| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fz1.exe Fz5.exe über ICQ-Link eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.04.2010, 11:02
| #1 |
| |  Fz1.exe Fz5.exe über ICQ-Link eingefangen Hallo Trojaner-Board, gestern wurde mir ein Link in ICQ geschickt welcher ein Bild sein sollte. Als ich diesen angeklickt habe wurde eine Installation-Datei runtergeladen(ich war misstrauisch) aber habe sie trotzdem installiert  . Kurze Zeit später wurde automtisch an alle aus meiner Kontaktliste nacheinander dieser Link geschickt, ich habe dann den PC ausgeschaltet. Bis dahin dachte ich noch es ist das einzige was diese Datei bewirkt.Jetzt habe ich meine Router-Firewall so eingestellt das Alles gemeldet wird was eine Verbindung zum Internet aufbauen möchte. Dabei sind mir die Programme Fz1.exe und Fz5.exe aufgefallen welche sich im Temp-Ordner befanden daraufhin habe ich diesen geleert(Darunter waren auch Dateien wie Fz2.exe Fz3.exe und Fz4.exe und diverse andere.)bis auf Fz1.exe und Fz5.exe ließen sich alle löschen. Diese beiden exes versuchen nun regelmäßig Verbindungen zu diversen Internetseiten aufzubauen. Außerdem wird regelmäßig der Internet-Explorer geöffnet jedoch ohne eine Seite anzuzeigen. Das ist der Stand der Dinge. Ich hoffe ihr könnt mir helfen. Vielen Dank schonmal mfg Tamad |
|
18.04.2010, 11:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fz1.exe Fz5.exe über ICQ-Link eingefangen Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
18.04.2010, 13:06
| #3 |
 | Fz1.exe Fz5.exe über ICQ-Link eingefangen Hey.
__________________Geh mal auf -> Start -> Ausführen -> Gib dort msconfig ein -> Dann auf ok. Dann öffnet sich ein Systenkonfigurations Fenster geh dort auf SystemStart Schau mal ob sich dort diese .exen die du genannt hast sich befinden. Falls ja: Mach das Häckchen vorne Weg. Ich schätze das ist/sind BackDoor Trojaner. o.O Das ist nicht so gut. Such mal auf dem PC -> Also "Suchen" diese .exen also (Fz1.exe und Fz5.exe) Lade sie dann auf VirusTotal hoch ht*p://www.virustotal.com/de/ Das * durch ein t ersetzen. Also bei VirusTotal hochladen dann Anylisieren & Poste mal hier was die AntiViren dazu sagen. MFG Hacki1942... |
|
18.04.2010, 13:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fz1.exe Fz5.exe über ICQ-Link eingefangen Bitte bring den TO jetzt nicht durcheinander, er soll Malwarebytes und dann OTL ausführen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2010, 21:12
| #5 |
| | Fz1.exe Fz5.exe über ICQ-Link eingefangen Hallo, Maleware hat etwas länger gedauert. Mein PC ist wohl ziemlich voll. Maleware hat 32 infizierte Dateien/Registry gefunden davon konnten jedoch nicht alle gelöscht werden stand da. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4003 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 18.04.2010 21:07:32 mbam-log-2010-04-18 (21-07-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 337215 Laufzeit: 1 Stunde(n), 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 18 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 10 Infizierte Speicherprozesse: C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Unloaded process successfully. Infizierte Speichermodule: C:\Users\Thomas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (VirTool.DelfInject) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Quarantined and deleted successfully. C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\xcek0a9t.default\Cache\4FC4ECE7d01 (Trojan.Buzus) -> Quarantined and deleted successfully. C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\xcek0a9t.default\Cache\D2506F16d01 (Trojan.Buzus) -> Quarantined and deleted successfully. F:\User\Users\_Daten_\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Thomas\AppData\Local\Temp\Fz1.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Thomas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Hier ist OTL OTL Extras logfile created on: 18.04.2010 21:39:19 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Thomas\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 39,55 Gb Free Space | 33,96% Space Free | Partition Type: NTFS Drive D: | 116,44 Gb Total Space | 103,13 Gb Free Space | 88,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 596,17 Gb Total Space | 518,83 Gb Free Space | 87,03% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THOMAS-PC Current User Name: Thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 4F FB DE 5F C7 89 C8 01 [binary data] "VistaSp2" = 0F 45 E0 E0 AB DE C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12591BB9-25D9-4BBD-A47B-9684B93A6878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2A3F537C-B46B-4140-BAF2-6EA78BE23F35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2AE8DEEB-B9F6-407C-B341-4F71082FE8A2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{35F9275F-9250-42F6-99DC-8CDC3F1BEEF6}" = lport=2869 | protocol=6 | dir=in | app=system | "{604FECF1-5142-4827-9205-830727AEB5AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{73CAC076-3B5B-49B4-9288-D352C7F27FD8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ADEDBA0F-AE66-4D39-B84F-25289EAD6CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B3758D33-749E-4703-946A-E2CD5DB78C22}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C34FDBEC-516C-4D4C-A18E-0A42DCCC0383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF9D10AC-EB70-4773-9EF2-FD52DA3B456B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{063A17F0-9D3D-4C8B-B831-DF8565DAF340}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutlauncher.exe | "{0EEB48BD-B1E6-474D-A108-56B8C4D35896}" = protocol=17 | dir=in | app=d:\burnout\burnoutconfigtool.exe | "{10CA0480-3A9C-4745-BA0D-C7D14DC16DFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{11663995-A4F6-456F-882E-9E2804FF15E5}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutparadise.exe | "{158670B7-D399-4EC9-B396-75F4D9D1789D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{15F3DDD5-316F-48F3-84E7-690A93B1368C}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{230C2EC3-C02F-4704-9327-4B857CA38BE3}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutparadise.exe | "{29F3EDF1-ECFE-410A-8ABD-099F9DAB2575}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{2CE2970B-6D1C-4D58-BAFD-55A681AC63D9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{30DFE133-4313-4AE5-AC64-1112207BF29D}" = protocol=6 | dir=in | app=d:\burnout\burnoutparadise.exe | "{38ECF3AB-EDBB-433D-A0BC-6F150E436D44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{41B0E012-0F67-454C-9B4F-4944B253499A}" = protocol=17 | dir=in | app=d:\burnout\burnoutlauncher.exe | "{441DF7EF-DBEC-4DCE-9D90-8844AEBAD46A}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{4934318B-74E2-475B-B2B6-9809D417B137}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{4B7B6776-DABA-4532-B9F5-E54573C52A5C}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{56377A8D-CEEC-4079-8273-48F859182EB3}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{59761267-84C5-491C-B315-F88078D653B6}" = protocol=17 | dir=in | app=f:\bfbc2\limited edition\bfbc2updater.exe | "{5B0C67F9-5CDF-4BE3-8931-00CAAB941F98}" = protocol=6 | dir=in | app=d:\burnout\burnoutlauncher.exe | "{5DB48008-87D9-47F2-B593-C407022D7D55}" = protocol=6 | dir=in | app=d:\burnout\burnoutconfigtool.exe | "{5EE5A329-1E79-4206-AE06-AB2D3BB81F2A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{6546E80C-C6F4-48DE-8CC1-E9633CE54DF8}" = protocol=6 | dir=in | app=f:\bfbc2\spiel\bfbc2betaupdater.exe | "{66225BF0-E912-4E9A-8995-BFE2563C46EF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{79A6EEE0-D558-4DC5-A88E-1336046A97D7}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutconfigtool.exe | "{7AD47396-5825-4779-8F87-FAFBF4B7C053}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{80638A31-0DEA-43B1-8431-B68657166BF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{88472D84-6477-42C6-873E-FCFD91633F2B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{8C32458A-D1CB-444D-A86B-F10670627438}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8E634411-9395-46E3-994D-D3638378FB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{958F8326-EBA2-4A7A-ACA7-4DB76711F954}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9E25CAAD-F5FB-483D-9BD9-99F3BB71A566}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A372DDE4-9E2E-4644-98C2-60BF481368A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A426BA64-73FC-4029-9225-5E1399245F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "{A42D2B8B-4437-418B-A83D-141C77922FEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{A700CD85-1527-477A-BEC6-67D41D72AEE4}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{ABFD5022-7763-4909-8790-D3C922488C7A}" = protocol=17 | dir=in | app=d:\burnout\burnoutparadise.exe | "{BB676B27-5942-4B2A-BC19-DB266523314F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe | "{C3A1052B-8DE7-48D8-8FB1-E2793D6DF223}" = protocol=17 | dir=in | app=f:\bfbc2\spiel\bfbc2betaupdater.exe | "{C6737C74-D47C-455A-B833-5EFB84561146}" = protocol=6 | dir=in | app=d:\programme\burnout\burnoutlauncher.exe | "{C804F183-7C66-409A-99CC-97E71AEE9135}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe | "{CC9974E4-6E2A-4E79-A708-BB39328E5D74}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{D28B65C4-86A2-42CE-8FF3-86E3E308F918}" = protocol=17 | dir=in | app=d:\programme\burnout\burnoutconfigtool.exe | "{D477FF95-237B-4D54-AD67-43BEFF44BB17}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "{E01B93AD-E9AC-444B-96E3-6FFEEDAABB89}" = protocol=6 | dir=in | app=f:\bfbc2\limited edition\bfbc2updater.exe | "{EBE4D24E-8E46-4700-A706-9F442F633AFB}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{FA93FBFA-1FB5-40CC-9DE1-D142B1D602BC}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe | "TCP Query User{05A2F318-18D5-4C6D-92F0-683953B379A1}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "TCP Query User{1C3FEC39-B71A-4B34-8CFE-FECF3C048203}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "TCP Query User{62BA38B0-92CF-4E0C-8E13-3A08F5CBBA14}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8ADFC3AE-6E8D-40AB-A18F-FE2079A4D85E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{B1D210F6-D3F6-43ED-BB81-B4ABFD551D94}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "TCP Query User{CF73CEC9-5366-4C21-BFC8-5BFFD1E3E6EF}F:\bfbc2\spiel\bfbc2game.exe" = protocol=6 | dir=in | app=f:\bfbc2\spiel\bfbc2game.exe | "TCP Query User{E624114E-E572-4C1D-B619-1CAF4FF80AEB}F:\bfbc2\limited edition\bfbc2game.exe" = protocol=6 | dir=in | app=f:\bfbc2\limited edition\bfbc2game.exe | "TCP Query User{E6A230B5-1EF8-4185-9D2E-41ECC8A63F62}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | "UDP Query User{1C9728BF-5A91-4A65-9715-D45D81FC33DD}C:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wings of prey demo\acess.exe | "UDP Query User{1F4EEEBA-589B-422C-A30C-9996E301B39D}F:\bfbc2\spiel\bfbc2game.exe" = protocol=17 | dir=in | app=f:\bfbc2\spiel\bfbc2game.exe | "UDP Query User{54A22BE3-3CC7-4624-9EBD-82B98ECD3BB5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{54E25457-6023-48F0-9870-3C8AE414A576}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe | "UDP Query User{55A4AAB5-B734-44C5-A5F2-D553A4C7033B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{85E015CD-B529-49AB-A58F-EDA24C222252}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "UDP Query User{CC03EB54-7E2F-4864-A299-B4DEBE3E12F2}F:\bfbc2\limited edition\bfbc2game.exe" = protocol=17 | dir=in | app=f:\bfbc2\limited edition\bfbc2game.exe | "UDP Query User{CF677E9A-0C17-485A-B9EE-A23A24592ACF}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{37A62E96-D157-487E-9954-84E8557DE9ED}" = ATI Catalyst Install Manager "{5FCF5515-4CC4-4812-8C9A-755336AB85F8}" = Logitech Motion Detector Gadget "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{9D42F24B-6BFC-42F4-AD90-A25680063754}" = eDocPrintPro v3.13.4 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F250A44A-10C6-CF88-275C-899C259B1321}" = ccc-utility64 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "81AE60DDD229A248055515E311406D86F7E4012A" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "UltSounds" = Windows-Soundschemas "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian "{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch "{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek "{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common "{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English "{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy "{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full "{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian "{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver "{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian "{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053 "{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese "{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean "{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New "{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding "{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E74A7FE1-1324-23D1-A050-187B2A6B1DE1}" = Catalyst Control Center InstallProxy "{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6 "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F57A7C3E-AA0D-4F1A-B7EC-F7583571A517}" = DW6 Demo "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy" = Creative ALchemy "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode) "Audacity_is1" = Audacity 1.2.6 "AudioCS" = Creative Audio-Systemsteuerung "Avira AntiVir Desktop" = Avira Premium Security Suite "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Diagnostics 4_5" = Creative-Diagnose "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20 "FL Studio 9" = FL Studio 9 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "GeoGebra" = GeoGebra "Host OpenAL" = Host OpenAL "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "Mp3tag" = Mp3tag v2.44 "PunkBusterSvc" = PunkBuster Services "RealPlayer 12.0" = RealPlayer "Space Synthesizer_is1" = Space Synthesizer 2.0 "Steam App 15680" = Warhammer 40,000: Dawn of War II - Single-player Demo "Steam App 16062" = Samantha Swift and the Golden Touch Demo "Steam App 8180" = Battlestations: Pacific - Demo "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Trillian" = Trillian "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components) "VLC media player" = VLC media player 1.0.3 "Warcraft III" = Warcraft III "WaveStudio 7" = Creative WaveStudio 7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMV9_VCM" = Microsoft Windows Media Video 9 VCM ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{F57A7C3E-AA0D-4F1A-B7EC-F7583571A517}" = DYNASTY WARRIORS 6 Playable Demo "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:28 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = Error - 22.04.2009 08:08:29 | Computer Name = Thomas-PC | Source = Audiorecorder | ID = 65535 Description = [ System Events ] Error - 18.04.2010 03:48:32 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 04:40:12 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 04:40:12 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001 Description = Error - 18.04.2010 05:02:21 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 18.04.2010 um 10:49:39 unerwartet heruntergefahren. Error - 18.04.2010 05:03:52 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 05:03:52 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001 Description = Error - 18.04.2010 07:55:41 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 07:55:41 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001 Description = Error - 18.04.2010 15:12:49 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 15:36:34 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7001 Description = < End of report > |
|
18.04.2010, 21:13
| #6 |
| | Fz1.exe Fz5.exe über ICQ-Link eingefangen hier der 2te Teil OTL OTL logfile created on: 18.04.2010 21:39:19 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Thomas\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 39,55 Gb Free Space | 33,96% Space Free | Partition Type: NTFS Drive D: | 116,44 Gb Total Space | 103,13 Gb Free Space | 88,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 596,17 Gb Total Space | 518,83 Gb Free Space | 87,03% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THOMAS-PC Current User Name: Thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (avfwot) -- C:\Windows\SysNative\DRIVERS\avfwot.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\DRIVERS\avfwim.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\DRIVERS\lgbtpt64.sys (LG Electronics Inc.) DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\DRIVERS\lgvmdm64.sys (LG Electronics Inc.) DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\DRIVERS\lgbtbs64.sys (LG Electronics Inc.) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\DRIVERS\FlashUSB_x64.sys (Danish Wireless Design A/S) DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\DRIVERS\lv302a64.sys (Logitech Inc.) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (winusb) -- C:\Windows\SysNative\DRIVERS\winusb.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (ATIAVAIW) -- C:\Windows\SysNative\DRIVERS\atinavt2.sys (ATI Technologies Inc.) DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\DRIVERS\atl01v64.sys (Attansic Technology corporation.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH) DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S) DRV - (CSC) -- C:\Windows\CSC [2008.02.12 22:32:45 | 000,000,000 | ---D | M] DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (winusb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (actser) -- C:\Windows\SysWOW64\drivers\actser.sys (BenQ Mobile GmbH & Co. OHG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.11 14:02:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.11 14:02:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 19:47:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.11 14:02:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.04.16 19:47:31 | 000,000,000 | ---D | M] [2010.02.07 17:31:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2010.02.07 17:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.02.12 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\2ea57zls.default\extensions [2010.04.18 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions [2009.06.25 23:25:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.12 23:47:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.16 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\battlefieldheroespatcher@ea.com [2010.04.16 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\personas@christopher.beard [2010.01.12 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\xcek0a9t.default\extensions\piclens@cooliris.com [2008.02.29 14:22:45 | 000,002,920 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\daemon-search.xml [2010.04.18 11:52:20 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-1.xml [2007.11.02 11:47:59 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-2.xml [2007.11.27 21:55:42 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-3.xml [2007.12.01 15:48:50 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-4.xml [2008.02.12 20:59:54 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-5.xml [2008.02.21 19:19:02 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin-6.xml [2007.10.20 13:47:27 | 000,000,949 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\xcek0a9t.default\searchplugins\icqplugin.xml [2010.03.29 18:31:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.03.29 18:31:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2008.08.27 15:49:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\talkback@mozilla.org [2010.02.02 16:53:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.02 16:53:31 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.02 16:53:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.02 16:53:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.02 16:53:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd ) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Thomas\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe File not found O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} hxxp://service.maxdome.de/de/systemcheck/HWTest.CAB (HWTest.HWTestControl) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{624c3bef-a43e-11de-ae33-001e8c336166}\Shell - "" = AutoRun O33 - MountPoints2\{624c3bef-a43e-11de-ae33-001e8c336166}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe -- File not found O33 - MountPoints2\{a43ce584-033d-11de-813c-001e8c336166}\Shell - "" = AutoRun O33 - MountPoints2\{a43ce584-033d-11de-813c-001e8c336166}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.18 14:51:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2010.04.18 14:51:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.18 14:51:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.18 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.18 14:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.18 14:49:16 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2010.04.16 23:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0 [2010.04.16 19:47:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.04.14 14:58:12 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.04.14 14:58:10 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.04.14 14:58:10 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.04.14 14:58:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.04.14 14:58:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.04.14 14:58:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.04.14 14:58:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.04.14 14:57:16 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm [2010.04.14 14:57:16 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm [2010.04.14 14:57:16 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm [2010.04.14 14:57:16 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm [2010.04.11 14:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2010.04.03 13:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.04.03 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices [2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices [2010.04.02 11:06:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2010.04.02 11:04:10 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2010.04.02 11:04:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2010.04.02 11:04:10 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2010.04.02 11:04:10 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.04.02 11:04:09 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2010.04.02 11:04:09 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2010.04.02 11:04:09 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2010.04.02 11:04:09 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll [2010.04.02 11:04:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2010.04.02 11:04:09 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2010.04.02 11:04:09 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2010.04.02 11:04:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2010.04.02 11:04:09 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2010.04.02 11:04:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2010.04.02 11:04:09 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll [2010.04.02 11:04:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2010.04.02 11:04:09 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2010.04.02 11:04:08 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2010.04.02 11:04:08 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2010.04.02 11:04:08 | 001,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2010.04.02 11:04:08 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2010.04.02 11:04:08 | 001,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll [2010.04.02 11:04:08 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2010.04.02 11:04:08 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2010.04.02 11:04:08 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2010.04.02 11:04:08 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2010.04.02 11:04:08 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2010.04.02 11:04:08 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2010.04.02 11:04:08 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2010.04.02 11:04:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2010.04.02 11:04:08 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll [2010.04.02 11:04:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll [2010.04.02 11:04:08 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll [2010.04.02 11:04:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2010.04.02 11:04:08 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe [2010.04.02 11:04:08 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2010.04.02 11:04:08 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll [2010.04.02 11:04:08 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2010.04.02 11:04:08 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll [2010.04.02 11:04:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe [2010.04.02 11:04:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2010.04.02 11:04:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll [2010.04.02 11:04:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll [2010.04.02 11:04:07 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2010.04.02 11:04:07 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll [2010.04.02 11:04:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2010.04.02 11:04:07 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2010.04.02 11:03:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe [2010.04.02 11:03:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe [2010.04.02 11:03:35 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll [2010.04.02 11:03:29 | 002,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll [2010.04.02 11:03:29 | 002,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll [2010.04.02 11:03:29 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2010.04.02 11:03:29 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll [2010.04.02 11:03:29 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll [2010.04.02 11:03:29 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll [2010.04.02 11:03:29 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll [2010.04.02 11:03:29 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll [2010.04.02 11:03:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll [2010.04.02 11:03:29 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll [2010.04.02 11:03:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll [2010.04.02 11:03:29 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll [2010.04.02 11:03:29 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll [2010.04.02 11:03:29 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll [2010.04.02 11:03:29 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll [2010.04.02 11:03:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll [2010.04.02 11:03:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll [2010.04.02 11:03:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll [2010.04.02 11:03:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys [2010.04.02 11:03:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll [2010.04.02 11:02:37 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2010.04.02 11:02:37 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2010.04.02 11:02:37 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2010.04.02 11:02:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll [2010.04.02 11:02:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll [2010.04.02 11:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010.04.02 11:01:48 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010.04.02 11:01:48 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010.04.02 11:01:48 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010.04.02 11:01:48 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010.04.02 11:01:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- F:\User\Users\Diercke Globus Online [2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Diercke Globus Online [2010.03.31 12:18:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Diercke Globus Online [2010.03.31 12:04:09 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.03.31 12:04:09 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.03.31 12:04:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.03.31 12:04:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.03.31 12:04:08 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.03.31 12:04:08 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.03.31 12:04:08 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.03.31 12:04:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.03.31 12:04:08 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.03.31 12:04:08 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.03.31 12:04:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.03.31 12:04:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.03.31 12:04:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.03.31 12:04:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.03.31 12:04:07 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.03.31 12:04:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.03.31 12:04:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.03.31 12:04:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.03.31 12:04:07 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.03.31 12:04:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.03.31 12:04:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.03.31 12:04:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.03.31 12:04:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.03.31 12:04:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.03.31 12:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.03.31 12:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.03.31 12:04:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.03.31 12:04:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.03.31 12:04:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.03.31 12:04:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010.03.31 12:04:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010.03.31 12:04:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.03.31 12:04:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.03.29 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.03.28 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2010.03.24 22:37:24 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2006.08.14 17:08:04 | 002,248,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\dsetup32.dll [2006.08.14 17:08:04 | 000,484,632 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\DXSETUP.exe [2006.08.14 17:08:04 | 000,074,520 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\DSETUP.dll [2004.01.29 19:11:26 | 002,211,840 | ---- | C] (MHC) -- C:\Program Files (x86)\SpaceSynthesizer.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.18 21:39:35 | 005,242,880 | ---- | M] () -- C:\Users\Thomas\NTUSER.DAT [2010.04.18 21:35:37 | 000,002,415 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2010.04.18 21:35:35 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.18 21:18:37 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.18 21:18:37 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.18 21:18:37 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.18 21:18:37 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.18 21:18:37 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.18 21:16:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.18 21:11:20 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 21:11:20 | 000,003,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 21:11:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.18 21:11:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.18 21:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2010.04.18 21:10:08 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TM.blf [2010.04.18 21:10:02 | 004,857,162 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db [2010.04.18 14:51:24 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.18 14:49:18 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2010.04.18 13:59:19 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58ED72A2-0BB6-46B4-BB0C-8674A68AE247}.job [2010.04.18 11:39:10 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.04.18 11:39:10 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.04.18 09:32:00 | 000,000,865 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2010.04.11 14:11:05 | 000,203,991 | ---- | M] () -- C:\Windows\War3Unin.dat [2010.04.11 14:02:48 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2010.04.11 14:02:36 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2010.04.11 14:02:36 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2010.04.11 14:02:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2010.04.03 10:23:02 | 000,000,560 | ---- | M] () -- C:\Users\Thomas\Download - Verknüpfung.lnk [2010.04.02 11:06:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.04.02 11:05:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.28 22:02:27 | 000,102,912 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.24 22:37:04 | 000,126,792 | ---- | M] (Avira GmbH) -- C:\Windows\SysWow64\drivers\avfwot.sys [2010.03.24 22:37:04 | 000,126,792 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2010.03.24 22:37:04 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.03.24 22:37:04 | 000,098,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2010.03.24 22:37:04 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.18 14:51:24 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.18 09:31:57 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk [2010.04.03 10:23:02 | 000,000,560 | ---- | C] () -- C:\Users\Thomas\Download - Verknüpfung.lnk [2010.04.03 10:21:35 | 000,022,786 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI273C.txt [2010.04.02 11:06:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.04.02 11:05:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.03.10 20:02:30 | 000,423,058 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI10A9.txt [2010.03.10 20:02:30 | 000,013,598 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI10A9.txt [2010.03.10 20:01:41 | 000,417,756 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI1009.txt [2010.03.10 20:01:41 | 000,013,878 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI1009.txt [2010.01.29 00:37:31 | 000,372,590 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5FAC.txt [2010.01.29 00:37:29 | 000,212,658 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5FAC.txt [2010.01.07 20:49:40 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll [2010.01.07 20:49:40 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini [2010.01.07 20:49:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini [2010.01.07 20:49:40 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini [2010.01.07 20:49:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini [2010.01.07 20:49:40 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini [2010.01.07 20:49:40 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini [2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini [2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini [2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini [2010.01.07 20:49:40 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini [2010.01.07 20:49:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini [2010.01.07 20:49:40 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini [2010.01.07 20:49:40 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini [2010.01.07 20:49:40 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini [2010.01.07 20:49:40 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini [2010.01.07 20:20:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.01.07 20:20:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.01.02 18:36:21 | 000,140,856 | ---- | C] () -- C:\Users\Thomas\DesktopStCenter.txt [2010.01.02 18:35:37 | 000,352,844 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5B40.txt [2010.01.02 18:35:37 | 000,013,546 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5B40.txt [2010.01.02 18:35:04 | 000,421,596 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI5AD5.txt [2010.01.02 18:35:04 | 000,013,562 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI5AD5.txt [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.10.26 10:52:45 | 000,014,966 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI37F2.txt [2009.10.22 16:09:27 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000002.regtrans-ms [2009.10.22 16:09:27 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2009.10.22 16:09:27 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1e8a3bc8-beec-11de-b39a-001e8c336166}.TM.blf [2009.10.13 17:05:06 | 001,502,977 | ---- | C] () -- C:\Users\Thomas\AppData\Local\somoto.cab [2009.09.20 16:58:02 | 000,221,291 | ---- | C] () -- C:\Windows\SysWow64\Imei_dll.dll [2009.09.20 16:58:02 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Sublock.dll [2009.09.18 17:39:38 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\sysmwwod.dll [2009.09.18 13:31:11 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll [2009.09.18 13:31:11 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll [2009.09.18 12:44:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2009.09.18 12:44:26 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2009.09.04 22:03:00 | 000,000,137 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\default.rss [2009.09.04 21:53:36 | 018,443,176 | ---- | C] () -- C:\Users\Thomas\toto.mpeg [2009.09.04 21:45:28 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.04 20:57:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.29 15:50:01 | 000,230,834 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL90SP1_KB973924MSI71A1.txt [2009.07.29 15:50:01 | 000,013,852 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL90SP1_KB973924UI71A1.txt [2009.07.29 15:49:47 | 000,539,096 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923MSI7169.txt [2009.07.29 15:49:44 | 000,013,868 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923UI7169.txt [2009.07.29 15:49:29 | 000,538,338 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923MSI7138.txt [2009.07.29 15:49:29 | 000,013,868 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_ATL80SP1_KB973923UI7138.txt [2009.06.28 22:06:30 | 000,000,113 | ---- | C] () -- C:\Users\Thomas\SciTE.session [2009.06.07 22:15:11 | 000,420,378 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI3982.txt [2009.06.07 22:15:11 | 000,013,406 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI3982.txt [2009.05.27 10:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.05.27 10:55:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.21 01:42:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.05.17 21:01:23 | 000,027,070 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\UserTile.png [2009.04.26 17:21:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.19 21:09:37 | 000,331,252 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI1CAC.txt [2009.03.19 21:09:36 | 000,144,590 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI1CAC.txt [2009.03.19 16:42:41 | 000,329,352 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI505F.txt [2009.03.19 16:42:40 | 000,143,946 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI505F.txt [2009.03.19 16:38:46 | 000,412,886 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI4D5C.txt [2009.03.19 16:38:44 | 000,145,322 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI4D5C.txt [2009.03.02 20:59:15 | 000,810,094 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_NET_Framework35_LangPack_MSI647D.txt [2009.03.02 20:59:05 | 000,036,116 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_depcheck_NETFX_EXP_35.txt [2009.03.02 20:58:59 | 000,076,488 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_dotnetfx35install_lp.txt [2009.03.02 20:58:59 | 000,001,602 | ---- | C] () -- C:\Users\Thomas\AppData\Local\uxeventlog.txt [2009.03.02 20:58:59 | 000,000,002 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_dotnetfx35error_lp.txt [2008.12.29 19:57:45 | 000,000,054 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.11.06 22:37:26 | 000,436,060 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistMSI4836.txt [2008.11.06 22:37:26 | 000,012,276 | ---- | C] () -- C:\Users\Thomas\AppData\Local\dd_vcredistUI4836.txt [2008.07.31 14:18:25 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TMContainer00000000000000000002.regtrans-ms [2008.07.31 14:18:25 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2008.07.31 14:18:24 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{1872f031-5ef9-11dd-8baf-001e8c336166}.TM.blf [2008.07.31 14:14:17 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_87809.LOG1 [2008.07.31 14:14:17 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_87809.LOG2 [2008.07.02 14:46:04 | 000,001,100 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d8caps.dat [2008.05.31 14:17:20 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TMContainer00000000000000000002.regtrans-ms [2008.05.31 14:17:20 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2008.05.31 14:17:20 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{34ab7be2-2f08-11dd-b911-001e8c336166}.TM.blf [2008.05.31 14:15:36 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_38171.LOG1 [2008.05.31 14:15:36 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_38171.LOG2 [2008.05.31 12:24:48 | 000,000,732 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps64.dat [2008.04.04 17:48:21 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TMContainer00000000000000000002.regtrans-ms [2008.04.04 17:48:21 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2008.04.04 17:48:21 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{e57e875b-025c-11dd-a895-001e8c336166}.TM.blf [2008.04.04 17:46:38 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_15916.LOG1 [2008.04.04 17:46:38 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_15916.LOG2 [2008.03.19 15:02:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.02.26 21:54:04 | 000,001,356 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat [2008.02.21 23:47:54 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TMContainer00000000000000000002.regtrans-ms [2008.02.21 23:47:54 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TMContainer00000000000000000001.regtrans-ms [2008.02.21 23:47:54 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{de33f10f-e0c4-11dc-bf0b-001e8c336166}.TM.blf [2008.02.21 23:45:30 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_97906.LOG1 [2008.02.21 23:45:30 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\NTUSER.DAT_TU_97906.LOG2 [2008.02.14 17:43:45 | 000,102,912 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.13 00:24:32 | 000,000,176 | ---- | C] () -- C:\Windows\wininit.ini [2008.02.12 17:16:08 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.12 16:53:17 | 000,013,230 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.02.12 16:53:09 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2008.02.12 16:44:06 | 000,000,020 | -HS- | C] () -- C:\Users\Thomas\ntuser.ini [2008.02.12 16:44:05 | 005,242,880 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT [2008.02.12 16:44:05 | 002,621,440 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_87809 [2008.02.12 16:44:05 | 002,097,152 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_38171 [2008.02.12 16:44:05 | 002,097,152 | ---- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_15916 [2008.02.12 16:44:05 | 001,048,576 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT_BAK_97906 [2008.02.12 16:44:05 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms [2008.02.12 16:44:05 | 000,524,288 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms [2008.02.12 16:44:05 | 000,262,144 | -H-- | C] () -- C:\Users\Thomas\ntuser.dat.LOG1 [2008.02.12 16:44:05 | 000,065,536 | -HS- | C] () -- C:\Users\Thomas\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf [2008.02.12 16:44:05 | 000,000,000 | -H-- | C] () -- C:\Users\Thomas\ntuser.dat.LOG2 [2006.08.14 17:08:04 | 015,493,481 | ---- | C] () -- C:\Users\Thomas\DirectX.cab [2006.08.14 17:08:04 | 013,265,040 | ---- | C] () -- C:\Users\Thomas\dxnt.cab [2006.08.14 17:08:04 | 004,163,518 | ---- | C] () -- C:\Users\Thomas\Apr2006_MDX1_x86_Archive.cab [2006.08.14 17:08:04 | 001,398,718 | ---- | C] () -- C:\Users\Thomas\Apr2006_d3dx9_30_x64.cab [2006.08.14 17:08:04 | 001,363,684 | ---- | C] () -- C:\Users\Thomas\Feb2006_d3dx9_29_x64.cab [2006.08.14 17:08:04 | 001,358,864 | ---- | C] () -- C:\Users\Thomas\Dec2005_d3dx9_28_x64.cab [2006.08.14 17:08:04 | 001,351,430 | ---- | C] () -- C:\Users\Thomas\Aug2005_d3dx9_27_x64.cab [2006.08.14 17:08:04 | 001,348,242 | ---- | C] () -- C:\Users\Thomas\Apr2005_d3dx9_25_x64.cab [2006.08.14 17:08:04 | 001,336,890 | ---- | C] () -- C:\Users\Thomas\Jun2005_d3dx9_26_x64.cab [2006.08.14 17:08:04 | 001,248,387 | ---- | C] () -- C:\Users\Thomas\Feb2005_d3dx9_24_x64.cab [2006.08.14 17:08:04 | 001,156,363 | ---- | C] () -- C:\Users\Thomas\BDANT.cab [2006.08.14 17:08:04 | 001,116,109 | ---- | C] () -- C:\Users\Thomas\Apr2006_d3dx9_30_x86.cab [2006.08.14 17:08:04 | 001,085,608 | ---- | C] () -- C:\Users\Thomas\Feb2006_d3dx9_29_x86.cab [2006.08.14 17:08:04 | 001,080,344 | ---- | C] () -- C:\Users\Thomas\Dec2005_d3dx9_28_x86.cab [2006.08.14 17:08:04 | 001,079,850 | ---- | C] () -- C:\Users\Thomas\Apr2005_d3dx9_25_x86.cab [2006.08.14 17:08:04 | 001,078,532 | ---- | C] () -- C:\Users\Thomas\Aug2005_d3dx9_27_x86.cab [2006.08.14 17:08:04 | 001,065,813 | ---- | C] () -- C:\Users\Thomas\Jun2005_d3dx9_26_x86.cab [2006.08.14 17:08:04 | 001,014,113 | ---- | C] () -- C:\Users\Thomas\Feb2005_d3dx9_24_x86.cab [2006.08.14 17:08:04 | 000,976,020 | ---- | C] () -- C:\Users\Thomas\BDAXP.cab [2006.08.14 17:08:04 | 000,917,318 | ---- | C] () -- C:\Users\Thomas\Apr2006_MDX1_x86.cab [2006.08.14 17:08:04 | 000,703,080 | ---- | C] () -- C:\Users\Thomas\BDA.cab [2006.08.14 17:08:04 | 000,183,863 | ---- | C] () -- C:\Users\Thomas\AUG2006_XACT_x64.cab [2006.08.14 17:08:04 | 000,181,745 | ---- | C] () -- C:\Users\Thomas\JUN2006_XACT_x64.cab [2006.08.14 17:08:04 | 000,180,021 | ---- | C] () -- C:\Users\Thomas\Apr2006_XACT_x64.cab [2006.08.14 17:08:04 | 000,179,247 | ---- | C] () -- C:\Users\Thomas\Feb2006_XACT_x64.cab [2006.08.14 17:08:04 | 000,138,195 | ---- | C] () -- C:\Users\Thomas\AUG2006_XACT_x86.cab [2006.08.14 17:08:04 | 000,134,631 | ---- | C] () -- C:\Users\Thomas\JUN2006_XACT_x86.cab [2006.08.14 17:08:04 | 000,133,991 | ---- | C] () -- C:\Users\Thomas\Apr2006_XACT_x86.cab [2006.08.14 17:08:04 | 000,133,297 | ---- | C] () -- C:\Users\Thomas\Feb2006_XACT_x86.cab [2006.08.14 17:08:04 | 000,088,102 | ---- | C] () -- C:\Users\Thomas\AUG2006_xinput_x64.cab [2006.08.14 17:08:04 | 000,087,989 | ---- | C] () -- C:\Users\Thomas\Apr2006_xinput_x64.cab [2006.08.14 17:08:04 | 000,086,925 | ---- | C] () -- C:\Users\Thomas\Oct2005_xinput_x64.cab [2006.08.14 17:08:04 | 000,082,338 | ---- | C] () -- C:\Users\Thomas\dxupdate.cab [2006.08.14 17:08:04 | 000,047,018 | ---- | C] () -- C:\Users\Thomas\AUG2006_xinput_x86.cab [2006.08.14 17:08:04 | 000,046,898 | ---- | C] () -- C:\Users\Thomas\Apr2006_xinput_x86.cab [2006.08.14 17:08:04 | 000,046,247 | ---- | C] () -- C:\Users\Thomas\Oct2005_xinput_x86.cab [2006.08.14 17:08:04 | 000,041,995 | ---- | C] () -- C:\Users\Thomas\dxdllreg_x86.cab ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:B60254D39DCE091F < End of report > |
|
19.04.2010, 10:28
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fz1.exe Fz5.exe über ICQ-Link eingefangenZitat:
(und den Keygen auf F solltest Du auch nicht mehr anrühren  )Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2010, 11:16
| #8 |
| | Fz1.exe Fz5.exe über ICQ-Link eingefangen Hallo, Vielen Dank für die Hilfe! Das diese Datei auf meinem PC ist war mir nicht bewußt. In diesem _Daten_-Ordner befinden sich Dateien die sich auf meinem alten PC befanden. Aus dem ich einfach alle Dateien in diesen Ordner verschoben habe. Ich versichere das ich diese Datei nie benutzt habe. Und auf einer Lanparty nehme ich an auf meinen PC geschickt wurde man weiß ja nie was Kumpels so mit ihrer Moral vereinbaren können wenn sie sich an meinen PC setzen. Wenn mein PC nun sauber ist. Ist es nötig ihn neuaufzusetzen? Die Datensicherung von E-Mail programmen und persönlichen einstellung in Programmen empfinde ich als sehr aufwendig. Diese dann auch wieder an den richtigen Platz zu kopieren noch mehr. Die Bilder/Musik mal eben auf en USB ziehen wäre zwar kein Problem aber ich besitze leider kein solch großes Speichermedium. Und auch keinen Brenner. Sind mit alle Passwörter auch die gemeint die ich nicht benutzt habe seitdem diese "ICQ-Datei" meinen PC befallen hat. (ich speichere grundsätzlich keine Passwörte automatisch) Ich habe meine Lektion gelernt  mfg Tamad |
|
| Themen zu Fz1.exe Fz5.exe über ICQ-Link eingefangen |
| autom, bild, dateien, diverse, eingefangen, eingestellt, einzige, gen, hoffe, icq, installiert, interne, internet, internet-explorer, internetseite, internetseiten, kurze, link, liste, programme, seite, seiten, temp-ordner, trojaner-board, verbindung, verbindungen, versuche |
Linear-Darstellung
