 000,055,905 | ---- | C] () -- C:\Programme\nvmobITA.chm [2006.06.01 16:22:00 | 000,055,873 | ---- | C] () -- C:\Programme\nvmobDEU.chm [2006.06.01 16:22:00 | 000,055,639 | ---- | C] () -- C:\Programme\nvmobPTG.chm [2006.06.01 16:22:00 | 000,055,539 | ---- | C] () -- C:\Programme\nvmobESM.chm [2006.06.01 16:22:00 | 000,055,527 | ---- | C] () -- C:\Programme\nvmobESN.chm [2006.06.01 16:22:00 | 000,055,457 | ---- | C] () -- C:\Programme\nvmobNLD.chm [2006.06.01 16:22:00 | 000,055,387 | ---- | C] () -- C:\Programme\nvmobSVE.chm [2006.06.01 16:22:00 | 000,055,351 | ---- | C] () -- C:\Programme\nvmobPTB.chm [2006.06.01 16:22:00 | 000,055,343 | ---- | C] () -- C:\Programme\nvmobFRA.chm [2006.06.01 16:22:00 | 000,055,235 | ---- | C] () -- C:\Programme\nvmobNOR.chm [2006.06.01 16:22:00 | 000,055,183 | ---- | C] () -- C:\Programme\nvmobDAN.chm [2006.06.01 16:22:00 | 000,054,878 | ---- | C] () -- C:\Programme\nvmob.chm [2006.06.01 16:22:00 | 000,050,711 | ---- | C] () -- C:\Programme\nv4_disp.inf [2006.06.01 16:22:00 | 000,048,486 | ---- | C] () -- C:\Programme\nvwddi.dl_ [2006.06.01 16:22:00 | 000,048,187 | ---- | C] () -- C:\Programme\nvwcphu.hl_ [2006.06.01 16:22:00 | 000,047,242 | ---- | C] () -- C:\Programme\nvwcptr.hl_ [2006.06.01 16:22:00 | 000,046,147 | ---- | C] () -- C:\Programme\nvwcppl.hl_ [2006.06.01 16:22:00 | 000,044,545 | ---- | C] () -- C:\Programme\nvwcpsk.hl_ [2006.06.01 16:22:00 | 000,044,070 | ---- | C] () -- C:\Programme\NvMCTray.dl_ [2006.06.01 16:22:00 | 000,043,453 | ---- | C] () -- C:\Programme\nvwcpde.hl_ [2006.06.01 16:22:00 | 000,042,442 | ---- | C] () -- C:\Programme\nvwcpfi.hl_ [2006.06.01 16:22:00 | 000,042,172 | ---- | C] () -- C:\Programme\nvwcpsv.hl_ [2006.06.01 16:22:00 | 000,042,138 | ---- | C] () -- C:\Programme\nvwcpfr.hl_ [2006.06.01 16:22:00 | 000,042,133 | ---- | C] () -- C:\Programme\nvwcpsl.hl_ [2006.06.01 16:22:00 | 000,041,746 | ---- | C] () -- C:\Programme\nvwcppt.hl_ [2006.06.01 16:22:00 | 000,041,475 | ---- | C] () -- C:\Programme\nvwcpru.hl_ [2006.06.01 16:22:00 | 000,041,415 | ---- | C] () -- C:\Programme\nvwcpptb.hl_ [2006.06.01 16:22:00 | 000,041,254 | ---- | C] () -- C:\Programme\nvwcpel.hl_ [2006.06.01 16:22:00 | 000,041,106 | ---- | C] () -- C:\Programme\nvwcphe.hl_ [2006.06.01 16:22:00 | 000,040,980 | ---- | C] () -- C:\Programme\nvwcpko.hl_ [2006.06.01 16:22:00 | 000,040,978 | ---- | C] () -- C:\Programme\nvwcpda.hl_ [2006.06.01 16:22:00 | 000,040,703 | ---- | C] () -- C:\Programme\nvwcpnl.hl_ [2006.06.01 16:22:00 | 000,039,750 | ---- | C] () -- C:\Programme\nvwcpit.hl_ [2006.06.01 16:22:00 | 000,039,708 | ---- | C] () -- C:\Programme\nvwcpno.hl_ [2006.06.01 16:22:00 | 000,039,572 | ---- | C] () -- C:\Programme\nvwcpja.hl_ [2006.06.01 16:22:00 | 000,039,558 | ---- | C] () -- C:\Programme\nvwcpes.hl_ [2006.06.01 16:22:00 | 000,039,524 | ---- | C] () -- C:\Programme\nvwcpcs.hl_ [2006.06.01 16:22:00 | 000,039,144 | ---- | C] () -- C:\Programme\nvwcpesm.hl_ [2006.06.01 16:22:00 | 000,039,039 | ---- | C] () -- C:\Programme\nvwcpar.hl_ [2006.06.01 16:22:00 | 000,037,652 | ---- | C] () -- C:\Programme\nvcpl.cp_ [2006.06.01 16:22:00 | 000,037,514 | ---- | C] () -- C:\Programme\nvwcpeng.hl_ [2006.06.01 16:22:00 | 000,037,359 | ---- | C] () -- C:\Programme\nvwcplen.hl_ [2006.06.01 16:22:00 | 000,036,005 | ---- | C] () -- C:\Programme\nvwcpth.hl_ [2006.06.01 16:22:00 | 000,035,237 | ---- | C] () -- C:\Programme\nvtuicpl.cp_ [2006.06.01 16:22:00 | 000,033,585 | ---- | C] () -- C:\Programme\nvwcpzhc.hl_ [2006.06.01 16:22:00 | 000,032,242 | ---- | C] () -- C:\Programme\nvwcpzht.hl_ [2006.06.01 16:22:00 | 000,029,080 | ---- | C] () -- C:\Programme\data1.hdr [2006.06.01 16:22:00 | 000,023,556 | ---- | C] () -- C:\Programme\nvcod.dl_ [2006.06.01 16:22:00 | 000,016,960 | ---- | C] () -- C:\Programme\NVDisp.nvu [2006.06.01 16:22:00 | 000,014,730 | ---- | C] () -- C:\Programme\NvApps.xm_ [2006.06.01 16:22:00 | 000,010,222 | ---- | C] () -- C:\Programme\default.tv_ [2006.06.01 16:22:00 | 000,009,972 | ---- | C] () -- C:\Programme\NvwsApps.xm_ [2006.06.01 16:22:00 | 000,009,110 | ---- | C] () -- C:\Programme\nvmccsrs.dl_ [2006.06.01 16:22:00 | 000,006,144 | ---- | C] () -- C:\Programme\Finance.tv_ [2006.06.01 16:22:00 | 000,006,101 | ---- | C] () -- C:\Programme\Advanced.tv_ [2006.06.01 16:22:00 | 000,005,857 | ---- | C] () -- C:\Programme\DCC.tv_ [2006.06.01 16:22:00 | 000,005,661 | ---- | C] () -- C:\Programme\CAD.tv_ [2006.06.01 16:22:00 | 000,000,862 | ---- | C] () -- C:\Programme\setup.ini [2006.06.01 16:22:00 | 000,000,512 | ---- | C] () -- C:\Programme\data2.cab [2006.06.01 16:22:00 | 000,000,510 | ---- | C] () -- C:\Programme\layout.bin [2006.06.01 16:22:00 | 000,000,431 | ---- | C] () -- C:\Programme\setup.iss [2004.08.04 01:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1999.01.23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009.05.06 15:41:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverCure [2008.05.26 18:49:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2008.12.23 16:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2008.05.23 09:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Funcom [2008.07.17 13:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.05.03 12:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ParetoLogic [2009.08.22 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2009.02.06 17:42:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL Manager [2009.02.06 17:42:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.08.26 19:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2009.12.05 20:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2008.09.18 16:54:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\.# [2008.11.23 12:16:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Acreon [2007.10.20 19:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\ConvertTemp [2008.08.07 19:42:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\DAEMON Tools [2009.05.06 15:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\DriverCure [2008.07.17 14:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\ICQ [2006.07.20 20:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\ICQLite [2006.07.17 15:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Opera [2007.05.09 18:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Panasonic [2007.10.20 19:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Samsung [2007.07.02 08:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\T-DSL Manager [2007.06.01 14:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\T-DSL SpeedManager [2007.10.20 19:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\Temporary [2009.08.26 19:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\TomTom [2007.10.20 19:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\TransRender [2010.03.19 19:51:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\TS3Client [2008.11.03 18:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\WEB.DE [2008.10.09 22:33:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\XnView [2009.02.17 21:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore [2010.11.14 19:06:05 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2010.11.13 00:33:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 15.11.2010 11:15:08 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Enrico\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 26,57 Gb Free Space | 34,65% Space Free | Partition Type: NTFS Computer Name: ENNO | User Name: Enrico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader "6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*isabled:ICQ Lite -- File not found "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 03d8e4d0\Launcher.exe" = C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 03d8e4d0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found "C:\wow\BackgroundDownloader.exe" = C:\wow\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found "C:\wow\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\wow\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\wow\Launcher.exe" = C:\wow\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\wow\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\wow\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\wow\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\wow\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found "C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Apps\2.0\0PGGTNK5.VGG\3CVVLDAY.Z99\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe" = C:\Dokumente und Einstellungen\Enrico\Lokale Einstellungen\Apps\2.0\0PGGTNK5.VGG\3CVVLDAY.Z99\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0 Demo "{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-185C "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{84814E6B-2581-46EC-926A-823BD1C670F6}" = ASUS Bluetooth Software "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A047546B-1FC0-42AB-972E-EC689D9CF08D}" = CAMagic Mobile for Bluetooth "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "ie8" = Windows Internet Explorer 8 "InstallShield_{3C3B2C97-0DAB-482F-9C95-6610827210E3}" = ASUS nVIDIA Driver "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "IrfanView" = IrfanView (remove only) "Kaspersky Online Scanner" = Kaspersky Online Scanner "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "ST6UNST #1" = BEWERBUNGS-MASTER "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamSpeakOverlay" = TeamSpeak Overlay BETA 2 (#63) "TomTom HOME" = TomTom HOME 2.7.4.1962 "VLC media player" = VideoLAN VLC media player 0.8.6i "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Warcraft" = World of Warcraft "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XnView_is1" = XnView 1.94.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1801674531-527237240-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.05.2010 18:09:34 | Computer Name = ENNO | Source = nview_info | ID = 11141121 Description = Error - 21.05.2010 12:37:34 | Computer Name = ENNO | Source = nview_info | ID = 11141121 Description = Error - 29.05.2010 20:43:08 | Computer Name = ENNO | Source = nview_info | ID = 11141121 Description = Error - 30.05.2010 17:13:16 | Computer Name = ENNO | Source = nview_info | ID = 11141121 Description = Error - 03.06.2010 07:13:37 | Computer Name = ENNO | Source = TomTomHOMEService | ID = 10000 Description = Error - 11.07.2010 03:10:20 | Computer Name = ENNO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.07.2010 03:10:20 | Computer Name = ENNO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.10.2010 12:53:54 | Computer Name = ENNO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.10.2010 12:53:54 | Computer Name = ENNO | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 14.11.2010 16:49:44 | Computer Name = ENNO | Source = MsiInstaller | ID = 1013 Description = Programm: Kaspersky PURE -- Auf Ihrem Computer ist bereits eine Kaspersky-Lab-Anwendung installiert. Bitte entfernen Sie diese Anwendung vor der Installation von Kaspersky PURE. [ System Events ] Error - 14.11.2010 17:55:55 | Computer Name = ENNO | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 14.11.2010 17:55:55 | Computer Name = ENNO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 15.11.2010 03:39:07 | Computer Name = ENNO | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 15.11.2010 03:39:07 | Computer Name = ENNO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 15.11.2010 04:00:50 | Computer Name = ENNO | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 15.11.2010 04:00:50 | Computer Name = ENNO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 15.11.2010 05:57:52 | Computer Name = ENNO | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 15.11.2010 05:57:52 | Computer Name = ENNO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AliIde sptd Error - 15.11.2010 06:05:26 | Computer Name = ENNO | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "Terminaldienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 15.11.2010 06:05:26 | Computer Name = ENNO | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd < End of report > |
15.11.2010, 22:43 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) ua mit mwbam gefunden... Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL DRV - (TSMPacket) -- C:\WINDOWS\System32\DRIVERS\tsmpkt.sys File not found DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\4E.tmp File not found DRV - (dsltestSp5) -- C:\WINDOWS\System32\Drivers\dsltestSp5.sys File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.12 17:14:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{da5f7c3d-926c-11de-88f0-00138f9375f1}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell - "" = AutoRun O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\1\Command - "" = G:\Recycled.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\2\Command - "" = G:\Recycled.exe -- File not found O33 - MountPoints2\{e9493ff6-d0e1-11dd-87c2-00138f9375f1}\Shell\AutoRun - "" = Auto&Play [2008.09.18 16:54:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Enrico\Anwendungsdaten\.# :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
Themen zu C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) ua mit mwbam gefunden... |
0x00000001, audiograbber, avira, avp, avp.exe, bho, bonjour, ccsetup, delus.bat, entfernen, error, firefox, flash player, fontcache, gefunden.., helper, home, internet security 2011, jusched.exe, kaspersky, kis, location, logfile, msiinstaller, msvcr80.dll, object, oldtimer, opera.exe, otl.exe, plug-in, realtek, registry, saver, scan, searchplugins, security, senden, server, service pack 1, shell32.dll, software, sptd.sys, staropen, system, system restore, tastatur, teamspeak, visual studio, vlc media player, windows, windows internet, worm.autorun |