Heimscheißer | 13.05.2008 19:01 | Hi,
erstmal danke für den ersten Ansatz und entschuldige, dass ich nicht schnell meine Ergebnisse gepostet habe. Ich bin ne Zeit lang nicht ans Internet gekommen...
Ergebnisse von Malwarebytes waren negativ.
Silentrunners: Code:
"Silent Runners.vbs", revision 57, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"IntelZeroConfig" = ""C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]
"IntelWireless" = ""C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]
"EOUApp" = ""C:\Programme\Intel\Wireless\Bin\EOUWiz.exe"" ["Intel Corporation"]
"AudioDeck" = "C:\Programme\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"ZoneAlarm Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}"
-> {HKLM...CLSID} = "ZLAVShExt Class"
\InProcServer32\(Default) = "C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Florian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
IviDVDEventHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]
IviVideoCDHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]
NeroAutoPlayEmptyCD\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay"
"InvokeVerb" = "EmptyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Programme\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Programme\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Programme\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\Programme\Winamp\winamp.exe"" ["Nullsoft"]
Startup items in "Florian" & "All Users" startup folders:
---------------------------------------------------------
C:\Dokumente und Einstellungen\Florian\Startmenü\Programme\Autostart
<<!>> "entfernen.bat" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_05"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
SmartLinkService, SLService, "slserv.exe" [" "]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."]
---------- (launch time: 2008-05-13 19:42:30)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 194 seconds.
---------- (total run time: 285 seconds) Filelist: Code:
----- Root -----------------------------
Verzeichnis von C:\
13.05.2008 17:19 804.704.256 hiberfil.sys
13.05.2008 17:19 1.207.959.552 pagefile.sys
08.05.2008 18:03 211 boot.ini
----- System32 -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9462-18DD
Verzeichnis von C:\WINDOWS\system32
13.05.2008 17:20 55.080 vsconfig.xml
12.05.2008 21:08 2.206 wpa.dbl
08.05.2008 19:22 380.684 perfh009.dat
08.05.2008 19:22 53.098 perfc009.dat
08.05.2008 19:22 391.574 perfh007.dat
08.05.2008 19:22 63.976 perfc007.dat
08.05.2008 19:22 897.954 PerfStringBackup.INI
29.04.2008 19:43 6.307 jupdate-1.6.0_06-b02.log
24.04.2008 16:28 98.304 CmdLineExt.dll
10.04.2008 09:09 110.992 FNTCACHE.DAT
Verzeichnis von C:\WINDOWS\Prefetch
13.05.2008 19:50 11.782 FIND.EXE-0EC32F1E.pf
13.05.2008 19:50 17.146 CMD.EXE-087B4001.pf
13.05.2008 19:49 39.878 WMIPRVSE.EXE-28F301A9.pf
13.05.2008 19:47 36.568 AVWSC.EXE-3AC95876.pf
13.05.2008 19:47 85.594 NOTEPAD.EXE-336351A9.pf
13.05.2008 19:42 30.472 WSCRIPT.EXE-32960AB9.pf
13.05.2008 19:41 77.118 TASKMGR.EXE-20256C55.pf
13.05.2008 19:40 211.292 WINRAR.EXE-3588DFE8.pf
13.05.2008 19:40 17.326 VERCLSID.EXE-3667BD89.pf
13.05.2008 19:30 100.428 FIREFOX.EXE-17EE503B.pf
13.05.2008 19:28 43.192 MIRANDA32.EXE-248B043D.pf
13.05.2008 19:28 18.690 IWRAP.EXE-3933A84F.pf
13.05.2008 19:28 24.624 LOGONUI.EXE-0AF22957.pf
13.05.2008 18:24 68.162 JAVAW.EXE-095CED93.pf
13.05.2008 18:07 53.184 FOXITR~1.EXE-2C735C97.pf
13.05.2008 17:28 101.066 ECLIPSE.EXE-03E493ED.pf
13.05.2008 17:21 53.398 UPDCLIENT.EXE-215FC96B.pf
13.05.2008 17:21 85.658 THUNDERBIRD.EXE-031A6371.pf
13.05.2008 17:21 26.886 WUAUCLT.EXE-399A8E72.pf
13.05.2008 17:21 42.404 DOT1XCFG.EXE-32C52055.pf
13.05.2008 17:21 869.270 NTOSBOOT-B00DFAAD.pf
13.05.2008 13:03 68.334 DFRGNTFS.EXE-269967DF.pf
13.05.2008 13:03 16.838 DEFRAG.EXE-273F131E.pf
13.05.2008 13:02 462.168 Layout.ini
13.05.2008 11:42 36.142 QUICKDIC.EXE-2D70E076.pf
13.05.2008 10:02 35.404 MMC.EXE-1EF9AA05.pf
13.05.2008 08:31 44.286 MBAM.EXE-11D8BBD8.pf
13.05.2008 08:24 20.346 UPDATER.EXE-2B1D4C8D.pf
13.05.2008 08:24 16.242 ALG.EXE-0F138680.pf
13.05.2008 08:24 51.262 IMAPI.EXE-0BF740A4.pf
13.05.2008 01:03 16.082 RUNDLL32.EXE-451FC2C0.pf
13.05.2008 01:03 19.794 SPIDER.EXE-2D998CA6.pf
12.05.2008 23:02 76.564 OIS.EXE-33076924.pf
12.05.2008 22:38 54.138 WINAMP.EXE-08C38ED9.pf
12.05.2008 21:29 47.612 GUARDGUI.EXE-3AFB6D88.pf
12.05.2008 21:23 55.818 AVSCAN.EXE-0D0CD933.pf
12.05.2008 21:22 13.646 DRVCTL.EXE-2FB66A0B.pf
12.05.2008 21:22 42.040 PCTSTRAY.EXE-19D5DE12.pf
12.05.2008 21:22 78.954 PCTSGUI.EXE-1D6925CB.pf
12.05.2008 21:22 40.914 SDLOADER.EXE-211412BD.pf
12.05.2008 21:21 85.408 UPDATE.EXE-3A80F1D2.pf
12.05.2008 21:21 71.972 AVCENTER.EXE-324B1681.pf
12.05.2008 21:21 21.438 PREUPD.EXE-18CBCD87.pf
12.05.2008 21:18 19.442 REGSVR32.EXE-25EEFE2F.pf
12.05.2008 21:18 21.006 MBAM-SETUP.TMP-2DBC1E8E.pf
12.05.2008 21:18 16.988 MBAM-SETUP.EXE-239D1A0E.pf
12.05.2008 21:16 21.540 RUNDLL32.EXE-12E27DD0.pf
12.05.2008 21:13 38.686 AVGNT.EXE-18356F59.pf
12.05.2008 21:10 69.426 AVNOTIFY.EXE-0B59FC42.pf
12.05.2008 21:10 14.704 PCTSAUXS.EXE-248177B2.pf
12.05.2008 21:09 46.002 PCTSSVC.EXE-0922220E.pf
11.05.2008 11:17 52.260 IFRMEWRK.EXE-27F5F7E5.pf
11.05.2008 11:15 30.014 STARMONEY.EXE-0591A7BE.pf
11.05.2008 11:15 23.808 STARTSTARMONEY.EXE-13EA1D3E.pf
11.05.2008 10:16 21.878 MSPAINT.EXE-11CBB631.pf
10.05.2008 10:08 18.206 RUNDLL32.EXE-2F35E077.pf
10.05.2008 09:53 15.702 RUNDLL32.EXE-2E99263F.pf
09.05.2008 07:14 63.612 HELPSVC.EXE-2878DDA2.pf
09.05.2008 06:48 29.070 MSCONFIG.EXE-35E4DAE9.pf
09.05.2008 06:48 16.598 SYNTPENH.EXE-3967AE36.pf
09.05.2008 06:48 11.568 SYNTPLPR.EXE-0AB61C3B.pf
09.05.2008 06:48 11.572 ADECK.EXE-16336D05.pf
09.05.2008 06:48 17.846 ATIPTAXX.EXE-12B5048A.pf
09.05.2008 06:48 10.150 JUSCHED.EXE-17878C0C.pf
09.05.2008 06:48 16.792 USERINIT.EXE-30B18140.pf
09.05.2008 06:48 27.004 ATI2EVXX.EXE-19D16EB9.pf
09.05.2008 06:48 83.068 EXPLORER.EXE-082F38A9.pf
08.05.2008 20:11 20.408 CCLEANER.EXE-065E2F3F.pf
08.05.2008 19:46 13.812 THIS.COM-1554902C.pf
08.05.2008 19:45 29.656 UPDATE.EXE-0C3CBDEF.pf
08.05.2008 19:22 20.226 WMIADAP.EXE-2DF425B2.pf
08.05.2008 19:21 26.460 RUNDLL32.EXE-1687FC74.pf
08.05.2008 19:20 42.172 SDSETUP.TMP-36028FEF.pf
08.05.2008 19:20 49.004 SDSETUP.EXE-3B9018AA.pf
08.05.2008 17:29 13.158 WSCNTFY.EXE-1B24F5EB.pf
08.05.2008 17:29 50.834 AVGUARD.EXE-1B26F309.pf
08.05.2008 16:46 18.876 RUNDLL32.EXE-25C40596.pf
08.05.2008 16:46 33.506 RUNDLL32.EXE-2576181F.pf
08.05.2008 14:45 30.266 JAVAW.EXE-2246B54F.pf
08.05.2008 14:33 73.340 IEXPLORE.EXE-2CA9778D.pf
08.05.2008 14:33 27.320 WUPDMGR.EXE-2F30BEAB.pf
08.05.2008 13:44 7.400 WDFMGR.EXE-2CF4013B.pf
08.05.2008 13:44 52.314 SVCHOST.EXE-3530F672.pf
08.05.2008 13:44 43.656 SLSERV.EXE-1E8DF9A3.pf
08.05.2008 09:57 69.274 VPNGUI.EXE-10986A0F.pf
08.05.2008 09:57 7.982 IPSECDIALER.EXE-2368204B.pf
07.05.2008 17:33 69.324 WINDVD.EXE-0500624C.pf
07.05.2008 12:22 81.868 CIVILIZATION4.EXE-10B34583.pf
06.05.2008 19:02 17.448 SNDVOL32.EXE-383480B7.pf
06.05.2008 11:53 15.768 CTFMON.EXE-0E17969B.pf
06.05.2008 11:53 7.480 OPWARESE4.EXE-1319B42A.pf
05.05.2008 14:18 83.462 WINWORD.EXE-3395695A.pf
04.05.2008 20:23 23.978 EOUWIZ.EXE-268C3A3A.pf
04.05.2008 20:23 36.218 ZLCLIENT.EXE-0120F620.pf
04.05.2008 20:23 11.052 SSBKGDUPDATE.EXE-060EC2B1.pf
04.05.2008 20:05 6.652 LOGON.SCR-151EFAEA.pf
02.05.2008 23:03 18.698 MIRANDA-IM-V0.7.5-UNICODE.EXE-0F29CBE0.pf
02.05.2008 12:19 37.424 CIVILIZATION4.EXE-15E50AE7.pf
02.05.2008 08:21 60.276 HELPCTR.EXE-3862B6F5.pf
02.05.2008 08:21 19.636 MSINFO32.EXE-20B2F2A1.pf
02.05.2008 08:16 7.952 VPNCLIENT.EXE-2C42047C.pf
02.05.2008 07:48 13.852 HELPER.EXE-04F5B6A7.pf
02.05.2008 07:48 19.886 UPDATER.EXE-05F534D6.pf
01.05.2008 17:58 10.340 ~E5.0001-068F9336.pf
01.05.2008 11:13 5.908 WINFWEXCEPT.EXE-3608E8BE.pf
01.05.2008 11:13 8.918 CIV4PAKSPLIT.EXE-2DB0AF5D.pf
01.05.2008 10:50 6.684 DXDLLREG.EXE-0931C62D.pf
01.05.2008 10:50 12.734 DXSETUP.EXE-0B4C4376.pf
01.05.2008 10:50 112.626 MSIEXEC.EXE-2F8A8CAE.pf
01.05.2008 10:49 26.374 _IS13.EXE-3957016E.pf
01.05.2008 10:49 17.498 SETUP.EXE-393E66AE.pf
01.05.2008 10:49 12.464 AUTORUN.EXE-055703AF.pf
30.04.2008 18:31 28.306 CNMSM61.EXE-0A018AF6.pf
30.04.2008 13:02 32.672 ZCFGSVC.EXE-1FEE3EEE.pf
29.04.2008 16:22 11.612 RUNONCE.EXE-2803F297.pf
29.04.2008 16:08 18.466 MSETUP4.EXE-1D2A281C.pf
116 Datei(en) 5.551.722 Bytes
0 Verzeichnis(se), 48.963.608.576 Bytes frei
Verzeichnis von C:\WINDOWS
13.05.2008 18:46 1.988.226 WindowsUpdate.log
13.05.2008 17:20 0 0.log
13.05.2008 17:20 159 wiadebug.log
13.05.2008 17:20 50 wiaservc.log
13.05.2008 17:19 2.048 bootstat.dat
13.05.2008 14:26 32.626 SchedLgU.Txt
10.05.2008 09:53 222.752 setupapi.log
08.05.2008 18:03 477 win.ini
08.05.2008 18:03 227 system.ini
07.05.2008 17:33 69 NeroDigital.ini
01.05.2008 10:51 165.708 DirectX.log
29.04.2008 16:11 117.930 iis6.log
29.04.2008 16:11 174.847 ntdtcsetup.log
29.04.2008 16:11 275.303 comsetup.log
29.04.2008 16:11 46.099 ocmsn.log
29.04.2008 16:11 1.917 imsins.log
29.04.2008 16:11 332.413 tsoc.log
29.04.2008 16:11 481.593 ocgen.log
29.04.2008 16:11 42.947 msgsocm.log
29.04.2008 16:11 785.192 FaxSetup.log
29.04.2008 15:38 2.423 imsins.BAK
29.04.2008 15:09 408 MAXLINK.INI
24.04.2008 16:24 624 DXError.log
15.04.2008 14:35 183.266 setupact.log
09.04.2008 22:12 14.079 KB948881.log
09.04.2008 22:12 18.575 KB941693.log
09.04.2008 22:12 19.883 KB947864-IE7.log
09.04.2008 22:11 69.796 updspapi.log
09.04.2008 22:11 12.091 KB948590.log
09.04.2008 22:08 12.052 KB945553.log
----- Tasks ----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9462-18DD
Verzeichnis von C:\WINDOWS\tasks
13.05.2008 17:20 6 SA.DAT
----- Wintemp --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9462-18DD
Verzeichnis von C:\WINDOWS\temp
13.05.2008 17:20 256 ZLT03523.TMP
13.05.2008 17:20 256 ZLT04fd8.TMP
----- Temp -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9462-18DD
Verzeichnis von C:\DOKUME~1\Florian\LOKALE~1\Temp
13.05.2008 19:50 114.646 filelist.txt
13.05.2008 18:46 16.384 ~DF9FF.tmp
13.05.2008 18:40 16.384 ~DFCD93.tmp
13.05.2008 18:40 16.384 ~DFA23B.tmp
13.05.2008 18:24 16.384 ~DFA77B.tmp
13.05.2008 18:20 16.384 ~DF6730.tmp
13.05.2008 18:07 231.904 aufgabe_ctviewer.pdf
13.05.2008 17:25 173 jusched.log
8 Datei(en) 428.643 Bytes
0 Verzeichnis(se), 48.963.604.480 Bytes frei Smitfraudfix wird von Antivir als Schadsoftwarer erkannt... Soll ich das trotzdem freigeben?
Danke!
Gruß,
Heimscheißer |