TR/PSW.sinowal.bh.18...von sinowal krieg ich nen krampfanfall... |
||
---|---|---|
#0
| ||
13.01.2007, 17:51
Member
Beiträge: 19 |
||
|
||
13.01.2007, 19:01
Ehrenmitglied
Beiträge: 29434 |
#2
Tl2ibal
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlPC neustarten «« gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein » scanne mit Panda und poste den scanreport http://virus-protect.org/panda_online.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.01.2007, 20:28
Member
Themenstarter Beiträge: 19 |
#3
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected D:\Eigene Dateien\Downloaded\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\Eigene Dateien\Downloaded\SmitfraudFix.zip[SmitfraudFix/Process.exe] hab die datei auch direkt gelöscht ...^^ thx 4 help wie gehts weida? |
|
|
||
13.01.2007, 23:56
Ehrenmitglied
Beiträge: 29434 |
#4
je, das war der smitfraudfix ..nicht zum Loeschen
poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.01.2007, 15:57
Member
Themenstarter Beiträge: 19 |
#5
Logfile of HijackThis v1.99.1
Scan saved at 15:56:26, on 15.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe C:\Programme\OpenOffice.org 2.0\program\soffice.exe C:\Programme\Siemens\Gigaset USB Stick 108\OdHost.exe C:\Programme\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe D:\DOKUME~1\Tl2ibal\LOKALE~1\Temp\Rar$EX00.562\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\ger.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe sry wegen der späten antwort hier isser^^ |
|
|
||
15.01.2007, 16:00
Ehrenmitglied
Beiträge: 29434 |
#6
es muesste wieder alles i.o. sein
dennoch: scanne mit counterspy und poste den scanreport (vorher alles gefundene auf remove stellen) http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.01.2007, 22:04
Member
Themenstarter Beiträge: 19 |
#7
Scan History Details
Start Date: 15.01.2007 22:03:00 End Date: 15.01.2007 22:03:03 Total Time: 3 Sec Detected security risks BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Files detected C:\PROGRAMME\BEARSHARE\ArmAccess.dll C:\PROGRAMME\BEARSHARE\BearShare.dat C:\PROGRAMME\BEARSHARE\BearShare.exe C:\PROGRAMME\BEARSHARE\BSidle.dll C:\PROGRAMME\BEARSHARE\db\config.bin C:\PROGRAMME\BEARSHARE\db\connect.txt C:\PROGRAMME\BEARSHARE\db\gwebcache.dat C:\PROGRAMME\BEARSHARE\db\Hostiles-Chat.txt C:\PROGRAMME\BEARSHARE\db\Hostiles.txt C:\PROGRAMME\BEARSHARE\db\library.2.db C:\PROGRAMME\BEARSHARE\db\library.2.db.lastgoodload.bak C:\PROGRAMME\BEARSHARE\db\library.db C:\PROGRAMME\BEARSHARE\db\library.db.lastgoodload.bak C:\PROGRAMME\BEARSHARE\db\searches.ini C:\PROGRAMME\BEARSHARE\FreePeers.ini C:\PROGRAMME\BEARSHARE\History.txt C:\PROGRAMME\BEARSHARE\INSTALL.LOG C:\PROGRAMME\BEARSHARE\license.lic C:\PROGRAMME\BEARSHARE\Logs\hosts-state.txt C:\PROGRAMME\BEARSHARE\Logs\memory.txt C:\PROGRAMME\BEARSHARE\Logs\ordinal.txt C:\PROGRAMME\BEARSHARE\Logs\streams.txt C:\PROGRAMME\BEARSHARE\sounds\notify.wav C:\PROGRAMME\BEARSHARE\Temp\TMP15 - Broadwqy Musical Ensemble Hamburg - Endlose Nacht - Der König der Löwen.dat C:\PROGRAMME\BEARSHARE\Temp\TMP15 - Broadwqy Musical Ensemble Hamburg - Endlose Nacht - Der König der Löwen.dat.bak C:\PROGRAMME\BEARSHARE\Temp\TMP15 - Broadwqy Musical Ensemble Hamburg - Endlose Nacht - Der König der Löwen.mp3 C:\PROGRAMME\BEARSHARE\Temp\TMPBroadway Musical Ensemble Hamburg - 05 - Ich will jetzt gleich König sein - Der König der Löwen(1).dat C:\PROGRAMME\BEARSHARE\Temp\TMPBroadway Musical Ensemble Hamburg - 05 - Ich will jetzt gleich König sein - Der König der Löwen(1).dat.bak C:\PROGRAMME\BEARSHARE\Temp\TMPBSProInstall5.2.5.1.dat C:\PROGRAMME\BEARSHARE\Temp\TMPBSProInstall5.2.5.1.dat.bak C:\PROGRAMME\BEARSHARE\Temp\TMPkönig der löwen 2 - verbannung.dat C:\PROGRAMME\BEARSHARE\Temp\TMPkönig der löwen 2 - verbannung.dat.bak C:\PROGRAMME\BEARSHARE\Temp\TMPkönig der löwen 2 - verbannung.mp3 C:\PROGRAMME\BEARSHARE\UNWISE.EXE C:\PROGRAMME\BEARSHARE\Webstats.bat C:\PROGRAMME\BEARSHARE\Webstats.exe C:\PROGRAMME\BEARSHARE\Webstats.ini c:\WINDOWS\system32\msjtes40.dll D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk D:\Dokumente und Einstellungen\Tl2ibal\Desktop\BearShare Downloads.lnk D:\Dokumente und Einstellungen\Tl2ibal\Desktop\BearShare.lnk C:\PROGRAMME\BEARSHARE C:\PROGRAMME\BEARSHARE\DB C:\PROGRAMME\BEARSHARE\EXTRAS C:\PROGRAMME\BEARSHARE\INSTALLER C:\PROGRAMME\BEARSHARE\LOGS C:\PROGRAMME\BEARSHARE\PLAYLISTS C:\PROGRAMME\BEARSHARE\SOUNDS C:\PROGRAMME\BEARSHARE\TEMP C:\PROGRAMME\BEARSHARE\WEBSTATS Registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell\open\command HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\.DEFAULT\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current HKEY_USERS\.DEFAULT\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\S-1-5-18\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current HKEY_USERS\S-1-5-18\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\EVENTLABELS\BEARSHARECHATNOTIFYMSG HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current HKEY_USERS\S-1-5-21-3993537961-3086295301-478417686-1006\APPEVENTS\SCHEMES\APPS\BEARSHARE\BearShareChatNotifyMsg\.Current LC4 Password Cracker/Stealer more information... Details: LC4 is a tool through which passwords on Windows NT can be recovered easily. Status: Deleted Files detected D:\Programme\@stake LC4\LC4SETUP.EXE RainbowCrack Password Cracker/Stealer more information... Details: RainbowCrack is a hash cracker. Status: Deleted Files detected D:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP11\A0004160.exe D:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP11\A0004161.exe D:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP11\A0004162.exe D:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP11\A0004163.exe LCP Password Cracker/Stealer more information... Details: LCP is a password auditing and recovery tool for Windows. Status: Deleted Files detected D:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP11\A0004159.exe |
|
|
||
15.01.2007, 23:58
Ehrenmitglied
Beiträge: 29434 |
#8
buegel noch mal mit deinem antivirus drueber .- und berichte, ob noch etwas angezeigt wird.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 17:45:04, on 13.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe
C:\Programme\Siemens\Gigaset USB Stick 108\OdHost.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\WinRAR\WinRAR.exe
D:\DOKUME~1\Tl2ibal\LOKALE~1\Temp\Rar$EX00.125\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23314D99-1240-4d4f-A25C-17E44823D048} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\WINDOWS\system32
13.01.2007 17:23 52.900 perfc009.dat
13.01.2007 17:23 380.486 perfh009.dat
13.01.2007 17:23 391.330 perfh007.dat
13.01.2007 17:23 63.778 perfc007.dat
13.01.2007 17:23 897.778 PerfStringBackup.INI
13.01.2007 16:01 39.291 nvapps.xml
12.01.2007 22:10 243.128 FNTCACHE.DAT
11.01.2007 22:10 1.158 wpa.dbl
11.01.2007 22:09 16.832 amcompat.tlb
11.01.2007 22:09 23.392 nscompat.tlb
09.01.2007 16:51 34.308 BASSMOD.dll
04.01.2007 01:42 159 info.txt
03.01.2007 20:44 1.009 $winnt$.inf
03.01.2007 20:40 333 $ncsp$.inf
03.01.2007 20:35 146.650 BuzzingBee.wav
03.01.2007 20:35 940.794 LoopyMusic.wav
03.01.2007 20:28 176.167 rmoc3260.dll
03.01.2007 20:28 5.632 pndx5032.dll
03.01.2007 20:28 6.656 pndx5016.dll
03.01.2007 20:28 278.528 pncrt.dll
03.01.2007 20:22 2.780 qtplugin.log
03.01.2007 20:19 3.069 jupdate-1.5.0_02-b09.log
23.11.2006 16:45 24.072 uxtuneup.dll
08.11.2006 06:06 679.424 inetcomm.dll
04.11.2006 14:14 1.245.696 msxml4.dll
03.11.2006 10:02 8.282.112 wmploc.dll
03.11.2006 09:56 99.840 wmpshell.dll
03.11.2006 09:55 275.968 wmerror.dll
03.11.2006 09:54 8.192 asferror.dll
02.11.2006 11:51 43.008 wpdshextres.dll
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\
13.01.2007 17:47 0 systemtemp.txt
13.01.2007 17:46 103.630 system32.txt
13.01.2007 16:01 1.073.270.784 hiberfil.sys
13.01.2007 16:00 1.609.801.728 pagefile.sys
09.01.2007 18:57 388 boot.ini
03.01.2007 20:21 0 MSDOS.SYS
03.01.2007 20:21 0 IO.SYS
03.01.2007 20:20 210 BOOT.BAK
04.10.2006 09:23 668 datFind.bat
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\WINDOWS
13.01.2007 17:31 5.130 setupapi.log
13.01.2007 16:01 0 0.log
13.01.2007 16:01 2.048 bootstat.dat
13.01.2007 02:34 908.007 WindowsUpdate.log
13.01.2007 02:34 9.906 SchedLgU.Txt
13.01.2007 02:34 978 iis6.log
13.01.2007 02:34 2.035 comsetup.log
13.01.2007 02:34 1.237 ntdtcsetup.log
13.01.2007 02:34 1.374 imsins.log
13.01.2007 02:34 2.359 tsoc.log
13.01.2007 02:34 342 ocmsn.log
13.01.2007 02:34 7.867 KB929969.log
13.01.2007 02:34 2.916 ocgen.log
13.01.2007 02:34 309 msgsocm.log
13.01.2007 02:34 6.183 FaxSetup.log
13.01.2007 02:34 0 setupact.log
13.01.2007 02:34 0 setuperr.log
11.01.2007 22:09 7.513 HDReg.ini
11.01.2007 22:05 694 win.ini
11.01.2007 22:05 316.640 WMSysPr9.prx
11.01.2007 21:02 139 PsPar.INI
09.01.2007 18:57 227 system.ini
08.01.2007 20:42 1.152 mozver.dat
05.01.2007 04:42 0 iPlayer.INI
03.01.2007 21:56 849 orun32.ini
03.01.2007 20:42 8.192 REGLOCS.OLD
03.01.2007 20:40 61 smscfg.ini
03.01.2007 20:39 2.172.848 RESTORE.INS
03.01.2007 20:35 64 RTHDCPL_DB.dbt
03.01.2007 20:31 400 ODBC.INI
03.01.2007 20:21 335 nsreg.dat
03.01.2007 20:20 254 UPGRADE.TXT
03.01.2007 20:16 1.221.433 setupapi.log.0.old
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\WINDOWS\Temp
13.01.2007 16:01 0 sqlite_jKolVeaK1wguV6U
13.01.2007 16:01 0 CLML_AGENT_LOG1.txt
11.01.2007 00:26 2.048 sqlite_aMFC4qhSs0H63m9
3 Datei(en) 2.048 Bytes
0 Verzeichnis(se), 21.542.686.720 Bytes frei
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\WINDOWS\Downloaded Program Files
08.08.2006 11:45 576 kavwebscan.inf
11.07.2006 09:41 345.656 ewidoOnlineScan.dll
11.08.2004 19:04 65 desktop.ini
3 Datei(en) 346.297 Bytes
0 Verzeichnis(se), 21.542.686.720 Bytes frei
Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: A0CE-5C7C
Verzeichnis von C:\
13.01.2007 17:48 0 sys.txt
13.01.2007 17:48 395 down.txt
13.01.2007 17:47 394 tmp.txt
13.01.2007 17:47 4.209 system.txt
13.01.2007 17:47 825 systemtemp.txt
13.01.2007 17:46 103.630 system32.txt
13.01.2007 16:01 1.073.270.784 hiberfil.sys
13.01.2007 16:00 1.609.801.728 pagefile.sys
09.01.2007 18:57 388 boot.ini
03.01.2007 20:21 0 MSDOS.SYS
03.01.2007 20:21 0 IO.SYS
03.01.2007 20:20 210 BOOT.BAK
04.10.2006 09:23 668 datFind.bat
Tl2ibal - 07-01-13 17:52:54.00 Service Pack 2
ComboFix 06.11.27W - Running from: "D:\Eigene Dateien\Downloaded"
((((((((((((((((((((((((((((((( Files Created from 2006-12-13 to 2007-01-13 ))))))))))))))))))))))))))))))))))
2007-01-13 17:46 668 --a------ C:\datFind.bat
2007-01-13 17:46 668 --a------ C:\datFind.bat
2007-01-13 17:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-13 17:31 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-12 15:23 <DIR> d-------- C:\Programme\OpenOffice.org 2.0
2007-01-12 15:23 <DIR> d-------- C:\Programme\OpenOffice.org 2.0
2007-01-12 15:23 <DIR> d-------- C:\Programme\OpenOffice.org 2.0
2007-01-12 15:23 <DIR> d-------- C:\Programme\OpenOffice.org 2.0
2007-01-11 22:05 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-01-11 22:05 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-01-11 22:05 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-01-11 22:05 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-01-11 22:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-11 22:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-11 21:26 <DIR> d-------- C:\Programme\PSP Brew
2007-01-11 21:26 <DIR> d-------- C:\Programme\PSP Brew
2007-01-11 21:26 <DIR> d-------- C:\Programme\PSP Brew
2007-01-11 21:26 <DIR> d-------- C:\Programme\PSP Brew
2007-01-09 18:46 <DIR> d-------- C:\WINDOWS\pss
2007-01-09 16:51 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2007-01-09 16:46 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2007-01-09 16:46 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2007-01-09 16:45 <DIR> d-------- C:\Programme\Alcohol Soft
2007-01-09 16:45 <DIR> d-------- C:\Programme\Alcohol Soft
2007-01-09 16:45 <DIR> d-------- C:\Programme\Alcohol Soft
2007-01-09 16:45 <DIR> d-------- C:\Programme\Alcohol Soft
2007-01-08 16:55 <DIR> d-------- C:\Programme\BearShare
2007-01-08 16:55 <DIR> d-------- C:\Programme\BearShare
2007-01-08 16:55 <DIR> d-------- C:\Programme\BearShare
2007-01-08 16:55 <DIR> d-------- C:\Programme\BearShare
2007-01-08 16:55 <DIR> d-------- C:\My Downloads
2007-01-08 16:55 <DIR> d-------- C:\My Downloads
2007-01-08 15:59 <DIR> d-------- C:\Programme\DFHEXEditor
2007-01-08 15:59 <DIR> d-------- C:\Programme\DFHEXEditor
2007-01-08 15:59 <DIR> d-------- C:\Programme\DFHEXEditor
2007-01-08 15:59 <DIR> d-------- C:\Programme\DFHEXEditor
2007-01-08 15:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-08 15:45 <DIR> d-------- C:\Programme\EASIS
2007-01-08 15:45 <DIR> d-------- C:\Programme\EASIS
2007-01-08 15:45 <DIR> d-------- C:\Programme\EASIS
2007-01-08 15:45 <DIR> d-------- C:\Programme\EASIS
2007-01-08 15:33 <DIR> d-------- C:\Programme\Opera
2007-01-08 15:33 <DIR> d-------- C:\Programme\Opera
2007-01-08 15:33 <DIR> d-------- C:\Programme\Opera
2007-01-08 15:33 <DIR> d-------- C:\Programme\Opera
2007-01-07 12:24 <DIR> d-------- C:\WINDOWS\Sun
2007-01-04 22:08 <DIR> d-------- C:\Program Files
2007-01-04 22:08 <DIR> d-------- C:\Program Files
2007-01-04 20:55 <DIR> d-------- C:\Programme\Xilisoft
2007-01-04 20:55 <DIR> d-------- C:\Programme\Xilisoft
2007-01-04 20:55 <DIR> d-------- C:\Programme\Xilisoft
2007-01-04 20:55 <DIR> d-------- C:\Programme\Xilisoft
2007-01-04 16:43 <DIR> d-------- C:\Programme\MSXML 4.0
2007-01-04 16:43 <DIR> d-------- C:\Programme\MSXML 4.0
2007-01-04 16:43 <DIR> d-------- C:\Programme\MSXML 4.0
2007-01-04 16:43 <DIR> d-------- C:\Programme\MSXML 4.0
2007-01-04 16:36 <DIR> d-------- C:\Programme\RaPiZ PSP Video Converter
2007-01-04 16:36 <DIR> d-------- C:\Programme\RaPiZ PSP Video Converter
2007-01-04 16:36 <DIR> d-------- C:\Programme\RaPiZ PSP Video Converter
2007-01-04 16:36 <DIR> d-------- C:\Programme\RaPiZ PSP Video Converter
2007-01-04 14:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-04 14:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-04 14:08 <DIR> d-------- C:\Programme\Grisoft
2007-01-04 14:08 <DIR> d-------- C:\Programme\Grisoft
2007-01-04 14:08 <DIR> d-------- C:\Programme\Grisoft
2007-01-04 14:08 <DIR> d-------- C:\Programme\Grisoft
2007-01-04 13:04 <DIR> d-------- C:\Programme\Mozilla Firefox
2007-01-04 13:04 <DIR> d-------- C:\Programme\Mozilla Firefox
2007-01-04 13:04 <DIR> d-------- C:\Programme\Mozilla Firefox
2007-01-04 13:04 <DIR> d-------- C:\Programme\Mozilla Firefox
2007-01-04 03:49 <DIR> d-------- C:\Programme\Yahoo!
2007-01-04 03:49 <DIR> d-------- C:\Programme\Yahoo!
2007-01-04 03:49 <DIR> d-------- C:\Programme\Yahoo!
2007-01-04 03:49 <DIR> d-------- C:\Programme\Yahoo!
2007-01-04 03:48 <DIR> d-------- C:\Programme\CCleaner
2007-01-04 03:48 <DIR> d-------- C:\Programme\CCleaner
2007-01-04 03:48 <DIR> d-------- C:\Programme\CCleaner
2007-01-04 03:48 <DIR> d-------- C:\Programme\CCleaner
2007-01-04 03:00 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-01-04 03:00 55,891 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-01-04 03:00 18,518 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-01-04 03:00 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-01-04 03:00 <DIR> d-------- C:\Programme\Sygate
2007-01-04 03:00 <DIR> d-------- C:\Programme\Sygate
2007-01-04 03:00 <DIR> d-------- C:\Programme\Sygate
2007-01-04 03:00 <DIR> d-------- C:\Programme\Sygate
2007-01-04 02:44 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-01-04 02:44 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-01-04 02:44 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-01-04 02:44 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-01-04 02:44 <DIR> d-------- C:\Programme\TuneUp Utilities 2007
2007-01-04 02:43 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-01-04 02:35 <DIR> d-------- C:\Dokumente und Einstellungen
2007-01-04 02:35 <DIR> d-------- C:\Dokumente und Einstellungen
2007-01-04 02:06 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2007-01-04 02:06 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2007-01-04 02:06 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2007-01-04 02:06 <DIR> d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-01-04 02:06 <DIR> d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-01-04 02:06 <DIR> d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-01-04 02:06 <DIR> d-------- C:\Programme\AntiVir PersonalEdition Classic
2007-01-04 01:40 <DIR> d-------- C:\Programme\WinRAR
2007-01-04 01:40 <DIR> d-------- C:\Programme\WinRAR
2007-01-04 01:40 <DIR> d-------- C:\Programme\WinRAR
2007-01-04 01:40 <DIR> d-------- C:\Programme\WinRAR
2007-01-04 00:18 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-01-04 00:18 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll
2007-01-04 00:18 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
2007-01-04 00:18 217,088 --a------ C:\WINDOWS\system32\DartSock.dll
2007-01-04 00:18 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2007-01-04 00:18 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
2007-01-04 00:18 <DIR> d-------- C:\Programme\Convar
2007-01-04 00:18 <DIR> d-------- C:\Programme\Convar
2007-01-04 00:18 <DIR> d-------- C:\Programme\Convar
2007-01-04 00:18 <DIR> d-------- C:\Programme\Convar
2007-01-04 00:11 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-03 21:49 <DIR> d--h----- C:\WINDOWS\I386
2007-01-03 21:32 <DIR> d--h----- C:\PNP
2007-01-03 21:32 <DIR> d--h----- C:\PNP
2007-01-03 21:32 <DIR> d--h----- C:\DIVTOOLS
2007-01-03 21:32 <DIR> d--h----- C:\DIVTOOLS
2007-01-03 21:31 <DIR> d--hs---- C:\DRIVERS
2007-01-03 21:31 <DIR> d--hs---- C:\DRIVERS
2007-01-03 21:27 <DIR> d-------- C:\APPS
2007-01-03 21:27 <DIR> d-------- C:\APPS
2007-01-03 21:09 94,208 --a------ C:\WINDOWS\system32\W32N50CT.dll
2007-01-03 21:09 43,392 --a------ C:\WINDOWS\system32\drivers\Athfmwdl.sys
2007-01-03 21:09 285,568 --a------ C:\WINDOWS\system32\drivers\ar5523.sys
2007-01-03 21:09 17,142 --a------ C:\WINDOWS\system32\CBTNDIS5.sys
2007-01-03 21:09 <DIR> d-------- C:\Programme\Siemens
2007-01-03 21:09 <DIR> d-------- C:\Programme\Siemens
2007-01-03 21:09 <DIR> d-------- C:\Programme\Siemens
2007-01-03 21:09 <DIR> d-------- C:\Programme\Siemens
2007-01-03 21:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Funk Software
2007-01-03 21:08 <DIR> d-------- C:\Programme\Funk Software
2007-01-03 21:08 <DIR> d-------- C:\Programme\Funk Software
2007-01-03 21:08 <DIR> d-------- C:\Programme\Funk Software
2007-01-03 21:08 <DIR> d-------- C:\Programme\Funk Software
2007-01-03 20:55 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2007-01-03 20:40 <DIR> d--hs---- C:\RECYCLER
2007-01-03 20:40 <DIR> d--hs---- C:\RECYCLER
2007-01-03 20:35 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-01-03 20:32 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-01-03 20:32 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll
2007-01-03 20:32 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Sonic Shared
2007-01-03 20:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-03 20:31 <DIR> d-------- C:\Programme\CyberLink
2007-01-03 20:31 <DIR> d-------- C:\Programme\CyberLink
2007-01-03 20:31 <DIR> d-------- C:\Programme\CyberLink
2007-01-03 20:31 <DIR> d-------- C:\Programme\CyberLink
2007-01-03 20:30 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-03 20:30 <DIR> d-------- C:\Programme\Microsoft.NET
2007-01-03 20:30 <DIR> d-------- C:\Programme\Microsoft.NET
2007-01-03 20:30 <DIR> d-------- C:\Programme\Microsoft.NET
2007-01-03 20:30 <DIR> d-------- C:\Programme\Microsoft.NET
2007-01-03 20:30 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Works
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Works
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Works
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Works
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Office
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Office
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Office
2007-01-03 20:29 <DIR> d-------- C:\Programme\Microsoft Office
2007-01-03 20:28 <DIR> d-------- C:\Programme\Sonic
2007-01-03 20:28 <DIR> d-------- C:\Programme\Sonic
2007-01-03 20:28 <DIR> d-------- C:\Programme\Sonic
2007-01-03 20:28 <DIR> d-------- C:\Programme\Sonic
2007-01-03 20:28 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-01-03 20:28 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SureThing Shared
2007-01-03 20:27 98,304 -ra------ C:\WINDOWS\system32\unzip32.dll
2007-01-03 20:27 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-01-03 20:27 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-01-03 20:27 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-01-03 20:27 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-01-03 20:27 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-01-03 20:27 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-01-03 20:27 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-01-03 20:27 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-01-03 20:27 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-01-03 20:27 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-01-03 20:27 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-01-03 20:27 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2007-01-03 20:27 2,174,464 --a------ C:\WINDOWS\system32\mfc71ud.dll
2007-01-03 20:27 1,181,808 --a------ C:\WINDOWS\system32\atsc63.dll
2007-01-03 20:25 <DIR> d-------- C:\Programme\Norton Internet Security
2007-01-03 20:25 <DIR> d-------- C:\Programme\Norton Internet Security
2007-01-03 20:25 <DIR> d-------- C:\Programme\Norton Internet Security
2007-01-03 20:25 <DIR> d-------- C:\Programme\Norton Internet Security
2007-01-03 20:24 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-03 20:24 104,144 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-01-03 20:24 <DIR> d-------- C:\Programme\Symantec
2007-01-03 20:24 <DIR> d-------- C:\Programme\Symantec
2007-01-03 20:24 <DIR> d-------- C:\Programme\Symantec
2007-01-03 20:24 <DIR> d-------- C:\Programme\Symantec
2007-01-03 20:24 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-01-03 20:23 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-03 20:23 <DIR> d-------- C:\Programme\Norman
2007-01-03 20:23 <DIR> d-------- C:\Programme\Norman
2007-01-03 20:23 <DIR> d-------- C:\Programme\Norman
2007-01-03 20:23 <DIR> d-------- C:\Programme\Norman
2007-01-03 20:22 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-01-03 20:22 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-01-03 20:22 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-01-03 20:22 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2007-01-03 20:22 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2007-01-03 20:22 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-03 20:22 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2007-01-03 20:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-01-03 20:22 <DIR> d-------- C:\WINDOWS\occache
2007-01-03 20:22 <DIR> d-------- C:\Programme\Viewpoint
2007-01-03 20:22 <DIR> d-------- C:\Programme\Viewpoint
2007-01-03 20:22 <DIR> d-------- C:\Programme\Viewpoint
2007-01-03 20:22 <DIR> d-------- C:\Programme\Viewpoint
2007-01-03 20:22 <DIR> d-------- C:\Programme\Real
2007-01-03 20:22 <DIR> d-------- C:\Programme\Real
2007-01-03 20:22 <DIR> d-------- C:\Programme\Real
2007-01-03 20:22 <DIR> d-------- C:\Programme\Real
2007-01-03 20:22 <DIR> d-------- C:\Programme\QuickTime
2007-01-03 20:22 <DIR> d-------- C:\Programme\QuickTime
2007-01-03 20:22 <DIR> d-------- C:\Programme\QuickTime
2007-01-03 20:22 <DIR> d-------- C:\Programme\QuickTime
2007-01-03 20:22 <DIR> d-------- C:\Programme\Learn2.com
2007-01-03 20:22 <DIR> d-------- C:\Programme\Learn2.com
2007-01-03 20:22 <DIR> d-------- C:\Programme\Learn2.com
2007-01-03 20:22 <DIR> d-------- C:\Programme\Learn2.com
2007-01-03 20:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-01-03 20:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nullsoft
2007-01-03 20:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\aolshare
2007-01-03 20:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\aol
2007-01-03 20:22 <DIR> d-------- C:\Programme\AOL 9.0
2007-01-03 20:22 <DIR> d-------- C:\Programme\AOL 9.0
2007-01-03 20:22 <DIR> d-------- C:\Programme\AOL 9.0
2007-01-03 20:22 <DIR> d-------- C:\Programme\AOL 9.0
2007-01-03 20:22 <DIR> d-------- C:\My Music
2007-01-03 20:22 <DIR> d-------- C:\My Music
2007-01-03 20:21 0 -rahs---- C:\MSDOS.SYS
2007-01-03 20:21 0 -rahs---- C:\MSDOS.SYS
2007-01-03 20:21 0 -rahs---- C:\IO.SYS
2007-01-03 20:21 0 -rahs---- C:\IO.SYS
2007-01-03 20:21 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-03 20:21 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-01-03 20:21 <DIR> d-------- C:\Programme\Adobe
2007-01-03 20:21 <DIR> d-------- C:\Programme\Adobe
2007-01-03 20:21 <DIR> d-------- C:\Programme\Adobe
2007-01-03 20:21 <DIR> d-------- C:\Programme\Adobe
2007-01-03 20:20 <DIR> dr-hs---- C:\cmdcons
2007-01-03 20:20 <DIR> dr-hs---- C:\cmdcons
2007-01-03 20:19 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-03 20:19 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-03 20:19 <DIR> d-------- C:\Programme\Java
2007-01-03 20:19 <DIR> d-------- C:\Programme\Java
2007-01-03 20:19 <DIR> d-------- C:\Programme\Java
2007-01-03 20:19 <DIR> d-------- C:\Programme\Java
2007-01-03 20:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2007-01-03 20:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-03 20:16 90,112 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-01-03 20:16 9,699,328 --a------ C:\WINDOWS\RTLCPL.EXE
2007-01-03 20:16 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-03 20:16 69,632 --a------ C:\WINDOWS\ALCMTR.EXE
2007-01-03 20:16 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-03 20:16 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-03 20:16 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-03 20:16 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-03 20:16 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-03 20:16 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2007-01-03 20:16 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-01-03 20:16 3,173,888 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-01-03 20:16 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-03 20:16 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-03 20:16 2,806,272 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-01-03 20:16 2,112,000 --a------ C:\WINDOWS\MicCal.exe
2007-01-03 20:16 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-03 20:16 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-03 20:16 14,720,000 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-01-03 20:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-03 20:16 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2007-01-03 20:16 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2007-01-03 20:16 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2007-01-03 20:16 <DIR> d--h----- C:\Programme\InstallShield Installation Information
2007-01-03 20:16 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-01-03 20:16 <DIR> d-------- C:\Programme\Realtek
2007-01-03 20:16 <DIR> d-------- C:\Programme\Realtek
2007-01-03 20:16 <DIR> d-------- C:\Programme\Realtek
2007-01-03 20:16 <DIR> d-------- C:\Programme\Realtek
2007-01-03 20:15 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-01-03 20:15 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-03 20:15 54,272 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-03 20:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-01-03 20:15 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-03 20:15 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-03 20:15 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-03 20:15 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-01-03 20:15 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-01-03 20:15 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-01-03 20:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-01-03 20:15 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-01-03 20:15 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-01-03 20:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-01-03 20:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-01-03 20:14 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-01-03 20:14 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-01-03 20:14 7,286,784 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-01-03 20:14 573,440 --a------ C:\WINDOWS\system32\nvhwvid.dll
2007-01-03 20:14 5,378,048 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-01-03 20:14 49,792 --a------ C:\WINDOWS\system32\drivers\MicNgCap.sys
2007-01-03 20:14 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-01-03 20:14 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-01-03 20:14 45,056 --a------ C:\WINDOWS\system32\nvapi.dll
2007-01-03 20:14 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-01-03 20:14 44,544 --a------ C:\WINDOWS\system32\drivers\MicNgBas.sys
2007-01-03 20:14 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2007-01-03 20:14 34,304 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-01-03 20:14 34,304 --a------ C:\WINDOWS\system32\nvcod.dll
2007-01-03 20:14 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-01-03 20:14 335,872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-01-03 20:14 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-01-03 20:14 327,680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-01-03 20:14 323,584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-01-03 20:14 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-01-03 20:14 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-01-03 20:14 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-01-03 20:14 319,488 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-01-03 20:14 319,488 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-01-03 20:14 315,392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-01-03 20:14 315,392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-01-03 20:14 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-01-03 20:14 303,104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-01-03 20:14 303,104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-01-03 20:14 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-01-03 20:14 3,921,024 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-01-03 20:14 3,530,432 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-03 20:14 299,008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-01-03 20:14 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-01-03 20:14 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-01-03 20:14 294,912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-01-03 20:14 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-01-03 20:14 286,720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-01-03 20:14 286,720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-01-03 20:14 286,720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-01-03 20:14 282,624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-01-03 20:14 278,528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-01-03 20:14 278,528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-01-03 20:14 274,432 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-01-03 20:14 274,432 --a------ C:\WINDOWS\system32\nvrses.dll
2007-01-03 20:14 274,432 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-01-03 20:14 270,336 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-01-03 20:14 266,240 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-01-03 20:14 266,240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-01-03 20:14 266,240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-01-03 20:14 262,144 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-01-03 20:14 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-01-03 20:14 258,048 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-01-03 20:14 253,952 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-01-03 20:14 253,952 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-01-03 20:14 249,856 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-01-03 20:14 249,856 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-01-03 20:14 249,856 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-01-03 20:14 249,856 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-01-03 20:14 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-01-03 20:14 245,760 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-01-03 20:14 245,760 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-01-03 20:14 241,664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-01-03 20:14 241,664 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-01-03 20:14 241,664 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-01-03 20:14 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-01-03 20:14 217,088 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-01-03 20:14 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-01-03 20:14 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-01-03 20:14 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-03 20:14 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-03 20:14 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-01-03 20:14 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-01-03 20:14 147,456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-01-03 20:14 131,139 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-01-03 20:14 118,784 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-01-03 20:14 103,424 --a------ C:\WINDOWS\system32\drivers\MicNgTun.sys
2007-01-03 20:14 1,662,976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-01-03 20:14 1,519,616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-01-03 20:14 1,466,368 --a------ C:\WINDOWS\system32\nview.dll
2007-01-03 20:14 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-01-03 20:14 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-01-03 20:14 <DIR> d-------- C:\WINDOWS\nview
2007-01-03 20:14 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-01-03 20:12 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-03 20:12 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-03 20:12 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-03 20:10 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-03 20:10 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-03 20:09 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-01-03 20:09 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-01-03 20:09 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-01-03 20:09 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-01-03 20:09 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-03 20:09 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-11 22:08 -------- d-------- C:\Programme\Windows Media Player
2007-01-11 22:08 -------- d-------- C:\Programme\Windows Media Player
2007-01-04 16:47 -------- d-------- C:\Programme\Internet Explorer
2007-01-04 16:47 -------- d-------- C:\Programme\Internet Explorer
2007-01-04 16:42 -------- d-------- C:\Programme\Outlook Express
2007-01-04 16:42 -------- d-------- C:\Programme\Outlook Express
2007-01-04 16:42 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2007-01-04 02:43 -------- d-------- C:\Programme\Gemeinsame Dateien
2007-01-04 02:43 -------- d-------- C:\Programme\Gemeinsame Dateien
2007-01-03 20:30 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2007-01-03 20:17 -------- d-------- C:\Programme\Messenger
2007-01-03 20:17 -------- d-------- C:\Programme\Messenger
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:02 8282112 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:56 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:55 275968 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:54 8192 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:51 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\HDReg.job
C:\WINDOWS\tasks\Registrierungserinnerung 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-13 17:53:51.31
C:\ComboFix.txt ... 07-01-13 17:53
C:\ComboFix2.txt ... 07-01-13 17:49