Ellerex net Virus

#0
12.07.2010, 21:59
Member

Beiträge: 13
#1 Moin,
nachdem ich auf diesen Link geklickt habe (bitte nicht draufklicken sonst bekommt ihr den Virus auch!!!)

http://www[Point]ellerex.net/gallery[point]php?id=1&show=img03894589006004902010.JPG

bekamm ich einen Virus. Ständig öffnet sich Internet Explorer mit irgendwelchen Werbe seiten und mein Laptop ist langsamer geworden.
Windows Defender hat ihn erkannt (TrojanDownloader:Win32/Renos.JW) , kann ihn aber nicht löschen.

Hier ist mein Logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:18, on 12.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Christian\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\CHRIST~1\AppData\Local\Temp\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [JDK5SWFMZY] C:\Users\Christian\AppData\Local\Temp\Lc1.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 7208 bytes

Wäre nett wenn ihr helfen könnt ;)
Dieser Beitrag wurde am 12.07.2010 um 22:21 Uhr von Keks10 editiert.
Seitenanfang Seitenende
12.07.2010, 22:33
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.


Bitte poste KEINE LINK mehr welcher aktiv ist!!


Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
12.07.2010, 22:49
Member

Themenstarter

Beiträge: 13
#3 OK danke ich hab erstmal Schritt 2 gemacht:

Code

OTL logfile created on: 12.07.2010 22:44:54 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 30,33 Gb Free Space | 21,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\SAMSUNG\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Users\Christian\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe (Trend Micro Inc.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.10 13:00:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 10:01:53 | 000,000,000 | ---D | M]

[2010.06.15 19:50:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.07.12 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions
[2010.06.17 13:42:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.19 15:20:07 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.06.18 21:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.08 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\da73w346.default\extensions\battlefieldheroespatcher@ea.com
[2010.06.15 20:13:47 | 000,001,819 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\da73w346.default\searchplugins\bing.xml
[2010.06.11 02:08:24 | 000,000,917 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\da73w346.default\searchplugins\conduit.xml
[2010.06.15 19:50:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\Christian\AppData\Local\Temp\Lc1.exe File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.1 217.0.43.193
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat,) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.07.12 22:40:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010.07.12 22:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.07.12 22:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.10 22:30:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2010.07.10 22:30:31 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2010.07.10 22:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.07.10 22:23:50 | 000,665,016 | ---- | C] (Crawler Inc.                                                ) -- C:\Users\Christian\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.10 18:48:06 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010.07.10 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.07.10 18:44:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Simply Super Software
[2010.07.10 18:44:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.07.10 18:44:36 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.07.10 18:44:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Simply Super Software
[2010.07.10 18:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.07.10 15:01:05 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.10 14:07:35 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Lvybec.exe
[2010.07.10 13:53:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2010.07.10 13:53:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.10 13:53:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.10 13:53:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.10 13:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.10 13:52:28 | 005,918,720 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Christian\Desktop\mbam-setup-1.45.exe
[2010.07.10 13:24:54 | 000,200,704 | ---- | C] (Electronic Arts) -- C:\Windows\Lfagia.exe
[2010.07.10 13:23:58 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Lvybeb.exe
[2010.07.10 12:58:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Neuer Ordner
[2010.07.09 21:19:11 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Lvybea.exe
[2010.07.09 21:19:01 | 000,249,344 | ---- | C] (Electronic Arts) -- C:\Windows\System32\sshnas21.dll.ren
[2010.07.06 15:36:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Games for Windows - LIVE Demos
[2010.07.06 15:34:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.06 11:05:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Rockstar Games
[2010.07.06 11:04:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.07.06 11:03:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Rockstar Games
[2010.07.06 11:03:33 | 000,000,000 | RH-D | C] -- C:\Users\Christian\AppData\Roaming\SecuROM
[2010.07.06 11:03:32 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.06 01:03:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010.07.06 01:03:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE
[2010.07.05 14:56:57 | 000,023,600 | ---- | C] (Licensed for Gebhard Software) -- C:\Windows\System32\drivers\drhard.sys
[2010.07.05 14:56:55 | 000,000,000 | ---D | C] -- C:\Programme\Dr. Hardware 2010
[2010.07.05 13:52:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\PunkBuster+Problem+FIX%2822%29
[2010.07.02 23:48:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2010.07.02 23:48:00 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2010.07.02 23:40:46 | 000,000,000 | ---D | C] -- C:\Programme\XProfan91
[2010.07.02 23:33:44 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\XLEHRBUCH
[2010.07.02 23:33:20 | 000,000,000 | ---D | C] -- C:\Programme\XLehrbuch
[2010.07.02 23:29:19 | 000,000,000 | ---D | C] -- C:\Programme\Profan2Cpp
[2010.07.01 09:44:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\ICQ
[2010.07.01 01:41:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\Battlefield Bad Company 2
[2010.06.30 18:29:01 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2010.06.30 18:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.06.30 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\GlarySoft
[2010.06.30 17:44:38 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2010.06.30 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\BFBC2
[2010.06.29 23:23:17 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.06.29 23:23:16 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.06.29 23:23:16 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.06.29 23:23:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.06.29 23:23:16 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.06.29 23:23:16 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.06.29 23:23:15 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.06.29 23:23:15 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.06.29 23:23:15 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.06.29 23:23:15 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.06.29 23:23:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.06.29 23:23:14 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.06.29 23:23:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.06.29 23:23:14 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.06.29 23:23:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.06.29 23:23:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.06.29 23:23:13 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.06.29 23:23:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.06.29 23:23:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.06.29 23:23:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.06.29 23:23:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.06.29 23:23:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.06.29 23:23:12 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.06.29 23:23:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.06.29 23:23:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.06.29 23:23:10 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.06.29 23:23:10 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.06.29 23:23:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.06.29 23:23:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.06.29 23:23:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.06.29 23:23:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.06.29 23:23:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.06.29 23:23:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.06.29 23:23:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.06.29 23:23:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.06.29 23:23:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.06.29 23:23:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.06.29 23:23:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.06.29 23:23:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.06.29 23:23:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.06.29 23:23:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.06.29 23:23:06 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.06.29 23:23:06 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.06.29 23:23:06 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.06.29 23:23:05 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.06.29 23:23:05 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.06.29 23:23:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.06.29 23:23:05 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.06.29 23:23:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.06.29 23:23:05 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.06.29 23:23:04 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.06.29 23:23:04 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.06.29 23:23:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.06.29 23:23:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.06.29 23:23:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.06.29 23:23:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.06.29 23:23:04 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.06.29 23:23:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.06.29 23:23:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.06.29 23:23:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.06.29 23:23:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.06.29 23:23:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.06.29 23:23:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.06.29 23:23:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.06.29 23:23:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.06.29 23:23:01 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.06.29 23:23:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.06.29 23:23:00 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.06.29 23:23:00 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.06.29 23:22:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.06.29 23:22:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.06.29 23:22:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.06.29 23:22:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.06.29 23:22:44 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.06.29 23:22:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.06.29 23:22:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.06.29 23:22:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.06.29 23:22:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.06.29 20:24:29 | 000,000,000 | ---D | C] -- C:\Programme\Auskalo Interactive
[2010.06.29 20:24:28 | 000,537,294 | ---- | C] (Axialis Software) -- C:\Windows\System32\Kukuxumusu ANTfermin.scr
[2010.06.29 20:24:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Axialis
[2010.06.29 13:52:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Avira
[2010.06.24 20:35:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam
[2010.06.24 20:35:43 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2010.06.24 10:04:22 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.24 10:04:22 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.24 10:04:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.06.24 10:04:16 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.06.24 10:04:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.06.24 10:03:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.24 10:03:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.24 10:03:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.23 14:21:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.23 14:21:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.22 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\TS3Client
[2010.06.22 14:53:51 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.06.22 11:47:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\FreeVideoConverter
[2010.06.22 11:33:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Converted Videos
[2010.06.22 11:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Red Kawa
[2010.06.21 19:22:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ImTOO
[2010.06.21 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\GrabPro
[2010.06.21 19:06:26 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2010.06.21 19:06:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Orbit
[2010.06.21 19:02:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2010.06.21 19:02:08 | 000,000,000 | ---D | C] -- C:\Programme\FlashGet
[2010.06.21 18:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AppSnap
[2010.06.21 18:51:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\PuchisoftDispatcher
[2010.06.21 18:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Appupdater
[2010.06.21 18:51:37 | 000,000,000 | ---D | C] -- C:\Programme\GNU
[2010.06.21 18:51:35 | 000,000,000 | ---D | C] -- C:\Programme\Appupdater
[2010.06.21 18:50:56 | 000,000,000 | ---D | C] -- C:\Programme\AppSnap
[2010.06.21 18:50:36 | 000,000,000 | ---D | C] -- C:\Programme\Puchisoft
[2010.06.19 15:20:09 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.06.19 15:20:08 | 000,000,000 | ---D | C] -- C:\Programme\XfireXO
[2010.06.19 15:19:57 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Xfire
[2010.06.19 15:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.06.19 15:19:53 | 000,000,000 | ---D | C] -- C:\Programme\Xfire
[2010.06.18 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.18 21:55:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\DVDVideoSoft
[2010.06.18 21:55:33 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.06.18 21:55:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.06.18 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\PunkBuster
[2010.06.16 19:31:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.06.16 19:30:18 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9G.DLL
[2010.06.16 15:13:13 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010.06.16 15:13:13 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010.06.16 15:13:12 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010.06.16 15:13:12 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010.06.16 15:13:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.06.16 15:13:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010.06.16 15:13:12 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010.06.16 15:13:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010.06.16 15:13:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010.06.16 15:13:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010.06.16 15:13:11 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010.06.16 15:13:11 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010.06.16 15:13:11 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010.06.16 15:13:11 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010.06.16 15:13:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010.06.16 15:13:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010.06.16 15:13:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010.06.16 15:13:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010.06.16 15:13:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010.06.16 15:13:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010.06.16 15:13:10 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010.06.16 15:13:10 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010.06.16 15:13:10 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010.06.16 15:13:10 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010.06.16 15:01:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.06.16 14:48:13 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.06.16 14:48:13 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.06.16 14:48:12 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.06.16 14:48:12 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.06.16 14:48:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.06.16 14:48:11 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.06.16 14:43:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.06.16 14:43:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.06.16 14:41:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.06.16 14:41:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.06.16 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NOS
[2010.06.16 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Adobe
[2010.06.16 14:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.16 14:26:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Battlefield Heroes
[2010.06.16 14:15:23 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010.06.16 14:15:21 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010.06.16 14:15:05 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010.06.16 14:11:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.06.16 14:10:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.16 14:10:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.06.16 14:10:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.06.16 14:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.06.16 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft Help
[2010.06.16 14:06:52 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.06.16 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.06.16 14:04:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.06.16 14:04:01 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.06.16 14:04:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.06.16 14:04:01 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.06.16 14:04:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.06.16 14:04:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.06.16 14:04:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.06.16 14:03:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.06.16 14:03:51 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.06.16 14:03:26 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.06.16 14:03:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.06.16 14:03:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.06.16 14:03:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.06.16 14:03:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.06.16 14:03:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.06.16 14:03:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.06.16 14:03:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.06.16 14:03:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.06.16 14:02:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.06.16 14:02:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.06.16 14:02:17 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.06.16 14:02:12 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.06.16 14:02:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010.06.16 14:01:58 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.06.16 14:01:57 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.06.16 14:01:51 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.06.16 14:01:51 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.06.16 14:01:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.16 14:01:40 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.06.16 14:01:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.06.16 14:01:27 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.06.16 14:01:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.06.16 14:01:24 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010.06.16 14:01:17 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.06.16 14:01:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.16 14:01:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.06.16 14:01:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.16 14:01:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.06.16 14:00:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010.06.16 14:00:15 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.06.16 14:00:10 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.06.16 13:59:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.06.16 13:59:52 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.06.16 13:59:46 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.06.16 13:59:43 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.16 13:59:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.16 13:59:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.16 13:59:42 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.16 13:59:42 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.16 13:59:42 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.06.16 13:59:42 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.06.16 13:59:42 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.16 13:59:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.16 13:59:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.16 13:59:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.16 13:59:38 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.16 13:59:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.06.16 13:59:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.06.16 13:59:25 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.06.16 13:59:25 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.06.16 13:59:25 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.06.16 13:58:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010.06.16 13:58:06 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010.06.16 13:58:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010.06.16 13:58:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.06.16 13:57:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010.06.16 13:57:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.06.16 13:57:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.06.16 13:56:49 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.06.16 13:56:49 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.06.16 13:56:48 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.06.16 13:56:48 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.06.16 13:56:48 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.06.16 13:56:48 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.06.16 13:56:48 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.06.16 13:56:48 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.06.16 13:56:48 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.06.16 13:56:11 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.06.16 13:55:11 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010.06.16 13:55:11 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010.06.16 13:55:04 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010.06.16 13:55:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010.06.16 13:55:04 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010.06.16 13:55:03 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010.06.16 13:54:54 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.16 13:54:37 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.06.16 13:54:37 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.06.16 13:54:36 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.06.16 13:54:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.06.16 13:54:32 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.06.16 13:54:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.06.16 13:54:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.06.16 13:54:30 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.06.16 13:54:20 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.06.16 13:54:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.06.16 13:54:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.06.16 13:54:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.06.16 13:54:18 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.06.16 13:31:23 | 000,000,000 | ---D | C] -- C:\Programme\EA Games
[2010.06.16 13:31:21 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.06.15 20:11:33 | 000,000,000 | R-SD | C] -- C:\Users\Christian\Documents\My Stationery
[2010.06.15 20:09:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.06.15 20:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.06.15 20:07:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.06.15 20:07:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.06.15 20:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.06.15 20:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.06.15 20:07:07 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.06.15 20:02:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.06.15 19:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Adobe
[2010.06.15 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Mozilla
[2010.06.15 19:50:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.06.15 19:49:35 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.06.15 19:49:32 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Mozilla
[2010.06.15 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.15 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\ICQ
[2010.06.15 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\AOL
[2010.06.15 19:49:17 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.06.15 16:07:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.06.15 16:07:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.06.15 16:07:53 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.06.15 16:07:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.15 16:07:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.06.15 16:07:52 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.06.15 16:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.06.15 16:03:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Macromedia
[2010.06.15 16:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.06.15 15:57:14 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.06.15 15:57:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.06.15 15:56:40 | 000,223,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.06.15 15:53:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010.06.15 15:52:57 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010.06.15 15:52:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010.06.15 15:52:56 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010.06.15 15:52:55 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.06.15 15:52:55 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.06.15 15:52:55 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010.06.15 15:52:55 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010.06.15 15:52:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010.06.15 15:51:06 | 000,000,000 | ---D | C] -- C:\Windows\WinClon
[2010.06.15 15:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.06.15 15:49:34 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2010.06.15 15:49:30 | 000,000,000 | ---D | C] -- C:\Programme\SAMSUNG
[2010.06.15 15:48:41 | 000,318,488 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010.06.15 15:47:58 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\imsmudlg.exe
[2010.06.15 15:47:58 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010.06.15 15:47:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010.06.15 15:46:23 | 000,293,392 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2010.06.15 15:46:23 | 000,113,168 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2010.06.15 15:46:23 | 000,100,880 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCProp.ax
[2010.06.15 15:46:23 | 000,076,304 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCWIA.dll
[2010.06.15 15:46:23 | 000,055,824 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkSSrv.dll
[2010.06.15 15:46:23 | 000,031,248 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
[2010.06.15 15:46:22 | 012,940,048 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\drivers\StkCPipe.sys
[2010.06.15 15:46:22 | 001,363,088 | ---- | C] (Syntek) -- C:\Windows\System32\drivers\StkCMini.sys
[2010.06.15 15:46:04 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\InstallShield
[2010.06.15 15:45:46 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.06.15 15:45:32 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010.06.15 15:45:32 | 000,193,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010.06.15 15:45:32 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010.06.15 15:45:32 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010.06.15 15:45:32 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010.06.15 15:44:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\Roaming
[2010.06.15 15:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010.06.15 15:43:50 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.06.15 15:43:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Intel
[2010.06.15 15:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010.06.15 15:43:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.06.15 15:43:03 | 000,298,496 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys
[2010.06.15 15:42:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.06.15 15:42:15 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.06.15 15:42:13 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010.06.15 15:42:12 | 006,111,232 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010.06.15 15:42:12 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.06.15 15:42:11 | 002,098,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.06.15 15:42:10 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2010.06.15 15:42:10 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2010.06.15 15:42:10 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.06.15 15:42:10 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.06.15 15:42:09 | 000,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.06.15 15:42:09 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.06.15 15:41:29 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010.06.15 15:41:29 | 000,768,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2010.06.15 15:41:29 | 000,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2010.06.15 15:41:29 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010.06.15 15:40:59 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.06.15 15:40:29 | 000,592,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010.06.15 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.06.15 15:38:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.06.15 15:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.06.15 15:33:22 | 000,000,000 | R--D | C] -- C:\Users\Christian\Searches
[2010.06.15 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Identities
[2010.06.15 15:33:11 | 000,000,000 | R--D | C] -- C:\Users\Christian\Contacts
[2010.06.15 15:33:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\VirtualStore
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Vorlagen
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Verlauf
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Temporary Internet Files
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Startmenü
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\SendTo
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Recent
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Netzwerkumgebung
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Lokale Einstellungen
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Videos
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Musik
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Eigene Dateien
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Documents\Eigene Bilder
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Druckumgebung
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Cookies
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Local\Anwendungsdaten
[2010.06.15 15:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Christian\Anwendungsdaten
[2010.06.15 15:33:07 | 000,000,000 | --SD | C] -- C:\Users\Christian\AppData\Roaming\Microsoft
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Videos
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Saved Games
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Pictures
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Music
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Links
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Favorites
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Downloads
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Documents
[2010.06.15 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Christian\Desktop
[2010.06.15 15:33:07 | 000,000,000 | -H-D | C] -- C:\Users\Christian\AppData
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Microsoft
[2010.06.15 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Media Center Programs
[2010.06.15 15:18:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.06.15 15:17:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2010.06.15 15:02:31 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010.06.15 14:34:59 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.06.15 14:34:59 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.06.15 14:34:34 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.06.15 14:34:34 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.06.15 14:34:34 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.06.15 14:34:03 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.06.15 14:34:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.06.15 14:32:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.06.15 14:32:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010.06.15 14:26:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.06.15 14:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.07.12 22:45:54 | 001,572,864 | ---- | M] () -- C:\Users\Christian\NTUSER.DAT
[2010.07.12 22:42:24 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.12 22:40:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2010.07.12 22:30:47 | 000,001,055 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2010.07.12 22:29:35 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.12 22:29:35 | 000,028,219 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.12 22:27:16 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.07.12 22:04:58 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.12 22:04:41 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.12 21:43:59 | 001,458,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.12 21:43:59 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.12 21:43:59 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.12 21:43:59 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.12 21:43:59 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.12 21:38:10 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.07.12 21:37:27 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.12 21:37:27 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.12 21:37:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.12 21:37:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.12 21:37:16 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.12 21:28:14 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000001.regtrans-ms
[2010.07.12 21:28:14 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TM.blf
[2010.07.12 21:27:55 | 002,558,865 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db
[2010.07.10 22:30:33 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.07.10 22:23:55 | 000,665,016 | ---- | M] (Crawler Inc.                                                ) -- C:\Users\Christian\Desktop\SpywareTerminator_SFTSetup_2.7.2.125.exe
[2010.07.10 14:11:36 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.07.10 14:08:08 | 000,001,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.07.10 14:07:32 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.10 13:53:03 | 005,918,720 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Christian\Desktop\mbam-setup-1.45.exe
[2010.07.10 13:48:03 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybec.exe
[2010.07.10 13:24:42 | 000,200,704 | ---- | M] (Electronic Arts) -- C:\Windows\Lfagia.exe
[2010.07.10 13:22:40 | 000,000,310 | ---- | M] () -- C:\Users\Christian\Desktop\ramplus.cmd
[2010.07.10 12:20:23 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybeb.exe
[2010.07.09 21:19:06 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybea.exe
[2010.07.09 21:19:01 | 000,249,344 | ---- | M] (Electronic Arts) -- C:\Windows\System32\sshnas21.dll.ren
[2010.07.06 11:03:32 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.05 13:52:32 | 000,139,152 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
[2010.07.02 23:48:02 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010.07.02 23:33:41 | 000,000,811 | ---- | M] () -- C:\Users\Christian\Desktop\XProfan-Lehrbuch.lnk
[2010.07.02 23:29:21 | 000,000,772 | ---- | M] () -- C:\Users\Christian\Desktop\Profan2Cpp.lnk
[2010.07.02 23:29:21 | 000,000,060 | ---- | M] () -- C:\Windows\p2cpp.ini
[2010.07.02 14:56:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 14:44:25 | 001,572,864 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT.gbck
[2010.07.02 14:44:24 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 14:44:24 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.30 18:29:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.06.30 17:44:43 | 000,000,797 | ---- | M] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
[2010.06.30 17:26:45 | 000,000,215 | ---- | M] () -- C:\Users\Christian\Desktop\Battlefield Bad Company 2.url
[2010.06.29 23:23:29 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.29 20:24:28 | 000,537,294 | ---- | M] (Axialis Software) -- C:\Windows\System32\Kukuxumusu ANTfermin.scr
[2010.06.24 20:42:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.06.22 14:53:52 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.22 13:43:06 | 000,000,310 | ---- | M] () -- C:\Users\Christian\Desktop\ramplus.bat
[2010.06.21 19:22:54 | 000,004,608 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.21 19:06:28 | 000,000,848 | ---- | M] () -- C:\Users\Christian\Desktop\Orbit.lnk
[2010.06.19 15:19:55 | 000,000,796 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010.06.19 15:19:55 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.06.18 21:55:40 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.17 20:13:40 | 000,132,675 | ---- | M] () -- C:\Users\Christian\Documents\Praktikumsmappe.docx
[2010.06.16 19:25:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.06.16 17:16:47 | 000,100,824 | ---- | M] () -- C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.16 17:15:03 | 000,370,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.16 14:25:17 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.16 14:09:16 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.06.15 19:50:12 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.15 16:07:59 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.15 15:59:47 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.15 15:57:34 | 000,000,684 | ---- | M] () -- C:\Windows\HotFixList.ini
[2010.06.15 15:51:15 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Recovery Solution III.lnk
[2010.06.15 15:49:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
[2010.06.15 15:45:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.06.15 15:42:16 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.06.15 15:42:09 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.06.15 15:35:46 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.06.15 15:33:08 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2010.06.15 15:17:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.06.15 14:27:45 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.07.12 22:30:47 | 000,001,055 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk
[2010.07.10 22:30:33 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.07.10 18:44:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.07.10 18:44:38 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.07.10 18:44:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.07.10 18:44:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.07.10 14:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.07.10 13:24:48 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.07.10 13:22:40 | 000,000,310 | ---- | C] () -- C:\Users\Christian\Desktop\ramplus.cmd
[2010.07.09 21:46:32 | 000,001,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.07.09 21:19:14 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.09 21:19:08 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.09 21:18:36 | 000,000,000 | R--- | C] () -- C:\Users\Christian\AppData\Roaming\B18NG.txt
[2010.07.09 21:18:27 | 000,000,000 | R--- | C] () -- C:\Users\Christian\AppData\Roaming\M71J6.txt
[2010.07.05 14:56:57 | 000,020,651 | ---- | C] () -- C:\Windows\System32\drivers\DRHARD.VXD
[2010.07.02 23:48:02 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010.07.02 23:33:41 | 000,000,811 | ---- | C] () -- C:\Users\Christian\Desktop\XProfan-Lehrbuch.lnk
[2010.07.02 23:29:21 | 000,000,772 | ---- | C] () -- C:\Users\Christian\Desktop\Profan2Cpp.lnk
[2010.07.02 23:29:21 | 000,000,060 | ---- | C] () -- C:\Windows\p2cpp.ini
[2010.07.02 14:45:11 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000002.regtrans-ms
[2010.07.02 14:45:11 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TMContainer00000000000000000001.regtrans-ms
[2010.07.02 14:45:10 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{0596113e-85d1-11df-9e31-001377aa2182}.TM.blf
[2010.06.30 18:29:00 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.06.30 17:44:45 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.06.30 17:44:43 | 000,000,797 | ---- | C] () -- C:\Users\Christian\Desktop\Glary Utilities.lnk
[2010.06.30 17:26:45 | 000,000,215 | ---- | C] () -- C:\Users\Christian\Desktop\Battlefield Bad Company 2.url
[2010.06.29 23:23:29 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.24 20:35:45 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.06.22 14:53:52 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.22 13:43:05 | 000,000,310 | ---- | C] () -- C:\Users\Christian\Desktop\ramplus.bat
[2010.06.21 19:22:53 | 000,004,608 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.21 19:06:28 | 000,000,848 | ---- | C] () -- C:\Users\Christian\Desktop\Orbit.lnk
[2010.06.19 15:19:55 | 000,000,796 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010.06.19 15:19:55 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.06.18 21:55:40 | 000,001,032 | ---- | C] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.18 16:06:14 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.06.16 19:25:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.06.16 15:13:13 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.16 15:13:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.16 15:13:11 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010.06.16 14:25:34 | 000,139,152 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\PnkBstrK.sys
[2010.06.16 14:25:34 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.06.16 14:25:19 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.06.16 14:25:18 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.06.16 14:25:17 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.16 14:02:18 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.06.15 19:50:12 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.06.15 16:07:59 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.06.15 16:02:45 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.15 16:02:42 | 000,028,219 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.06.15 15:52:19 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2010.06.15 15:51:28 | 000,009,550 | ---- | C] () -- C:\Windows\System32\SetAutoFailover.cmd
[2010.06.15 15:51:28 | 000,000,151 | ---- | C] () -- C:\Windows\System32\SamsungSetAutoFailover.cmd
[2010.06.15 15:51:15 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution III.lnk
[2010.06.15 15:50:24 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2010.06.15 15:50:24 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2010.06.15 15:49:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01000.Wdf
[2010.06.15 15:46:23 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2010.06.15 15:46:23 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.06.15 15:45:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.06.15 15:45:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010.06.15 15:42:46 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss
[2010.06.15 15:40:58 | 000,008,429 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010.06.15 15:33:08 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.06.15 15:33:08 | 000,000,020 | -HS- | C] () -- C:\Users\Christian\ntuser.ini
[2010.06.15 15:33:07 | 001,572,864 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT.gbck
[2010.06.15 15:33:07 | 001,572,864 | ---- | C] () -- C:\Users\Christian\NTUSER.DAT
[2010.06.15 15:33:07 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.06.15 15:33:07 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 15:33:07 | 000,262,144 | -H-- | C] () -- C:\Users\Christian\ntuser.dat.LOG1
[2010.06.15 15:33:07 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 15:33:07 | 000,000,000 | -H-- | C] () -- C:\Users\Christian\ntuser.dat.LOG2
[2010.06.15 14:31:09 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010.06.18 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.21 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet
[2010.06.22 11:47:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreeVideoConverter
[2010.06.30 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GlarySoft
[2010.07.09 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GrabPro
[2010.07.12 21:38:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2010.06.21 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ImTOO
[2010.07.02 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2010.07.12 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Orbit
[2010.06.21 18:51:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PuchisoftDispatcher
[2010.07.10 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simply Super Software
[2010.07.10 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spyware Terminator
[2010.06.22 14:58:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client
[2010.07.02 23:34:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XLEHRBUCH
[2010.07.12 21:38:10 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.07.12 21:28:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.12 22:42:24 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.12 22:27:16 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.07.10 14:07:32 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Code

OTL Extras logfile created on: 12.07.2010 22:44:54 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Christian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 30,33 Gb Free Space | 21,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 143,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Users\Public\winsvrcn.exe" = C:\Users\Public\winsvrcn.exe:*:Enabled:WindowsSysControl -- File not found


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8A8BDB-E0D4-41A5-8E9B-A8337DF6564C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28543677-6928-4BF1-948A-C2E1A4190EED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{34365105-5AB5-4AF6-8DED-8EEAF95B7DE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{34A4C411-BE11-406E-8C3D-5B3819539B27}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3608F2DB-A4A2-4BAF-8D13-5C5729E46F1A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3A3462A5-FD44-452A-A00A-388D82B42141}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{3D4EA5B9-434A-46B4-B4FF-16B0079A1ADE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3F87B529-69C8-4353-9CE6-221627B66B00}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4A5ECFEC-AB56-476B-BCAC-D61CC6620E0B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4D13AE73-5A0E-4316-86CA-7270A05EC240}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{5D31DE87-B9E2-4BD7-8CD2-9C80B36704DC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{63B2AAE2-25E2-418E-92EE-142FB3F2FA78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7476A63C-F88E-442D-B6BD-23D84ECECB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{78930B2D-4BA6-42E5-A667-FE4BC5EA059F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A8E4A7A5-6931-409D-BF96-CD6D606DE3D2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B3B0E515-2453-4017-891A-6A546FE4D611}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B3BE73B1-624E-4859-9B35-AFAC0FDDE207}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{B754CC8B-850F-41C7-8282-66A6B521D499}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{C735D2A5-B68F-44CA-9D93-2153EDB41B46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{D976037C-62B7-498D-9E8F-06AC7FABA32E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{DC12DCCB-5E06-4627-BAF3-E87B5854894E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DDD4DAC5-0081-4CD2-ACF8-E7FBDCA58796}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DFA766F7-65CB-48C5-80CB-2065E8901738}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{EE309638-9DD6-492B-9245-6944FE2E260B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F2950E9C-67C1-4BAB-B7A3-D7A2CC4C36F4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FC26E6D4-3356-4AFB-9EDC-658079E07DDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{20195466-531F-4AFE-888E-8408BF6BE6A2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{2597A4EA-DEAB-456B-B775-304D807FBC67}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{4959CF94-DAF4-4035-B42A-57295E1B6A46}C:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe |
"TCP Query User{4ACEF9BE-A95F-4539-87A6-3DA5A68F9E20}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{56742EFD-8282-4E56-91C8-7C8C183D5EDF}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{6428B7C7-AC79-467B-9F06-13E73F010973}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6E8E5B7D-5D5C-4B7C-8D83-56EAE67307FF}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{6F4CCF1C-5607-44B8-A085-FD37E84C9775}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{9DCBE52D-B95E-4313-A6C2-A19409F0E4BD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BEF02007-D99B-44A8-8FB6-FA59DF5E3EC7}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{EFAF39E6-640C-42C0-8B9F-8B7AFF1160F6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{23FD7059-8B58-4226-B551-02BCC1B131E2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{2BD60B68-843F-4BDF-85F2-3627CC34C8BC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{35204D69-1CEC-44C4-9E2A-A4687DA7DC6D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4CEBC7B0-F385-48D8-BA85-57D29D345450}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{4F6A5534-876F-4EE0-9D9E-0FF0B65B14E8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{679A49DB-E881-4332-8104-F28F43BB84EC}C:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kek5c2\team fortress 2\hl2.exe |
"UDP Query User{9B94F2EC-3350-496A-A1BD-39D910F06CBF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A4961E00-0BDC-4994-9950-31375DF30F67}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C244BFE9-25CC-43FB-B63F-942FCF461CF7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{D1BC21A4-DD55-4EFD-864F-948D517594EC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F03F5C3C-B74D-41B7-801B-6805600FAFEC}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.2d
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Glary Utilities_is1" = Glary Utilities 2.26.0.956
"GnuPG" = GNU Privacy Guard
"HijackThis" = HijackThis 2.0.2
"Kukuxumusu ANTfermin Screensaver" = Kukuxumusu ANTfermin Screensaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"Profan2Cpp (Testversion)_is1" = Profan2Cpp (Testversion) 2.0b
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 12210" = Grand Theft Auto IV
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XProfan 9.1 - Testversion" = XProfan 9.1 - Testversion
"XProfan-Lehrbuch_is1" = XProfan-Lehrbuch

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11.07.2010 15:19:42 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.07.2010 15:22:23 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

Error - 11.07.2010 17:04:07 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.07.2010 17:07:21 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

Error - 12.07.2010 05:58:04 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2010 06:02:24 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

Error - 12.07.2010 12:31:05 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2010 12:34:13 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

Error - 12.07.2010 15:37:38 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2010 15:40:25 | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 11.07.2010 15:19:42 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.07.2010 17:03:52 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 11.07.2010 17:04:07 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2010 05:57:42 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12.07.2010 05:58:04 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2010 12:30:52 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12.07.2010 12:31:06 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2010 15:37:27 | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12.07.2010 15:37:39 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2010 15:43:05 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
Seitenanfang Seitenende
12.07.2010, 22:50
Member

Themenstarter

Beiträge: 13
#4 Wäre es sinnvoller einfach mein System neuzuinstallieren?
Seitenanfang Seitenende
12.07.2010, 22:51
Moderator

Beiträge: 5694
#5 Das kommt auf Dich an. Also stark ist es vermutlich nicht verseucht so auf den ersten Blick. gib mir einfach bitte Bescheid. Nicht dass ich eine Anleitung schreibe für die Katze.
Seitenanfang Seitenende
12.07.2010, 22:53
Member

Themenstarter

Beiträge: 13
#6 ich hab grad mit spybot search and destroy durchgeguckt und 8 fehler gefunden.

mal gucken ob die meldung jetzt immer noch auftaucht ;)
Seitenanfang Seitenende
12.07.2010, 23:19
Member

Themenstarter

Beiträge: 13
#7 ne der virus is immer noch da -.-

es öffnen sich einfach so internetseiten mit internet eplorer (obwohl ich firefox nutze )

z.b mit dieser seite httpxxxx cat.blinkogold.de/wwf-splashTool/SEO/weather_05

ich installier jetzt mein system neu aber danke für die hilfe ;)
Seitenanfang Seitenende
12.07.2010, 23:23
Moderator

Beiträge: 5694
#8 Wir können das System bereinigen. Dann kommen diese Seiten nicht mehr.
Seitenanfang Seitenende
12.07.2010, 23:25
Member

Themenstarter

Beiträge: 13
#9 wie kann ich das denn bereinigen?

ich hab schon mehr als 10 antiviren programme etc ausprobiert, keins hat den virus gefunden -.-

system neuinstallieren wollt ich eigentlich vermeiden weil ich grade erst mit steam gta 4 (17gigabyte) runtergeladen habe...
Seitenanfang Seitenende
12.07.2010, 23:27
Moderator

Beiträge: 5694
#10 Also ich frage Dich nochmals:

Willst Du reinigen oder Neu aufsetzen??
Seitenanfang Seitenende
12.07.2010, 23:28
Member

Themenstarter

Beiträge: 13
#11 reinigen^^

siehe bearbeitung;)
Seitenanfang Seitenende
12.07.2010, 23:40
Member

Themenstarter

Beiträge: 13
#12 wie kann ich das system reinigen?
Seitenanfang Seitenende
12.07.2010, 23:56
Moderator

Beiträge: 5694
#13 Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code

Trojan Remover
Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.


Schritt 3

Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Zitat

C:\Windows\Lvybec.exe
C:\Windows\Lfagia.exe
Schritt 4

Fixen mit OTL

• Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [JDK5SWFMZY] C:\Users\Christian\AppData\Local\Temp\Lc1.exe File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat,) -  File not found
[2010.07.10 13:24:54 | 000,200,704 | ---- | C] (Electronic Arts) -- C:\Windows\Lfagia.exe
[2010.07.10 13:23:58 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Lvybeb.exe
[2010.07.09 21:19:11 | 000,206,336 | ---- | C] (ApexDC++ Development Team) -- C:\Windows\Lvybea.exe
[2010.07.09 21:19:01 | 000,249,344 | ---- | C] (Electronic Arts) -- C:\Windows\System32\sshnas21.dll.ren
[2010.07.10 13:48:03 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybec.exe
[2010.07.10 13:24:42 | 000,200,704 | ---- | M] (Electronic Arts) -- C:\Windows\Lfagia.exe
[2010.07.10 13:22:40 | 000,000,310 | ---- | M] () -- C:\Users\Christian\Desktop\ramplus.cmd
[2010.07.10 12:20:23 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybeb.exe
[2010.07.09 21:19:06 | 000,206,336 | ---- | M] (ApexDC++ Development Team) -- C:\Windows\Lvybea.exe
[2010.07.09 21:19:01 | 000,249,344 | ---- | M] (Electronic Arts) -- C:\Windows\System32\sshnas21.dll.ren
[2010.07.09 21:19:14 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.07.09 21:19:08 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.09 21:18:36 | 000,000,000 | R--- | C] () -- C:\Users\Christian\AppData\Roaming\B18NG.txt
[2010.07.09 21:18:27 | 000,000,000 | R--- | C] () -- C:\Users\Christian\AppData\Roaming\M71J6.txt
[2010.07.12 22:42:24 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.12 22:27:16 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.07.10 14:07:32 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winsvrcn.exe" =-
:Files
C:\Users\Public\winsvrcn.exe
:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[emptytemp]
• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


Schritt 5


Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:


• Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
• Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
• [color=green]Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten![/color]


Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Schritt 6

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.


Schritt 7

Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)


• Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
• Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Nach dem Prompt (>_) folgenden Text aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

Code

mbr.exe -t > C:\mbr.log & C:\mbr.log
(Enter drücken)
• Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.
Seitenanfang Seitenende
13.07.2010, 00:16
Member

Themenstarter

Beiträge: 13
#14 Schritt 3:

Code

Datei Lvybec.exe empfangen 2010.07.12 22:09:11 (UTC)
Antivirus    Version    letzte aktualisierung    Ergebnis
a-squared    5.0.0.31    2010.07.13    -
AhnLab-V3    2010.07.13.00    2010.07.12    -
AntiVir    8.2.4.10    2010.07.12    TR/Monder.djav
Antiy-AVL    2.0.3.7    2010.07.12    Trojan/Win32.Monder.gen
Authentium    5.2.0.5    2010.07.12    -
Avast    4.8.1351.0    2010.07.12    -
Avast5    5.0.332.0    2010.07.12    Win32:SuspBehav-E
AVG    9.0.0.836    2010.07.12    Generic18.AEIS
BitDefender    7.2    2010.07.13    -
CAT-QuickHeal    11.00    2010.07.12    Win32.Packed.Krap.w.4
ClamAV    0.96.0.3-git    2010.07.12    -
Comodo    5407    2010.07.12    -
DrWeb    5.0.2.03300    2010.07.12    -
eSafe    7.0.17.0    2010.07.11    -
eTrust-Vet    36.1.7700    2010.07.12    -
F-Prot    4.6.1.107    2010.07.11    -
F-Secure    9.0.15370.0    2010.07.12    Suspicious:W32/Malware!Gemini
Fortinet    4.1.143.0    2010.07.11    -
GData    21    2010.07.12    -
Ikarus    T3.1.1.84.0    2010.07.12    -
Jiangmin    13.0.900    2010.07.12    -
Kaspersky    7.0.0.125    2010.07.12    Trojan.Win32.Monder.djav
McAfee    5.400.0.1158    2010.07.12    Downloader-CEW.f
McAfee-GW-Edition    2010.1    2010.07.12    -
Microsoft    1.5902    2010.07.12    -
NOD32    5273    2010.07.12    a variant of Win32/Kryptik.FKJ
Norman    6.05.11    2010.07.12    W32/Suspicious_Gen2.BMYAS
nProtect    2010-07-12.01    2010.07.12    -
Panda    10.0.2.7    2010.07.12    Suspicious file
PCTools    7.0.3.5    2010.07.12    Trojan.FakeAV
Prevx    3.0    2010.07.13    High Risk Cloaked Malware
Rising    22.56.00.04    2010.07.12    Trojan.Win32.Generic.521D729B
Sophos    4.55.0    2010.07.12    Mal/EncPk-QP
Sunbelt    6571    2010.07.12    Trojan.Win32.Generic!BT
SUPERAntiSpyware    4.40.0.1006    2010.07.12    -
Symantec    20101.1.0.89    2010.07.12    Trojan.FakeAV!gen32
TheHacker    6.5.2.1.312    2010.07.12    -
TrendMicro    9.120.0.1004    2010.07.12    TROJ_AGENT.SMDE
TrendMicro-HouseCall    9.120.0.1004    2010.07.12    TROJ_AGENT.SMDE
VBA32    3.12.12.6    2010.07.12    Malware-Cryptor.Win32.Limpopo
ViRobot    2010.7.12.3932    2010.07.12    -
VirusBuster    5.0.27.0    2010.07.12    Trojan.Monder.Gen!Pac.4
weitere Informationen
File size: 206336 bytes
MD5...: 3c4b5b28f9a3a45bbbbab4957e6115e8
SHA1..: 1066d59e5ef1f0beab015e9f07b9017766bd5854
SHA256: 9a03c09a22837b82e087819e76aa9f89d9ac41a5920e88695a1fad3d9282d5bb
ssdeep: 3072:j0avUX9k+ZnevDqHqyHP8aWGQQXNqlyP2kDjrIKl2CVzlWPVaIKH7lPzA2X<br>CEDI7:w7tk0MDqHn9WGQQ4mDjrPzl1H7lLBy<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x6710<br>timedatestamp.....: 0x45eeabe3 (Wed Mar 07 12:11:15 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x18000 0x17800 7.56 7522a175b4f6767bfa8c34ed1194d178<br>.rdata 0x19000 0xf000 0xe200 7.99 a5498ff93d40af5a7743296eecb70b1d<br>.data 0x28000 0x12000 0x7400 7.78 49ec0ab22bd3bd6344b781b8f0863a47<br>.rsrc 0x3a000 0x6000 0x5400 3.54 7333bd93b5ae9daeb1175c534e5311ab<br><br>( 4 imports ) <br>&gt; KERNEL32.dll: DeviceIoControl, ExitProcess, ExitThread, FlushFileBuffers, FormatMessageA, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetModuleHandleA, GetOEMCP, GetPriorityClass, GetProcessAffinityMask, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, GetUserDefaultLCID, LoadLibraryA, QueryPerformanceCounter, SetEnvironmentVariableA, SetHandleCount, SetUnhandledExceptionFilter, VirtualAlloc, VirtualProtect<br>&gt; msvcrt.dll: strcpy, wcscmp, strncmp, strncat, wcscpy<br>&gt; user32.dll: SystemParametersInfoA, GetWindowRect, EnumChildWindows, DrawEdge, WindowFromPoint<br>&gt; comctl32.dll: CreateStatusWindowA, CreatePropertySheetPageA, CreateMappedBitmap, DrawStatusTextA, GetEffectiveClientRect, ShowHideMenuCtl, MenuHelp, InitCommonControls, CreateToolbarEx<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
sigcheck:<br>publisher....: ApexDC__ Development Team<br>copyright....: Based on StrongDC__<br>product......: ApexDC__<br>description..: ApexDC__<br>original name: ApexDC.exe<br>internal name: ApexDC__<br>file version.: 0, 7, 6, 0<br>comments.....: http://apexdc.net/<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=585764170008F6ED268603E4E9A80D00DE6EF85B' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=585764170008F6ED268603E4E9A80D00DE6EF85B&lt;/a&gt;


Code


Datei Lfagia.exe empfangen 2010.07.12 22:12:30 (UTC)
Antivirus    Version    letzte aktualisierung    Ergebnis
a-squared    5.0.0.31    2010.07.13    -
AhnLab-V3    2010.07.13.00    2010.07.12    -
AntiVir    8.2.4.10    2010.07.12    TR/Monder.diyv
Antiy-AVL    2.0.3.7    2010.07.12    Trojan/Win32.Monder.gen
Authentium    5.2.0.5    2010.07.12    -
Avast    4.8.1351.0    2010.07.12    Win32:Trojan-gen
Avast5    5.0.332.0    2010.07.12    Win32:Trojan-gen
AVG    9.0.0.836    2010.07.12    Generic18.ADAO
BitDefender    7.2    2010.07.13    -
CAT-QuickHeal    11.00    2010.07.12    Win32.Packed.Krap.w.4
ClamAV    0.96.0.3-git    2010.07.12    -
Comodo    5407    2010.07.12    -
DrWeb    5.0.2.03300    2010.07.12    Trojan.Siggen1.61712
eSafe    7.0.17.0    2010.07.11    -
eTrust-Vet    36.1.7700    2010.07.12    -
F-Prot    4.6.1.107    2010.07.11    -
F-Secure    9.0.15370.0    2010.07.12    Suspicious:W32/Malware!Gemini
Fortinet    4.1.143.0    2010.07.11    -
GData    21    2010.07.12    Win32:Trojan-gen
Ikarus    T3.1.1.84.0    2010.07.12    -
Jiangmin    13.0.900    2010.07.12    -
Kaspersky    7.0.0.125    2010.07.12    Trojan.Win32.Monder.diyv
McAfee    5.400.0.1158    2010.07.12    Downloader-CEW.f
McAfee-GW-Edition    2010.1    2010.07.12    -
Microsoft    1.5902    2010.07.12    -
NOD32    5273    2010.07.12    Win32/TrojanDownloader.FakeAlert.AQI
Norman    6.05.11    2010.07.12    W32/Suspicious_Gen2.BMXDI
nProtect    2010-07-12.01    2010.07.12    -
Panda    10.0.2.7    2010.07.12    Suspicious file
PCTools    7.0.3.5    2010.07.12    Trojan.FakeAV
Prevx    3.0    2010.07.13    Medium Risk Malware
Rising    22.56.00.04    2010.07.12    Trojan.Win32.Generic.521D5BC9
Sophos    4.55.0    2010.07.12    Mal/EncPk-QP
Sunbelt    6571    2010.07.12    Trojan.Win32.Generic!BT
SUPERAntiSpyware    4.40.0.1006    2010.07.12    -
Symantec    20101.1.0.89    2010.07.12    Trojan.FakeAV!gen32
TheHacker    6.5.2.1.312    2010.07.12    -
TrendMicro    9.120.0.1004    2010.07.12    TROJ_AGENT.SMDE
TrendMicro-HouseCall    9.120.0.1004    2010.07.12    TROJ_AGENT.SMDE
VBA32    3.12.12.6    2010.07.12    Malware-Cryptor.Win32.Limpopo
ViRobot    2010.7.12.3932    2010.07.12    -
VirusBuster    5.0.27.0    2010.07.12    Trojan.Monder.Gen!Pac.4
weitere Informationen
File size: 200704 bytes
MD5...: 12c407ccb3898c89c79b570d6cfbbe99
SHA1..: c876125c9d52f0647aa6b1797a7aabd16d2d9e72
SHA256: a5b0d49a5da44020493f3759a99bcf7096afa782502da366aa7af99068056e71
ssdeep: 3072:n7qsIO1ftiMVwjU5eYtAr9W7H5LdSkZjdP41EQdWr/PYKDWZR3cW:7qsIOW<br>MVtAr9W7HxbjdP41EM2/DW<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x630d<br>timedatestamp.....: 0x45ee7dfa (Wed Mar 07 08:55:22 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x18000 0x17400 7.46 12c008a95c7e0a6ddad4a10262b84193<br>.rdata 0x19000 0xe000 0xd800 7.98 2a88927d73bf8e117620b9f241c6b053<br>.data 0x27000 0x10000 0x6e00 7.76 ed0a2b2a1f40f4c1e194f4bac3829825<br>.rsrc 0x37000 0x6000 0x5200 3.59 dff8b56bac0c086097e5ba2677331e7b<br><br>( 4 imports ) <br>&gt; KERNEL32.dll: CreateThread, ExitProcess, ExitThread, FindFirstFileA, GetACP, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetModuleHandleA, GetStartupInfoA, GetStringTypeW, GetSystemTimeAsFileTime, GetTickCount, GlobalUnlock, InterlockedIncrement, IsBadReadPtr, IsBadStringPtrA, LoadLibraryA, QueryPerformanceCounter, SetErrorMode, SetUnhandledExceptionFilter, VirtualAlloc, VirtualProtect<br>&gt; msvcrt.dll: strstr, strncmp, atoi, strcmp, fwrite, wcschr<br>&gt; user32.dll: ModifyMenuA, GetWindowTextA, DrawIconEx, DrawTextA<br>&gt; comctl32.dll: GetEffectiveClientRect, InitCommonControls, ShowHideMenuCtl, CreateToolbarEx<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=FE3A252B0099C136106703000AA3B800841F2D5B' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=FE3A252B0099C136106703000AA3B800841F2D5B&lt;/a&gt;
sigcheck:<br>publisher....: Electronic Arts<br>copyright....: Copyright (C) 2003<br>product......: WorldBuilder Application<br>description..: Command And Conquer Generals World Builder<br>original name: WorldBuilder.EXE<br>internal name: WorldBuilder<br>file version.: 0, 8, 0, 0<br>comments.....: Beta - not supported by Customer Support<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Seitenanfang Seitenende
13.07.2010, 00:27
Member

Themenstarter

Beiträge: 13
#15 Schritt 4:

Code

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner not found.
C:\Programme\Trojan Remover\Trjscan.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JDK5SWFMZY deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat, deleted successfully.
C:\Windows\Lfagia.exe moved successfully.
C:\Windows\Lvybeb.exe moved successfully.
C:\Windows\Lvybea.exe moved successfully.
C:\Windows\System32\sshnas21.dll.ren moved successfully.
C:\Windows\Lvybec.exe moved successfully.
File C:\Windows\Lfagia.exe not found.
C:\Users\Christian\Desktop\ramplus.cmd moved successfully.
File C:\Windows\Lvybeb.exe not found.
File C:\Windows\Lvybea.exe not found.
File C:\Windows\System32\sshnas21.dll.ren not found.
File C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
File C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
C:\Users\Christian\AppData\Roaming\B18NG.txt moved successfully.
C:\Users\Christian\AppData\Roaming\M71J6.txt moved successfully.
File C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
File C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Public\winsvrcn.exe deleted successfully.
========== FILES ==========
File\Folder C:\Users\Public\winsvrcn.exe not found.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: 5796286 bytes
->Temporary Internet Files folder emptied: 73073980 bytes
->FireFox cache emptied: 96324085 bytes
->Flash cache emptied: 77102 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12970 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 167,00 mb

Error: Unable to interpret <Quelle: http://board.protecus.de/t39988.htm#342808#ixzz0tVcnOspI> in the current context!

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_001733

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Seitenanfang Seitenende