|
Log-Analyse und Auswertung: Internet Explorer spammt Werbung (obwohl er geschlossen ist)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.03.2011, 18:34 | #1 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Wollte schon gerade ein Thema erstellen und war auch kurz davor abzuschicken aber dann hat sich mein PC wegen den vielen Fenstern aufgehangen, deshalb fasse ich mich jetzt so kurz wie möglich: Internet Explorer öffnet in unregelmäßigen Abständen (1-3min) Werbung obwohl er geschlossen ist, benutze auch eigentlich Safari. Es ist die unterschiedlichste Werbung, aber meistens hat es in der URL ein "ad" am Anfang. Ich benutze Windows XP 32-bit über Bootcamp (Macbook) Entschuldigung das ich mich so kurz fasse aber ich kann kaum etwas machen da sich hier andauernd Fenster öffnen. Hier ist der HijackThis-Log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:22:14, on 18.03.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Boot Camp\Bootcamp.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\DOKUME~1\*****\LOKALE~1\Temp\Rs2.exe C:\Programme\Safari\Safari.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Rkasea.exe C:\DOKUME~1\****\LOKALE~1\Temp\Rs1.exe C:\DOKUME~1\*****\LOKALE~1\Temp\704iteqm.tmp\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://domredi.com/1/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) R3 - URLSearchHook: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll F2 - REG:system.ini: UserInit= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (file missing) O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: uTorrentBar_DE Toolbar - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [mycffrqe] C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe O4 - HKCU\..\Run: [A9YA3MI1CF] C:\DOKUME~1\Alex96\LOKALE~1\Temp\Rs1.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E530D2AD-2FCF-4E81-8EAE-27A8E213582D}: NameServer = 192.168.0.1,80.69.100.230 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: wvUkKDuv - Invalid registry found O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple-Time-Server (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- End of file - 9356 bytes Ich habe gerade bemerkt das man keine HiJack-Logfiles posten soll, ich werde es noch gleich editieren. Geändert von EpicWinner (18.03.2011 um 18:43 Uhr) |
18.03.2011, 19:19 | #2 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Bitte beachte:
__________________http://www.trojaner-board.de/95173-b...es-posten.html |
19.03.2011, 14:05 | #3 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Wollte es auch schon gestern editieren und einen anderen .Log posten, aber leider komme ich garnicht mehr rein.
__________________Nachdem ich die Load.exe gestartet habe (stand in den Regeln), habe ich gesehen das da eine art Datei namens sshnas.dll oder so gelöscht wurde, beim rebooten muss ich jetzt immer meinen Windows-Account auswählen, aber wenn ich das tue, kommt nur kurz mein Desktop-Hintergrund, und ich werde sofort wieder abgemeldet. Ich kann jetzt leider keine genaueren Infos geben da ich nicht reinkomme, wüsste vielleicht trotzdem jemand wie man das beheben könnte? |
19.03.2011, 16:57 | #4 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Unbootbares System mit OTLPE Network scannen
ISOBurner Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. |
19.03.2011, 18:51 | #5 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) So bin jetzt kurz davor "Run Scan" zu drücken jedoch habe ich hier eine weitere Option die in deinem Screenshot nicht aufgeführt ist, und zwar "Use No-Company-Name WhiteList", bei dieser Option ist auch ein Häckchen drin. Soll ich das so lassen oder aushacken? |
19.03.2011, 18:52 | #6 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Ja lass das so. |
19.03.2011, 19:11 | #7 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) OTL.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/19/2011 6:59:11 PM - Run OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50.56 Gb Total Space | 7.20 Gb Free Space | 14.25% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (SSHNAS) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2011/03/03 06:08:39 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/01/10 09:23:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/01/10 09:22:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/14 09:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/12/14 09:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2010/10/15 19:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/04/14 18:17:04 | 000,099,640 | ---- | M] (Apple Inc.) [Auto] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv) SRV - [2010/04/14 18:17:02 | 000,144,696 | ---- | M] () [Auto] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr) SRV - [2010/01/20 19:52:14 | 000,167,528 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2010/01/20 19:52:12 | 000,370,792 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/03/03 06:08:40 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011/02/11 13:22:06 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2011/01/10 09:23:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/01/10 09:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/11/29 14:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010/10/07 10:09:46 | 000,138,184 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/17 09:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010/04/14 14:24:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2010/04/14 14:24:23 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2010/04/14 14:24:23 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010/04/14 14:24:23 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010/04/14 05:22:41 | 000,030,208 | ---- | M] (Cirrus Logic) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\clhdaud.sys -- (HdAudAddService) DRV - [2010/04/14 05:22:33 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2010/04/14 05:22:00 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic) DRV - [2010/04/14 04:44:58 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent) DRV - [2010/04/14 04:44:56 | 000,048,768 | ---- | M] (Apple Inc.) [File_System | Boot] -- C:\WINDOWS\System32\drivers\AppleHFS.sys -- (AppleHFS) DRV - [2010/04/14 04:44:56 | 000,005,120 | ---- | M] (Apple Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\AppleMNT.sys -- (AppleMNT) DRV - [2010/04/14 04:44:54 | 000,012,928 | ---- | M] (Apple Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver) DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2010/04/11 09:03:39 | 000,029,568 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp) DRV - [2010/04/11 09:03:39 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm) DRV - [2010/01/10 16:41:27 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AppleBtBc.sys -- (AppleBtBc) DRV - [2005/05/17 08:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005/05/16 09:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005/05/16 09:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Alex96_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://domredi.com/1/ IE - HKU\Alex96_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found IE - HKU\Alex96_ON_C\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKU\Alex96_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Alex96_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKU\Alex96_ON_C\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKU\Alex96_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\Alex96_ON_C..\Run: [A9YA3MI1CF] File not found O4 - HKU\Alex96_ON_C..\Run: [mycffrqe] C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found) O20 - Winlogon\Notify\wvUkKDuv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/10/04 10:29:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\H\Shell\setup\command - "" = H:\setup.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\CDCheck.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\J\Shell\setup\command - "" = J:\setup.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\K\Shell\setup\command - "" = K:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/18 13:41:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Alex96\Desktop\Erunt-setup.exe [2011/03/18 13:41:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex96\Desktop\OTL.exe [2011/03/18 13:41:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex96\Desktop\TFC.exe [2011/03/18 13:21:49 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Alex96\Recent [2011/03/18 12:41:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011/03/18 12:00:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2011/03/18 11:59:59 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2011/03/18 11:59:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavasoft [2011/03/18 11:59:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2011/03/18 11:58:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Simply Super Software [2011/03/18 11:58:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2011/03/18 11:57:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2011/03/18 11:57:47 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011/03/18 11:57:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2011/03/18 11:57:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Simply Super Software [2011/03/18 11:57:18 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\trjsetup682.exe [2011/03/18 10:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\Help [2011/03/18 10:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Help [2011/03/18 10:40:29 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Alex96\UserData [2011/03/18 09:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011/03/18 09:46:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Avira [2011/03/18 09:43:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011/03/18 09:43:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011/03/18 09:43:26 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011/03/18 09:43:26 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011/03/18 09:43:26 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011/03/18 09:43:26 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011/03/18 09:43:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011/03/18 09:43:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011/03/15 14:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\18 WoS American Long Haul [2011/03/15 14:19:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\18 Wheels of Steel American Long Haul [2011/03/15 14:18:42 | 000,000,000 | ---D | C] -- C:\Programme\ValuSoft [2011/03/14 12:30:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\18 WoS Extreme Trucker 2 [2011/03/14 12:28:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\18 WoS Extreme Trucker 2 [2011/03/11 19:41:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\Fraps [2011/03/11 19:39:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Petroglyph [2011/03/11 19:36:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\skypePM [2011/03/11 19:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011/03/11 19:35:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2011/03/11 19:35:15 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2011/03/11 19:35:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Skype [2011/03/11 19:35:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2011/03/11 15:20:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\gtk-2.0 [2011/03/11 15:19:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\.thumbnails [2011/03/11 15:19:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\gegl-0.0 [2011/03/11 15:19:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\.gimp-2.6 [2011/03/11 15:18:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GIMP [2011/03/11 15:18:03 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2011/03/11 14:57:23 | 000,000,000 | ---D | C] -- C:\Programme\LucasArts [2011/03/11 14:57:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LucasArts [2011/03/11 13:21:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Sierra Entertainment [2011/03/11 13:12:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AGEIA [2011/03/11 13:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA [2011/03/11 13:12:29 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies [2011/03/11 13:12:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2011/03/11 12:55:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\InstallShield [2011/03/09 04:27:54 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2011/03/08 16:42:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\mpdemo [2011/03/08 16:40:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2011/03/08 16:40:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2011/03/08 08:56:49 | 000,000,000 | ---D | C] -- C:\Programme\booddanet [2011/03/06 15:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\Half-Life 2 [2011/03/06 14:31:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\FFSJ [2011/03/06 10:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FFSJ [2011/03/06 08:12:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steam [2011/03/05 12:57:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games [2011/03/05 12:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\Portal Prelude 1.1.5 [2011/03/04 10:54:53 | 000,000,000 | ---D | C] -- C:\Programme\Lavalys [2011/03/04 10:54:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys [2011/03/03 10:54:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\InstallShield Installation Information [2011/03/03 10:53:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Rockstar Games [2011/02/26 21:54:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\SKIDROW [2011/02/26 15:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\My Games [2011/02/26 15:43:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2011/02/26 15:43:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2011/02/26 15:43:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2011/02/26 15:43:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2011/02/26 15:43:10 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2011/02/26 15:43:09 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2011/02/26 15:43:09 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2011/02/26 15:43:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2011/02/26 15:43:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2011/02/26 15:43:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2011/02/26 15:43:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2011/02/26 15:43:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2011/02/26 15:43:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2011/02/26 15:43:02 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2011/02/26 15:43:01 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2011/02/26 15:43:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2011/02/26 15:43:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2011/02/26 15:43:00 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2011/02/26 15:42:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2011/02/26 15:42:59 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2011/02/26 15:42:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2011/02/26 15:42:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2011/02/26 15:42:56 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2011/02/26 15:42:56 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2011/02/26 15:42:56 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2011/02/26 15:42:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2011/02/26 15:42:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2011/02/26 15:42:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2011/02/26 15:42:53 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2011/02/26 15:42:52 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2011/02/26 15:42:52 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2011/02/26 15:42:51 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2011/02/26 15:42:50 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2011/02/26 15:42:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2011/02/26 15:42:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2011/02/26 15:42:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2011/02/26 15:42:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2011/02/26 15:42:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2011/02/26 15:42:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2011/02/26 15:42:45 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2011/02/26 15:42:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2011/02/26 15:42:45 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2011/02/26 15:42:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2011/02/26 15:42:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2011/02/26 15:42:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2011/02/26 15:42:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2011/02/26 15:42:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2011/02/26 15:42:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2011/02/26 15:42:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2011/02/26 15:42:39 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2011/02/26 15:42:39 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2011/02/26 15:42:38 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2011/02/26 15:42:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll [2011/02/26 15:42:36 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll [2011/02/26 15:42:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll [2011/02/26 15:42:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll [2011/02/26 15:42:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll [2011/02/26 15:42:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2011/02/26 15:42:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll [2011/02/26 15:42:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll [2011/02/26 15:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2011/02/26 15:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Sid Meier's Civilization V [2011/02/25 15:51:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 [2011/02/25 12:10:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\My Games [2011/02/25 12:07:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Games [2011/02/25 12:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages [2011/02/25 12:06:14 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll [2011/02/25 12:06:13 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll [2011/02/25 12:06:13 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys [2011/02/25 12:06:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax [2011/02/25 12:06:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax [2011/02/25 12:06:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys [2011/02/25 12:06:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys [2011/02/25 12:06:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax [2011/02/25 12:06:13 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys [2011/02/25 12:06:13 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys [2011/02/25 12:06:11 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll [2011/02/25 12:06:11 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe [2011/02/25 12:06:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll [2011/02/25 12:06:11 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll [2011/02/25 12:06:11 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll [2011/02/25 12:06:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll [2011/02/25 12:06:11 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll [2011/02/25 12:06:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll [2011/02/25 12:06:11 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll [2011/02/25 12:06:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll [2011/02/25 12:06:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll [2011/02/25 12:06:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll [2011/02/25 12:06:10 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll [2011/02/25 12:06:10 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll [2011/02/25 12:06:10 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll [2011/02/25 12:06:10 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll [2011/02/25 12:06:10 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll [2011/02/25 12:06:10 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll [2011/02/25 12:06:10 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll [2011/02/25 12:06:10 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll [2011/02/25 12:06:10 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll [2011/02/25 12:06:10 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll [2011/02/25 12:06:10 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll [2011/02/25 12:06:10 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl [2011/02/25 12:06:10 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll [2011/02/25 12:06:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll [2011/02/25 12:06:10 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe [2011/02/25 12:06:10 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll [2011/02/25 12:06:10 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll [2011/02/25 12:06:10 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll [2011/02/25 12:06:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe [2011/02/25 12:06:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll [2011/02/25 12:06:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll [2011/02/25 12:06:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe [2011/02/25 12:06:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll [2011/02/25 12:06:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll [2011/02/25 12:06:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe [2011/02/25 12:06:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll [2011/02/25 12:06:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll [2011/02/25 12:06:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll [2011/02/24 10:20:33 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2011/02/24 10:20:28 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2011/02/24 10:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\TuneUp Utilities 2011 [2011/02/24 10:19:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\TuneUp Software [2011/02/24 10:19:33 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2011/02/24 10:18:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011/02/24 10:18:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011/02/19 15:03:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Meine empfangenen Dateien [2011/02/19 07:58:00 | 000,447,752 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll [2011/02/19 07:57:57 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft WSE [2011/02/19 07:55:15 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011/02/19 07:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011/02/19 07:53:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts [2011/02/19 02:58:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PowerISO [2011/02/19 02:58:52 | 000,000,000 | ---D | C] -- C:\Programme\PowerISO [2011/02/18 17:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex96\SystemRequirementsLab ========== Files - Modified Within 30 Days ========== [2011/03/18 13:56:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/18 13:53:08 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/03/18 13:52:28 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/03/18 13:43:44 | 000,405,692 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011/03/18 13:43:44 | 000,392,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/03/18 13:43:44 | 000,070,976 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011/03/18 13:43:44 | 000,058,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/03/18 13:41:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Alex96\Desktop\Erunt-setup.exe [2011/03/18 13:41:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex96\Desktop\OTL.exe [2011/03/18 13:41:43 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex96\Desktop\TFC.exe [2011/03/18 13:41:42 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\g2m3e4r.exe [2011/03/18 13:41:41 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart [2011/03/18 13:40:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/18 13:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/03/18 12:52:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/18 12:51:59 | 1869,307,904 | -HS- | M] () -- C:\hiberfil.sys [2011/03/18 12:41:18 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011/03/18 12:03:32 | 000,277,392 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011/03/18 12:00:53 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/03/18 12:00:52 | 000,000,855 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2011/03/18 11:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavasoft [2011/03/18 11:59:25 | 000,124,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe.vir [2011/03/18 11:58:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2011/03/18 11:58:01 | 000,000,794 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2011/03/18 11:57:26 | 010,488,608 | ---- | M] (Simply Super Software ) -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\trjsetup682.exe [2011/03/18 09:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011/03/18 02:51:36 | 000,001,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\CopyTrans Control Center.lnk [2011/03/18 02:51:06 | 003,116,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Songify This - Winning - a Song by Charlie Sheen.mp3 [2011/03/18 02:44:24 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Rkasea.exe [2011/03/14 12:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\18 WoS Extreme Trucker 2 [2011/03/14 11:46:20 | 021,071,565 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\FOCUpdate1_1.zip [2011/03/14 09:42:44 | 000,365,461 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2011/03/13 07:36:01 | 000,009,241 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Anleitung.html [2011/03/12 18:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steam [2011/03/11 19:41:42 | 000,000,486 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Fraps.lnk [2011/03/11 19:36:55 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/03/11 19:35:20 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011/03/11 19:35:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2011/03/11 15:53:55 | 000,002,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Star Wars Empire at War Forces of Corruption.lnk [2011/03/11 15:50:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LucasArts [2011/03/11 15:25:24 | 000,001,571 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\.recently-used.xbel [2011/03/11 15:18:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GIMP [2011/03/11 14:57:22 | 000,001,601 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Play Star Wars Empire at War.lnk [2011/03/11 14:06:11 | 000,014,798 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Star_Wars_Empire_At_War_Forces_Of_Corruption.4565662.TPB.torrent [2011/03/11 13:52:42 | 000,023,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\[isoHunt] PC_-_Star_Wars_Empire_At_War_[English].3446120.TPB.torrent [2011/03/11 13:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AGEIA [2011/03/11 12:44:30 | 000,024,675 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\physxloader.zip [2011/03/11 10:44:57 | 000,024,178 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\[isoHunt] c6cfac463a381d38befb43b74ea0de30a4c490b8.torrent [2011/03/09 04:27:54 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll [2011/03/08 16:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Electronic Arts [2011/03/08 09:11:33 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Half-Life 2.lnk [2011/03/07 09:36:03 | 000,124,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe [2011/03/06 10:49:34 | 000,004,206 | ---- | M] () -- C:\WINDOWS\unins000.dat [2011/03/06 10:49:23 | 000,794,906 | ---- | M] () -- C:\WINDOWS\unins000.exe [2011/03/05 13:16:04 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III - The WarChiefs.lnk [2011/03/05 13:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Games [2011/03/05 13:10:23 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk [2011/03/05 13:05:22 | 000,001,770 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III.lnk [2011/03/04 10:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lavalys [2011/03/03 10:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Rockstar Games [2011/03/03 06:08:40 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/02/26 15:53:13 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Civilization V.lnk [2011/02/19 04:31:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [2011/02/19 02:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PowerISO ========== Files Created - No Company Name ========== [2011/03/18 13:41:41 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\g2m3e4r.exe [2011/03/18 13:21:23 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/03/18 12:46:17 | 1869,307,904 | -HS- | C] () -- C:\hiberfil.sys [2011/03/18 12:41:17 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2011/03/18 12:09:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/03/18 12:05:07 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/03/18 12:00:52 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2011/03/18 12:00:52 | 000,000,855 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2011/03/18 11:59:25 | 000,124,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe.vir [2011/03/18 11:58:01 | 000,000,794 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2011/03/18 11:57:58 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011/03/18 11:57:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011/03/18 11:57:57 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2011/03/18 11:57:57 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2011/03/18 10:11:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/18 02:51:04 | 003,116,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Songify This - Winning - a Song by Charlie Sheen.mp3 [2011/03/18 02:44:29 | 000,137,216 | ---- | C] () -- C:\WINDOWS\Rkasea.exe [2011/03/18 02:44:28 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/03/18 02:44:25 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/03/14 03:43:27 | 021,071,565 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\FOCUpdate1_1.zip [2011/03/13 07:41:20 | 000,009,241 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Anleitung.html [2011/03/13 07:16:23 | 000,365,461 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Anleitung.exe [2011/03/11 19:41:42 | 000,000,486 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Fraps.lnk [2011/03/11 19:36:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/03/11 19:35:20 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011/03/11 15:53:55 | 000,002,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Star Wars Empire at War Forces of Corruption.lnk [2011/03/11 15:25:24 | 000,001,571 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\.recently-used.xbel [2011/03/11 14:57:22 | 000,001,601 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Play Star Wars Empire at War.lnk [2011/03/11 14:06:10 | 000,014,798 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\Star_Wars_Empire_At_War_Forces_Of_Corruption.4565662.TPB.torrent [2011/03/11 13:52:40 | 000,023,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\[isoHunt] PC_-_Star_Wars_Empire_At_War_[English].3446120.TPB.torrent [2011/03/11 12:45:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System\PhysXLoader.dll [2011/03/11 12:44:29 | 000,024,675 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\physxloader.zip [2011/03/11 10:44:56 | 000,024,178 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Eigene Dateien\[isoHunt] c6cfac463a381d38befb43b74ea0de30a4c490b8.torrent [2011/03/07 09:36:03 | 000,124,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe [2011/03/06 15:26:13 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Half-Life 2.lnk [2011/03/06 10:49:34 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011/03/06 10:49:33 | 000,004,206 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011/03/05 13:16:04 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III - The WarChiefs.lnk [2011/03/05 13:10:23 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III - The Asian Dynasties.lnk [2011/03/05 13:05:22 | 000,001,770 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Age of Empires III.lnk [2011/02/26 15:53:13 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Desktop\Civilization V.lnk [2011/02/25 12:06:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011/02/25 12:06:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll [2011/02/25 12:06:13 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax [2011/02/25 12:06:13 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax [2011/02/25 12:06:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax [2011/02/25 12:06:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax [2011/02/25 12:06:12 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll [2011/02/25 12:06:12 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll [2011/02/25 12:06:12 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll [2011/02/25 12:06:12 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll [2011/02/25 12:06:12 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll [2011/02/25 12:06:12 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll [2011/02/25 12:06:12 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax [2011/02/25 12:06:12 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll [2011/02/25 12:06:12 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll [2011/02/25 12:06:12 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll [2011/02/25 12:06:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll [2011/02/24 10:20:16 | 000,001,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Startmenü\Programme\TuneUp Utilities 2011 [2011/02/19 04:31:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [2011/02/13 14:10:20 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/27 18:03:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010/10/16 12:03:08 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010/10/07 09:57:00 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010/10/07 09:57:00 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\PnkBstrK.sys [2010/10/07 09:56:41 | 000,215,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010/10/07 09:56:40 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe [2010/10/07 09:56:40 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2010/10/05 15:57:03 | 000,014,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/10/05 13:45:57 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/10/04 10:55:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/10/04 10:54:08 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/04 10:31:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/10/04 10:26:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/04/14 18:17:02 | 000,144,696 | ---- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe [2010/04/14 14:25:06 | 002,185,934 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2007/03/26 05:45:18 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2007/02/20 09:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007/02/20 09:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007/02/20 09:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 08:00:00 | 000,405,692 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 08:00:00 | 000,392,630 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 08:00:00 | 000,070,976 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 08:00:00 | 000,058,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010/11/04 09:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Bioshock [2011/03/06 14:31:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\FFSJ [2010/10/05 16:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Gadu-Gadu 10 [2011/03/11 15:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\gtk-2.0 [2011/03/11 19:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Petroglyph [2011/03/18 13:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\PriceGong [2011/03/11 13:21:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Sierra Entertainment [2011/03/18 11:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\Simply Super Software [2011/02/24 10:19:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\TuneUp Software [2011/03/15 16:49:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\uTorrent [2010/12/27 19:44:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex96\Anwendungsdaten\WindSolutions [2011/02/25 15:51:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3 [2011/03/08 16:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2011/03/08 16:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2010/10/05 16:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gadu-Gadu 10 [2011/03/18 11:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2011/03/18 12:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011/02/24 10:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/12/27 19:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions [2011/02/24 10:18:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010/10/14 14:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/03/18 12:01:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} [2011/03/18 13:53:08 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/03/18 13:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/03/18 13:52:28 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:466F9D5D @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 < End of report > Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/19/2011 6:59:11 PM - Run OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50.56 Gb Total Space | 7.20 Gb Free Space | 14.25% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gadu-Gadu 10\gg.exe" = C:\Programme\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.) "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\Microsoft Games\Age of Empires III\age3y.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation) "C:\Programme\Microsoft Games\Age of Empires III\age3x.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios) "C:\Programme\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Programme\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.) "C:\Programme\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Programme\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(R): Empire at War(TM): Forces of Corruption(TM) -- (Lucasfilm Entertainment Company, Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night "{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption "{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III "{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures "{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "059B155261B840AB89EA7581CAFC636EEB1D4364" = Windows-Treiberpaket - Atheros (AR5416) Net (11/18/2009 7.7.0.429) "065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel Net (07/16/2008 9.52.10.0) "111E266FDD1556398EFC13BE47678F96E8497682" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) "18 Wheels of Steel American Long Haul 1.00" = 18 Wheels of Steel American Long Haul 1.00 "18 WoS Extreme Trucker 2" = 18 WoS Extreme Trucker 2 (v.1.0) "1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) "2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel Net (01/08/2008 8.3.9.0) "31BC243044B2C02B454ECDA8F5B44427F3754DD0" = Windows-Treiberpaket - Apple Inc. (applebt) Bluetooth (03/01/2010 3.0.0.5) "4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) "5A9DF61C17938C73DCC75C9B4B3A4DE3C74D38ED" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (02/11/2010 3.1.0.0) "5D1F13EEF9A42CC17001EAFFC701D57AF8D13E9D" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (03/01/2010 3.1.0.3) "5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) "60B5F87397EB801AB1BAB3E940CE0E077830B153" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (02/11/2010 3.1.0.0) "627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel (E1000) Net (11/07/2007 8.10.1.0) "675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) "6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows-Treiberpaket - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3) "78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.18.0) "7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) "82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) "84865EBF11DAD18A6FD975327C8DBD66D7090BAD" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (01/12/2010 3.1.0.2) "9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) "9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) "A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel (e1yexpress) Net (06/13/2008 9.52.9.0) "A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) "AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel Net (02/06/2008 9.12.17.0) "B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) "C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) "CC44F1D94CD4A86602CBF93E4023E7A7658636FB" = Windows-Treiberpaket - CirrusLogic (HdAudAddService) MEDIA (03/12/2010 1.0.0.30) "CCleaner" = CCleaner "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1 "conduitEngine" = Conduit Engine "DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) "E3DBAC6F911B4848B65E4B1B83BEF7CED25B4928" = Windows-Treiberpaket - Broadcom (b57w2k) Net (05/29/2009 12.2.0.2) "E90BBBBF2BC7869A101909EA920E455DC7354A38" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/25/2009 5.60.18.9) "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) "File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3) "Fraps" = Fraps "Gadu-Gadu 10" = Gadu-Gadu 10 "GameSpy Arcade" = GameSpy Arcade "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "MediaInfo" = MediaInfo 0.7.38 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010) "SystemRequirementsLab" = System Requirements Lab "Trojan Remover_is1" = Trojan Remover 6.8.2 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "uTorrent" = µTorrent "uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WinTracert" = WinTracert 2010.8.46 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Alex96_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "Half-Life 2" = Half-Life 2 "InstallShield_{A724605D-B399-4304-B8C7-33B3EF7D4677}" = Bully Scholarship Edition < End of report > Geändert von EpicWinner (19.03.2011 um 19:20 Uhr) |
19.03.2011, 22:15 | #8 | |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Was ist das? Zitat:
|
19.03.2011, 23:32 | #9 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Hmm ich habe keine Ahnung, habe nie sowas heruntergeladen. Besteht eigentlich eine Möglichkeit das ich mich wieder bei Windows anmelden kann? Wüsste sonst nicht wie ich den Virus löschen sollte, selbst wenn ich wüsste wie er heißt. Und danke das du dich bemühst mir zu helfen Edit: Ich habe aber gerade über Mac OS nachgeguckt und die Datei wurde bereits am 13.März erstellt, den Virus habe ich jedoch erst seit gestern. |
19.03.2011, 23:38 | #10 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Eins nach dem Andern Fixen mit OTL
Code:
ATTFilter :OTL SRV - File not found [Auto] -- -- (SSHNAS) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - No CLSID value found. O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKU\Alex96_ON_C\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKU\Alex96_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKU\Alex96_ON_C..\Run: [A9YA3MI1CF] File not found O4 - HKU\Alex96_ON_C..\Run: [mycffrqe] C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe () O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found) O20 - Winlogon\Notify\wvUkKDuv: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\H\Shell\setup\command - "" = H:\setup.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\CDCheck.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\J\Shell\setup\command - "" = J:\setup.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\K\Shell\setup\command - "" = K:\setup.exe [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/03/18 13:52:28 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/03/18 13:52:28 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/03/18 13:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/03/18 11:59:25 | 000,124,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe.vir [2011/03/07 09:36:03 | 000,124,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe [2011/03/18 02:44:29 | 000,137,216 | ---- | C] () -- C:\WINDOWS\Rkasea.exe [2011/03/18 02:44:28 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/03/18 02:44:25 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job @Alternate Data Stream - 97 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:466F9D5D @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 :Commands [purity] [emptytemp]
|
19.03.2011, 23:46 | #11 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Also wieder von der CD booten und da auf diese OTLPENet.exe klicken? |
19.03.2011, 23:47 | #12 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Genau gleich |
20.03.2011, 00:02 | #13 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Ich habe hier aber jetzt nur eine OTLPE.exe (keine OTLPENet.exe) : o Soll ich dann die OTLPE starten oder die OTLPENet runterladen und per USB-Stick übertragen? |
20.03.2011, 00:03 | #14 |
/// Malwareteam | Internet Explorer spammt Werbung (obwohl er geschlossen ist) Nein sorry meine auch diese. Einfach genau das gleiche wie vorher einfach mit dem Script einfügen.. |
20.03.2011, 00:13 | #15 |
| Internet Explorer spammt Werbung (obwohl er geschlossen ist) Nebenbei: Das Programm hat mich zwar gefragt ob es einen Neustart ausführen soll, aber nachdem ich dies erlaubt habe ist nichts passiert (hat nicht neugestartet) Der Text: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSHNAS deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81EA3F36-357A-435A-8741-52C27CCC9F21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81EA3F36-357A-435A-8741-52C27CCC9F21}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully. C:\Programme\uTorrentBar_DE\tbuTor.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found. File C:\Programme\uTorrentBar_DE\tbuTor.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\Alex96_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found. File C:\Programme\uTorrentBar_DE\tbuTor.dll not found. Registry value HKEY_USERS\Alex96_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\Alex96_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\A9YA3MI1CF deleted successfully. Registry value HKEY_USERS\Alex96_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\mycffrqe deleted successfully. C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit deleted successfully. File not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkKDuv\ deleted successfully. File move failed. X:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found. File I:\CDCheck.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. File J:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. File J:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. File K:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found. File K:\setup.exe not found. C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully. C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully. C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully. C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully. C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe.vir moved successfully. File C:\Dokumente und Einstellungen\Alex96\Lokale Einstellungen\Anwendungsdaten\knnvnb.exe not found. C:\WINDOWS\Rkasea.exe moved successfully. File C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found. File C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:466F9D5D deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Alex96 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes Total Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.46.0 log created on 03202011_000712 |
Themen zu Internet Explorer spammt Werbung (obwohl er geschlossen ist) |
32-bit, ad-aware, adobe, antivir, antivir guard, aufgehangen, avira, bho, bonjour, bootcamp, conduit, desktop, dll, einstellungen, explorer, hijack, hkus\s-1-5-18, internet, internet explorer, logfile, nvidia, plug-in, registry, rundll, software, system, temp, werbung, windows, windows xp, öffnet |