| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: appcompat.txt verursacht Gameprogrammabsturz!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2012, 18:14
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  appcompat.txt verursacht Gameprogrammabsturz! Das war leider kein CustomScan
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.04.2012, 20:01
| #17 |
 | appcompat.txt verursacht Gameprogrammabsturz! Hi,
__________________hier das Log vom Custom Scan:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2012 19:41:39 - Run 5 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Ralf Sievert\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,52 Mb Total Physical Memory | 319,63 Mb Available Physical Memory | 62,48% Memory free 1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,47% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 15,49 Gb Free Space | 20,79% Space Free | Partition Type: NTFS Drive E: | 1,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RALF-SIEVERT | User Name: Ralf Sievert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.12 10:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.08.03 08:30:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.22 14:33:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.20 09:34:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2006.12.28 02:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.01.19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe PRC - [2006.01.19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Programme\Musicmatch\Musicmatch Jukebox\mim.exe ========== Modules (No Company Name) ========== MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.09.09 09:28:36 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\60631a32aa897e77172d6d92540f7ed2\SMDiagnostics.ni.dll MOD - [2011.09.09 09:28:02 | 017,472,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0f3a3e28edaed5ce0557d47a16d00ac3\System.ServiceModel.ni.dll MOD - [2011.09.09 09:26:43 | 002,347,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb02f4c55bd1221dff95b8f47028b110\System.Runtime.Serialization.ni.dll MOD - [2011.09.09 09:26:27 | 001,083,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\76bfd39192229553f41ce5b47e612e85\System.IdentityModel.ni.dll MOD - [2011.09.08 18:10:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll MOD - [2011.09.08 18:09:50 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll MOD - [2011.09.08 18:05:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll MOD - [2011.09.08 18:04:51 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll MOD - [2011.09.08 18:04:40 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll MOD - [2011.09.08 18:04:18 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll MOD - [2010.06.17 22:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007.04.02 18:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.01.19 11:06:08 | 000,122,880 | ---- | M] () -- C:\Programme\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll MOD - [2006.01.17 07:41:28 | 000,122,880 | ---- | M] () -- C:\Programme\Musicmatch\Musicmatch Jukebox\mmgit.dll MOD - [2002.01.07 14:15:24 | 000,167,936 | ---- | M] () -- C:\WINDOWS\A4.dll MOD - [2001.10.18 13:01:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\GetKey.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.04.14 15:26:51 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.03 08:30:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.22 14:33:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.29 18:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\o1394bul.sys -- (o1394bul) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2011.08.03 08:30:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.03 08:30:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.12.28 02:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 02:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2005.01.14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004.10.28 12:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.10.30 23:37:00 | 000,076,117 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848) DRV - [2003.10.30 23:37:00 | 000,032,631 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr) DRV - [2003.10.30 23:37:00 | 000,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1) DRV - [2003.06.19 15:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2002.06.21 14:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://ww.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.20 12:28:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.11 10:04:26 | 000,000,000 | ---D | M] [2010.08.28 15:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Extensions [2012.04.21 09:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions [2010.09.05 17:52:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.15 17:34:56 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.01.25 18:05:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.10.31 13:38:32 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\searchplugins\conduit.xml [2012.04.15 13:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.15 13:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.15 13:37:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.03.20 12:28:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.15 13:37:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011.10.03 07:42:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 07:42:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 07:42:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 07:42:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 07:42:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 07:42:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2010.09.01 16:18:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MimBoot] C:\Programme\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe () O4 - Startup: C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK = C:\Programme\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.25 15:09:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.02.18 21:07:07 | 000,000,076 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\Iyvu9_32.dll () Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.21 11:02:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Recent [2012.04.19 21:50:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe [2012.04.18 17:50:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.18 08:42:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\simulatoren [2012.04.13 21:03:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CertMagic.com [2012.04.13 21:03:04 | 000,000,000 | ---D | C] -- C:\Programme\CertMagic.com [2012.04.13 20:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Virtual Engine Room Free [2012.04.13 20:56:05 | 000,000,000 | ---D | C] -- C:\Programme\Virtual Engine Room Free [2012.04.11 17:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2012.04.09 16:53:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\SH3 [2012.04.09 16:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2012.04.09 16:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft [2012.04.09 15:57:15 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.04.03 09:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Schwedisch lernen [2012.03.31 15:26:59 | 000,000,000 | ---D | C] -- C:\Programme\Destroyer Command [2012.03.29 09:46:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\18wheels [2012.03.23 18:47:20 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.21 19:47:26 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.21 19:26:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.21 17:47:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.21 10:16:36 | 000,001,167 | ---- | M] () -- C:\WINDOWS\ScnPanel.ini [2012.04.21 10:12:36 | 000,178,962 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012.04.21 10:12:20 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job [2012.04.21 10:12:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.21 09:36:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.20 07:36:11 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Engine Room Sim D1.wps [2012.04.16 17:24:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.04.16 06:30:20 | 000,001,158 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK [2012.04.13 21:03:10 | 000,002,022 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Launch E20-850-Demo-CertMagic.exe.lnk [2012.04.12 17:49:44 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2012.04.12 17:49:43 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [2012.04.12 10:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe [2012.04.12 10:10:14 | 000,001,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20120412_101008.reg [2012.04.10 16:04:51 | 000,172,879 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\cats.jpg [2012.04.09 16:18:30 | 000,001,652 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter III.lnk [2012.04.08 01:15:02 | 000,517,894 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.08 01:15:02 | 000,494,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.08 01:15:02 | 000,101,454 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.08 01:15:02 | 000,084,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.02 08:46:27 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\ch8l0.exe.lnk [2012.03.28 07:29:44 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.27 20:08:11 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2012.03.23 19:13:39 | 000,000,698 | ---- | M] () -- C:\WINDOWS\eReg.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.20 07:36:11 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Engine Room Sim D1.wps [2012.04.16 06:30:18 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK [2012.04.13 21:03:10 | 000,002,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Launch E20-850-Demo-CertMagic.exe.lnk [2012.04.13 07:58:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.12 10:10:10 | 000,001,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20120412_101008.reg [2012.04.10 16:04:05 | 000,172,879 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\cats.jpg [2012.04.09 16:18:30 | 000,001,652 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter III.lnk [2012.04.02 08:46:26 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\ch8l0.exe.lnk [2012.03.23 19:13:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\eReg.dat [2012.02.15 16:24:24 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe [2011.08.26 08:34:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini [2011.08.19 10:42:48 | 000,153,088 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2011.08.19 10:42:48 | 000,006,836 | ---- | C] () -- C:\WINDOWS\UNWISE.INI [2011.02.21 09:17:14 | 000,001,302 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini [2011.02.21 09:16:31 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011.02.21 09:16:13 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011.02.20 13:35:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.02.20 13:35:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011.02.18 09:03:54 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816White12.dat [2011.02.18 09:03:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\6816Error.dat [2011.02.18 09:03:50 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816Dark12.dat [2011.02.18 09:03:46 | 000,000,006 | ---- | C] () -- C:\WINDOWS\6816Exposure.dat [2011.02.18 09:03:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Offset.dat [2011.02.18 09:03:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Gain.dat [2011.02.17 21:35:41 | 000,011,479 | ---- | C] () -- C:\WINDOWS\Dusb4ar.ini [2011.02.17 21:35:41 | 000,002,677 | ---- | C] () -- C:\WINDOWS\Ausba4.ini [2011.02.17 21:35:41 | 000,001,167 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini [2011.02.17 21:35:40 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Artec48.sys [2011.02.17 21:35:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\Ausba4.dll [2011.02.17 21:35:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\A4.dll [2011.02.17 21:35:26 | 000,001,737 | ---- | C] () -- C:\WINDOWS\Flach48U141.ini [2011.02.17 20:51:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\GetKey.dll [2011.01.13 11:59:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\SCANREC.INI [2010.11.13 14:45:10 | 000,413,184 | ---- | C] () -- C:\WINDOWS\GWC_Deinstaller.exe [2010.09.30 11:01:05 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.25 14:10:11 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2010.09.07 18:30:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2010.09.07 18:30:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010.09.07 07:43:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2010.09.03 20:32:56 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.03 19:13:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.09.01 20:40:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.09.01 20:40:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.09.01 20:40:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.09.01 20:40:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.09.01 20:40:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.08.30 16:13:58 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.08.28 15:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.25 18:24:49 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.08.25 16:39:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2010.08.25 16:25:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.08.25 16:16:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.25 15:56:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.08.25 15:50:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.08.25 15:49:21 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.25 15:16:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.08.25 15:13:40 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2010.08.25 15:06:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab [2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab [2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab [2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab [2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab [2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab [2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab [2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab [2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab [2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab [2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab [2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab [2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll [2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe [2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab ========== LOP Check ========== [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.09.08 11:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2010.09.03 08:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2011.02.20 13:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2011.02.21 09:16:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP [2011.08.26 08:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon [2010.08.25 16:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions [2011.05.14 15:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager [2012.01.12 18:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2010.09.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995 [2011.04.20 16:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.08.28 16:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2010.08.29 19:36:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B} [2010.08.28 18:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.13 14:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Canneverbe Limited [2012.04.11 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2010.09.07 06:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\facemoods.com [2010.09.06 16:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\FinalTorrent [2011.02.20 12:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Foxit Software [2010.11.22 20:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\GetRightToGo [2010.10.13 15:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\gtk-2.0 [2011.08.26 08:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\HaCon [2010.09.19 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Musicmatch [2011.05.19 11:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NoteTab Light [2010.09.08 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PCFix [2011.11.15 15:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PhotoScape [2012.02.16 10:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PriceGong [2010.09.07 06:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Right Hemisphere [2012.01.15 11:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\streamripper [2010.08.28 16:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\T-Online [2010.09.03 08:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Template [2011.10.10 06:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\XnView [2012.04.21 10:12:20 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job [2012.01.24 17:16:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job [2012.02.06 17:49:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.18 09:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Adobe [2011.02.26 14:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Apple Computer [2010.09.05 09:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Avira [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Canneverbe Limited [2012.04.11 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2010.09.07 06:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\facemoods.com [2010.09.06 16:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\FinalTorrent [2011.02.20 12:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Foxit Software [2010.11.22 20:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\GetRightToGo [2010.11.22 20:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Google [2010.10.13 15:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\gtk-2.0 [2011.08.26 08:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\HaCon [2011.02.17 21:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Help [2010.08.25 15:22:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Identities [2011.06.01 19:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\InstallShield [2010.08.31 13:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Macromedia [2010.08.27 12:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Malwarebytes [2011.05.12 08:27:13 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft [2010.08.28 15:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla [2011.10.21 12:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\MSN6 [2010.09.19 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Musicmatch [2012.02.03 17:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NCH Software [2011.05.19 11:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NoteTab Light [2010.09.08 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PCFix [2011.11.15 15:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PhotoScape [2012.02.16 10:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PriceGong [2010.09.07 06:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Right Hemisphere [2012.01.15 11:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\streamripper [2010.08.25 15:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Sun [2010.09.03 11:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.28 16:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\T-Online [2010.09.03 08:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Template [2010.10.16 17:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\vlc [2012.02.16 18:59:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Winamp [2010.08.26 09:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\WinRAR [2011.10.10 06:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\XnView [2010.09.06 16:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2010.11.09 14:40:01 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2010.08.28 18:16:52 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\ARPPRODUCTICON.exe [2010.08.28 18:16:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe1_A381C835942E4780BD7035411F5E9C00.exe [2010.08.28 18:16:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe_A381C835942E4780BD7035411F5E9C00.exe < %SYSTEMDRIVE%\*.exe > [2010.06.02 05:22:02 | 000,537,432 | ---- | M] () -- C:\DXSETUP.exe < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0061\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\My Drivers\hdc\primary_ide_channel\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\My Drivers\hdc\secondary_ide_channel\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2qfe\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.08.25 16:48:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.08.25 16:48:31 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.08.25 16:48:31 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Geändert von pondex (21.04.2012 um 20:36 Uhr) Grund: doppelt |
|
21.04.2012, 20:02
| #18 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hi,
__________________hier das Log vom Customscan: Code:
ATTFilter OTL logfile created on: 21.04.2012 19:41:39 - Run 5 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Ralf Sievert\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,52 Mb Total Physical Memory | 319,63 Mb Available Physical Memory | 62,48% Memory free 1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,47% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 15,49 Gb Free Space | 20,79% Space Free | Partition Type: NTFS Drive E: | 1,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RALF-SIEVERT | User Name: Ralf Sievert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.12 10:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.08.03 08:30:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.22 14:33:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.20 09:34:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2006.12.28 02:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2006.01.19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe PRC - [2006.01.19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Programme\Musicmatch\Musicmatch Jukebox\mim.exe ========== Modules (No Company Name) ========== MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.09.09 09:28:36 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\60631a32aa897e77172d6d92540f7ed2\SMDiagnostics.ni.dll MOD - [2011.09.09 09:28:02 | 017,472,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0f3a3e28edaed5ce0557d47a16d00ac3\System.ServiceModel.ni.dll MOD - [2011.09.09 09:26:43 | 002,347,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb02f4c55bd1221dff95b8f47028b110\System.Runtime.Serialization.ni.dll MOD - [2011.09.09 09:26:27 | 001,083,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\76bfd39192229553f41ce5b47e612e85\System.IdentityModel.ni.dll MOD - [2011.09.08 18:10:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll MOD - [2011.09.08 18:09:50 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll MOD - [2011.09.08 18:05:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll MOD - [2011.09.08 18:04:51 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll MOD - [2011.09.08 18:04:40 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll MOD - [2011.09.08 18:04:18 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll MOD - [2010.06.17 22:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007.04.02 18:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.01.19 11:06:08 | 000,122,880 | ---- | M] () -- C:\Programme\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll MOD - [2006.01.17 07:41:28 | 000,122,880 | ---- | M] () -- C:\Programme\Musicmatch\Musicmatch Jukebox\mmgit.dll MOD - [2002.01.07 14:15:24 | 000,167,936 | ---- | M] () -- C:\WINDOWS\A4.dll MOD - [2001.10.18 13:01:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\GetKey.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.04.14 15:26:51 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.03 08:30:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.22 14:33:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.29 18:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) SRV - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\o1394bul.sys -- (o1394bul) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - [2011.08.03 08:30:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.08.03 08:30:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.27 14:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.12.28 02:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.12.28 02:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2005.01.14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004.10.28 12:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.10.30 23:37:00 | 000,076,117 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848) DRV - [2003.10.30 23:37:00 | 000,032,631 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr) DRV - [2003.10.30 23:37:00 | 000,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1) DRV - [2003.06.19 15:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2002.06.21 14:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = hxxp://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms} IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://ww.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.20 12:28:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.11 10:04:26 | 000,000,000 | ---D | M] [2010.08.28 15:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Extensions [2012.04.21 09:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions [2010.09.05 17:52:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.02.15 17:34:56 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.01.25 18:05:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.10.31 13:38:32 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\searchplugins\conduit.xml [2012.04.15 13:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.15 13:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.15 13:37:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.03.20 12:28:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.15 13:37:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2011.10.03 07:42:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 07:42:02 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 07:42:02 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 07:42:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 07:42:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 07:42:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2010.09.01 16:18:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MimBoot] C:\Programme\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe () O4 - Startup: C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK = C:\Programme\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.25 15:09:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005.02.18 21:07:07 | 000,000,076 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\Iyvu9_32.dll () Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.21 11:02:51 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Recent [2012.04.19 21:50:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe [2012.04.18 17:50:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.04.18 08:42:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\simulatoren [2012.04.13 21:03:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CertMagic.com [2012.04.13 21:03:04 | 000,000,000 | ---D | C] -- C:\Programme\CertMagic.com [2012.04.13 20:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Virtual Engine Room Free [2012.04.13 20:56:05 | 000,000,000 | ---D | C] -- C:\Programme\Virtual Engine Room Free [2012.04.11 17:57:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2012.04.09 16:53:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\SH3 [2012.04.09 16:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2012.04.09 16:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ubisoft [2012.04.09 15:57:15 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2012.04.03 09:18:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Schwedisch lernen [2012.03.31 15:26:59 | 000,000,000 | ---D | C] -- C:\Programme\Destroyer Command [2012.03.29 09:46:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\18wheels [2012.03.23 18:47:20 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.21 19:47:26 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.21 19:26:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.21 17:47:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.21 10:16:36 | 000,001,167 | ---- | M] () -- C:\WINDOWS\ScnPanel.ini [2012.04.21 10:12:36 | 000,178,962 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012.04.21 10:12:20 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job [2012.04.21 10:12:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.21 09:36:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.20 07:36:11 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Engine Room Sim D1.wps [2012.04.16 17:24:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.04.16 06:30:20 | 000,001,158 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK [2012.04.13 21:03:10 | 000,002,022 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Launch E20-850-Demo-CertMagic.exe.lnk [2012.04.12 17:49:44 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2012.04.12 17:49:43 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [2012.04.12 10:52:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe [2012.04.12 10:10:14 | 000,001,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20120412_101008.reg [2012.04.10 16:04:51 | 000,172,879 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\cats.jpg [2012.04.09 16:18:30 | 000,001,652 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter III.lnk [2012.04.08 01:15:02 | 000,517,894 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.04.08 01:15:02 | 000,494,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.08 01:15:02 | 000,101,454 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.04.08 01:15:02 | 000,084,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.04.02 08:46:27 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\ch8l0.exe.lnk [2012.03.28 07:29:44 | 000,143,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.27 20:08:11 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe [2012.03.23 19:13:39 | 000,000,698 | ---- | M] () -- C:\WINDOWS\eReg.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.20 07:36:11 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Engine Room Sim D1.wps [2012.04.16 06:30:18 | 000,001,158 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Registration Silent Hunter III.LNK [2012.04.13 21:03:10 | 000,002,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Launch E20-850-Demo-CertMagic.exe.lnk [2012.04.13 07:58:12 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.04.12 10:10:10 | 000,001,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20120412_101008.reg [2012.04.10 16:04:05 | 000,172,879 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\cats.jpg [2012.04.09 16:18:30 | 000,001,652 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter III.lnk [2012.04.02 08:46:26 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\ch8l0.exe.lnk [2012.03.23 19:13:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\eReg.dat [2012.02.15 16:24:24 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe [2011.08.26 08:34:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini [2011.08.19 10:42:48 | 000,153,088 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE [2011.08.19 10:42:48 | 000,006,836 | ---- | C] () -- C:\WINDOWS\UNWISE.INI [2011.02.21 09:17:14 | 000,001,302 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini [2011.02.21 09:16:31 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011.02.21 09:16:13 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini [2011.02.20 13:35:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.02.20 13:35:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011.02.18 09:03:54 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816White12.dat [2011.02.18 09:03:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\6816Error.dat [2011.02.18 09:03:50 | 000,030,720 | ---- | C] () -- C:\WINDOWS\6816Dark12.dat [2011.02.18 09:03:46 | 000,000,006 | ---- | C] () -- C:\WINDOWS\6816Exposure.dat [2011.02.18 09:03:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Offset.dat [2011.02.18 09:03:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\6816Gain.dat [2011.02.17 21:35:41 | 000,011,479 | ---- | C] () -- C:\WINDOWS\Dusb4ar.ini [2011.02.17 21:35:41 | 000,002,677 | ---- | C] () -- C:\WINDOWS\Ausba4.ini [2011.02.17 21:35:41 | 000,001,167 | ---- | C] () -- C:\WINDOWS\ScnPanel.ini [2011.02.17 21:35:40 | 000,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Artec48.sys [2011.02.17 21:35:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\Ausba4.dll [2011.02.17 21:35:29 | 000,167,936 | ---- | C] () -- C:\WINDOWS\A4.dll [2011.02.17 21:35:26 | 000,001,737 | ---- | C] () -- C:\WINDOWS\Flach48U141.ini [2011.02.17 20:51:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\GetKey.dll [2011.01.13 11:59:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\SCANREC.INI [2010.11.13 14:45:10 | 000,413,184 | ---- | C] () -- C:\WINDOWS\GWC_Deinstaller.exe [2010.09.30 11:01:05 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.25 14:10:11 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2010.09.07 18:30:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2010.09.07 18:30:53 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010.09.07 07:43:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2010.09.03 20:32:56 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.03 19:13:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.09.01 20:40:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.09.01 20:40:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.09.01 20:40:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.09.01 20:40:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.09.01 20:40:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.08.30 16:13:58 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.08.28 15:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.25 18:24:49 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.08.25 16:39:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2010.08.25 16:25:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.08.25 16:16:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.25 15:56:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.08.25 15:50:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.08.25 15:49:21 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.25 15:16:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.08.25 15:13:40 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2010.08.25 15:06:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab [2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab [2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab [2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab [2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab [2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab [2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab [2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab [2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab [2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab [2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab [2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab [2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll [2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe [2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab ========== LOP Check ========== [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.09.08 11:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2010.09.03 08:32:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2011.02.20 13:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2011.02.21 09:16:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP [2011.08.26 08:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HaCon [2010.08.25 16:37:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions [2011.05.14 15:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager [2012.01.12 18:32:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2010.09.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995 [2011.04.20 16:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.08.28 16:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2010.08.29 19:36:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B} [2010.08.28 18:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.13 14:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Canneverbe Limited [2012.04.11 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2010.09.07 06:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\facemoods.com [2010.09.06 16:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\FinalTorrent [2011.02.20 12:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Foxit Software [2010.11.22 20:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\GetRightToGo [2010.10.13 15:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\gtk-2.0 [2011.08.26 08:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\HaCon [2010.09.19 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Musicmatch [2011.05.19 11:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NoteTab Light [2010.09.08 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PCFix [2011.11.15 15:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PhotoScape [2012.02.16 10:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PriceGong [2010.09.07 06:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Right Hemisphere [2012.01.15 11:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\streamripper [2010.08.28 16:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\T-Online [2010.09.03 08:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Template [2011.10.10 06:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\XnView [2012.04.21 10:12:20 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job [2012.01.24 17:16:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job [2012.02.06 17:49:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.18 09:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Adobe [2011.02.26 14:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Apple Computer [2010.09.05 09:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Avira [2010.09.03 20:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Canneverbe Limited [2012.04.11 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Curiolab [2010.09.07 06:37:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\facemoods.com [2010.09.06 16:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\FinalTorrent [2011.02.20 12:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Foxit Software [2010.11.22 20:10:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\GetRightToGo [2010.11.22 20:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Google [2010.10.13 15:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\gtk-2.0 [2011.08.26 08:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\HaCon [2011.02.17 21:38:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Help [2010.08.25 15:22:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Identities [2011.06.01 19:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\InstallShield [2010.08.31 13:51:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Macromedia [2010.08.27 12:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Malwarebytes [2011.05.12 08:27:13 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft [2010.08.28 15:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla [2011.10.21 12:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\MSN6 [2010.09.19 18:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Musicmatch [2012.02.03 17:48:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NCH Software [2011.05.19 11:56:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\NoteTab Light [2010.09.08 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PCFix [2011.11.15 15:51:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PhotoScape [2012.02.16 10:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\PriceGong [2010.09.07 06:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Right Hemisphere [2012.01.15 11:44:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\streamripper [2010.08.25 15:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Sun [2010.09.03 11:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.28 16:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\T-Online [2010.09.03 08:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Template [2010.10.16 17:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\vlc [2012.02.16 18:59:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Winamp [2010.08.26 09:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\WinRAR [2011.10.10 06:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\XnView [2010.09.06 16:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2010.11.09 14:40:01 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2010.08.28 18:16:52 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\ARPPRODUCTICON.exe [2010.08.28 18:16:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe1_A381C835942E4780BD7035411F5E9C00.exe [2010.08.28 18:16:52 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe_A381C835942E4780BD7035411F5E9C00.exe < %SYSTEMDRIVE%\*.exe > [2010.06.02 05:22:02 | 000,537,432 | ---- | M] () -- C:\DXSETUP.exe < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0061\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2003.04.02 14:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\My Drivers\hdc\primary_ide_channel\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\My Drivers\hdc\secondary_ide_channel\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2003.04.23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\SoftwareDistribution\Download\06d1a7cd3761c3322e423f74548dcfe2\sp2qfe\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2003.04.02 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.08.25 16:48:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.08.25 16:48:31 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.08.25 16:48:31 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
21.04.2012, 22:32
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com/toolbar/hub.php?a=sb&did=8&pid=0&lan=de&day=0&ver=1.01&q={searchTerms}
IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
[2010.09.05 17:52:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.15 17:34:56 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.01.25 18:05:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.31 13:38:32 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\searchplugins\conduit.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-746137067-725345543-1005\..\Toolbar\WebBrowser: (no name) - {081230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.25 15:09:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2012, 01:20
| #20 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hi, Anweisung ausgeführt, hier kommt der Bericht: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Winload Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1614895754-746137067-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{081230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2988192 bytes
User: Ralf Sievert
->Temp folder emptied: 10163577 bytes
->Temporary Internet Files folder emptied: 1642862 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61095620 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8070 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 73,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Ralf Sievert
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 04222012_021230
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
22.04.2012, 02:39
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> appcompat.txt verursacht Gameprogrammabsturz! |
|
22.04.2012, 16:50
| #22 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hi, hier der Report des TDSS-Killers: Code:
ATTFilter 17:47:39.0734 0588 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:47:39.0937 0588 UPS - ok
17:47:40.0000 0588 USBAAPL - ok
17:47:40.0062 0588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:47:40.0265 0588 usbehci - ok
17:47:40.0343 0588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:47:40.0531 0588 usbhub - ok
17:47:40.0609 0588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:47:40.0796 0588 usbprint - ok
17:47:40.0890 0588 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:47:41.0078 0588 usbscan - ok
17:47:41.0171 0588 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:47:41.0343 0588 usbstor - ok
17:47:41.0421 0588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:47:41.0625 0588 usbuhci - ok
17:47:41.0671 0588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:47:41.0859 0588 VgaSave - ok
17:47:41.0906 0588 ViaIde - ok
17:47:41.0984 0588 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:47:42.0171 0588 VolSnap - ok
17:47:42.0312 0588 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:47:42.0546 0588 VSS - ok
17:47:42.0609 0588 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:47:42.0796 0588 W32Time - ok
17:47:42.0890 0588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:47:43.0078 0588 Wanarp - ok
17:47:43.0125 0588 WDICA - ok
17:47:43.0203 0588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:47:43.0390 0588 wdmaud - ok
17:47:43.0468 0588 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:47:43.0656 0588 WebClient - ok
17:47:43.0765 0588 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:47:43.0968 0588 winmgmt - ok
17:47:44.0078 0588 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:47:44.0171 0588 WmdmPmSN - ok
17:47:44.0296 0588 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:47:44.0484 0588 WmiApSrv - ok
17:47:44.0640 0588 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
17:47:44.0781 0588 WMPNetworkSvc - ok
17:47:44.0968 0588 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:45.0062 0588 WPFFontCache_v0400 - ok
17:47:45.0156 0588 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:47:45.0359 0588 wscsvc - ok
17:47:45.0437 0588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:47:45.0625 0588 WSTCODEC - ok
17:47:45.0703 0588 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:47:45.0921 0588 wuauserv - ok
17:47:46.0031 0588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:47:46.0109 0588 WudfPf - ok
17:47:46.0156 0588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:47:46.0203 0588 WudfRd - ok
17:47:46.0265 0588 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:47:46.0328 0588 WudfSvc - ok
17:47:46.0421 0588 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:47:46.0671 0588 WZCSVC - ok
17:47:46.0781 0588 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:47:47.0031 0588 xmlprov - ok
17:47:47.0078 0588 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:47:47.0453 0588 \Device\Harddisk0\DR0 - ok
17:47:47.0500 0588 Boot (0x1200) (e33aebf7d7590e4ca110fc100377bd8e) \Device\Harddisk0\DR0\Partition0
17:47:47.0500 0588 \Device\Harddisk0\DR0\Partition0 - ok
17:47:47.0515 0588 ============================================================
17:47:47.0515 0588 Scan finished
17:47:47.0515 0588 ============================================================
17:47:47.0656 3516 Detected object count: 2
17:47:47.0656 3516 Actual detected object count: 2
17:48:07.0718 3516 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0718 3516 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:48:07.0718 3516 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
17:48:07.0718 3516 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.04.2012, 20:01
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2012, 16:22
| #24 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hi, ich hoffe, das Hochladen klappt Logfile: |
|
24.04.2012, 19:08
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz! Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2012, 10:24
| #26 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hi, Gmer hängte sich leider zweimal mit einer Error Meldung auf. hier die anderen Logfiles: Osam: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:41:00 on 26.04.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "switchShakeIcon.job" - "NCH Software" - C:\Programme\NCH Software\Switch\switch.exe "wavepadShakeIcon.job" - "NCH Software" - C:\Programme\NCH Software\WavePad\wavepad.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz132" (cpuz132) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - ? - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS (File not found) "MIINPazX NDIS Protocol Driver" (MIINPazX) - ? - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS (File not found) "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - ? - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (File not found) "o1394bul" (o1394bul) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\o1394bul.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver v6" (prodrv06) - ? - C:\WINDOWS\System32\drivers\prodrv06.sys (File not found) "StarForce Protection Helper Driver" (sfhlp01) - ? - C:\WINDOWS\System32\drivers\sfhlp01.sys (File not found) "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - ? - C:\WINDOWS\System32\drivers\prohlp02.sys (File not found) "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - ? - C:\WINDOWS\System32\drivers\prosync1.sys (File not found) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu" - "Ikysasoft s.r.l. uninominale" - C:\WINDOWS\system32\B4FM.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "Java Plug-in 1.4.2_03" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll / hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "ScanPanel.lnk" - ? - C:\ScanPanel\ScnPanel.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\desktop.ini "Registration Silent Hunter III.LNK" - ? - C:\Programme\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\wlangui.exe "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "MimBoot" - "Musicmatch, Inc." - C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON Stylus D78 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBBGE.DLL "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - ? - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (File not found) "NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des "T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - ? - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-26 08:43:32
-----------------------------
08:43:32.578 OS Version: Windows 5.1.2600 Service Pack 3
08:43:32.578 Number of processors: 1 586 0x209
08:43:32.578 ComputerName: RALF-SIEVERT UserName: Ralf Sievert
08:43:39.328 Initialize success
08:48:24.578 AVAST engine defs: 12042501
08:54:08.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:54:08.312 Disk 0 Vendor: SAMSUNG_SP0802N TK100-24 Size: 76351MB BusType: 3
08:54:08.343 Disk 0 MBR read successfully
08:54:08.343 Disk 0 MBR scan
08:54:08.515 Disk 0 Windows XP default MBR code
08:54:08.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 80325
08:54:08.578 Disk 0 scanning sectors +156360645
08:54:08.734 Disk 0 scanning C:\WINDOWS\system32\drivers
08:54:42.703 Service scanning
08:55:34.625 Modules scanning
08:55:53.312 Disk 0 trace - called modules:
08:55:53.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys intelide.sys
08:55:53.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82395ab8]
08:55:53.859 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\00000064[0x8239ff18]
08:55:53.859 5 ACPI.sys[f84eb620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8239d940]
08:55:53.859 \Driver\atapi[0x8239a900] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf87c5d60]
08:55:56.265 AVAST engine scan C:\WINDOWS
08:56:12.781 AVAST engine scan C:\WINDOWS\system32
09:11:05.156 AVAST engine scan C:\WINDOWS\system32\drivers
09:11:59.750 AVAST engine scan C:\Dokumente und Einstellungen\Ralf Sievert
09:28:04.109 File: C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Eigene Bilder\Texturen,Bilder andere\trainer.exe **INFECTED** Win32:Malware-gen
09:54:18.203 File: C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Fifa\trainer.exe **INFECTED** Win32:Malware-gen
10:49:52.968 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:53:58.718 Scan finished successfully
11:19:34.531 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\MBR.dat"
11:19:34.562 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\aswMBR.txt"
|
|
26.04.2012, 15:54
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2012, 13:50
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | appcompat.txt verursacht Gameprogrammabsturz! Ok, mach bitte wie gehabt ein neues OSAM_Log bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2012, 09:06
| #30 |
| | appcompat.txt verursacht Gameprogrammabsturz! Hallo, hier das neue Osam Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:02:59 on 28.04.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "switchShakeIcon.job" - "NCH Software" - C:\Programme\NCH Software\Switch\switch.exe "wavepadShakeIcon.job" - "NCH Software" - C:\Programme\NCH Software\WavePad\wavepad.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz132" (cpuz132) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - ? - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS (File not found) "MIINPazX NDIS Protocol Driver" (MIINPazX) - ? - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS (File not found) "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - ? - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver v6" (prodrv06) - ? - C:\WINDOWS\System32\drivers\prodrv06.sys (File not found) "StarForce Protection Helper Driver" (sfhlp01) - ? - C:\WINDOWS\System32\drivers\sfhlp01.sys (File not found) "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - ? - C:\WINDOWS\System32\drivers\prohlp02.sys (File not found) "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - ? - C:\WINDOWS\System32\drivers\prosync1.sys (File not found) "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) (Disabled) "o1394bul" (o1394bul) - ? - C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\o1394bul.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu" - "Ikysasoft s.r.l. uninominale" - C:\WINDOWS\system32\B4FM.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip\WZSHLSTB.DLL [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "Java Plug-in 1.4.2_03" - "JavaSoft / Sun Microsystems, Inc." - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll / hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "ScanPanel.lnk" - ? - C:\ScanPanel\ScnPanel.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\desktop.ini "Registration Silent Hunter III.LNK" - ? - C:\Programme\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\wlangui.exe "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "MimBoot" - "Musicmatch, Inc." - C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON Stylus D78 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\E_FLBBGE.DLL "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - ? - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (File not found) "NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des "T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - ? - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu appcompat.txt verursacht Gameprogrammabsturz! |
| 0x00000001, administrator, adobe, antivir, antivir guard, askbar, avira, bho, bonjour, cdburnerxp, conduit, dateisystem, desktop, dll, einstellungen, explorer, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, hijack, hkus\s-1-5-18, logfile, nodrives, nvidia, plug-in, problem, programme, rundll, scan, schwedisch, searchscopes, security, security scan, stick, suche, superantispyware, winload toolbar, yahoo |
Linear-Darstellung
