Home » Viren, Trojaner & Malware Forum » GMER meldet Rootkit » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

GMER meldet Rootkit

19.01.2010, 14:15

Mal

Member

Beiträge: 20

#1 GMER hat folgendes rot markiert:

Code

Module _________ BA6E8000-BA700000 (98304 bytes)
Module \systemroot\system32\drivers\H8SRTfdqxrlnrjl.sys (*** hidden *** ) B713E000-B715B000 (118784 bytes)
---- Processes - GMER 1.0.14 ----

Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [704] 0x006E0000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [960] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1300] 0x006E0000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1340] 0x006E0000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1480] 0x006E0000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1508] 0x006E0000
Library \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2984] 0x00C20000

---- EOF - GMER 1.0.14 ----

Ich habe auch OTL logfiles erstellen lassen:

Code

OTL logfile created on: 19.01.2010 01:46:11 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Documents and Settings\SN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 490,91 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 637,69 Gb Free Space | 68,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124,92 Mb Total Space | 99,33 Mb Free Space | 79,51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SN-2787FDE07518
Current User Name: SN
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\SN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\SN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CLBUDFR) -- C:\WINDOWS\system32\drivers\CLBUDFR.sys (CyberLink Corporation.)
DRV - (CLBStor) -- C:\WINDOWS\system32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Logix4u)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (xmasbus) -- C:\WINDOWS\system32\DRIVERS\xmasbus.sys ( )
DRV - (xmasscsi) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys ( )
DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc.              )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.08 14:12:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.08 14:12:41 | 00,000,000 | ---D | M]
 
[2008.06.24 05:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SN\Application Data\Mozilla\Extensions
[2010.01.17 21:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SN\Application Data\Mozilla\Firefox\Profiles\yt55ipu0.default\extensions
[2009.12.11 12:57:01 | 00,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\SN\Application Data\Mozilla\Firefox\Profiles\yt55ipu0.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.01.17 21:30:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.14 11:10:30 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.03 17:37:30 | 10,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009.09.03 17:58:36 | 00,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2009.12.18 08:47:20 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.18 08:47:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.18 08:47:20 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.18 08:47:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.18 08:47:20 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.05.21 12:43:27 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\SN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.01 23:06:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.01.19 01:45:24 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SN\Desktop\OTL.exe
[2010.01.18 19:36:29 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.01.18 18:20:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.01.18 17:40:03 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SN\Recent
[2010.01.18 17:04:54 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010.01.18 17:04:54 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010.01.18 17:04:53 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010.01.18 17:04:53 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010.01.18 17:04:53 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010.01.18 17:04:53 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010.01.18 17:04:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010.01.18 17:04:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010.01.18 17:04:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010.01.18 17:04:41 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010.01.18 17:04:41 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010.01.18 17:04:41 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010.01.18 17:04:40 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010.01.18 17:04:40 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010.01.18 17:04:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010.01.18 17:04:39 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010.01.18 17:04:39 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010.01.18 17:04:39 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010.01.18 17:04:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010.01.18 17:04:39 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010.01.18 17:04:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010.01.18 17:04:39 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010.01.18 17:04:38 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010.01.18 17:04:38 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010.01.18 17:04:38 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010.01.18 17:04:36 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010.01.18 17:04:36 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010.01.18 17:04:36 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010.01.18 17:04:36 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010.01.18 17:04:35 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010.01.18 17:04:34 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010.01.18 17:04:34 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010.01.18 17:04:34 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010.01.18 17:04:34 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010.01.18 17:04:34 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010.01.18 17:04:33 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010.01.18 17:04:33 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010.01.18 17:04:33 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010.01.18 17:04:33 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010.01.18 17:04:32 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010.01.18 17:04:31 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010.01.18 17:04:31 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010.01.18 17:04:31 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010.01.18 17:04:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010.01.18 17:04:30 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2010.01.18 17:04:29 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010.01.18 17:04:29 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010.01.18 17:04:29 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010.01.18 17:04:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010.01.18 17:04:28 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010.01.18 17:04:28 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010.01.18 17:04:28 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010.01.18 17:04:28 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010.01.18 17:04:28 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010.01.18 17:04:28 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010.01.18 17:04:28 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010.01.18 17:04:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010.01.18 17:04:27 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010.01.18 17:04:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010.01.18 17:04:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010.01.18 17:04:27 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010.01.18 17:04:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010.01.18 17:04:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010.01.18 17:04:26 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010.01.18 17:04:26 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010.01.18 17:04:26 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010.01.18 17:04:26 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010.01.18 17:04:26 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010.01.18 17:04:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010.01.18 17:04:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010.01.18 17:04:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010.01.18 17:04:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010.01.18 17:04:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010.01.18 17:04:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010.01.18 17:04:25 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010.01.18 17:04:25 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010.01.18 17:04:25 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010.01.18 17:04:25 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010.01.18 17:04:25 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010.01.18 17:04:25 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010.01.18 17:04:23 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010.01.18 17:04:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010.01.18 17:04:22 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010.01.18 17:04:22 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.01.18 17:04:22 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.01.18 17:04:22 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010.01.18 17:04:22 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010.01.18 17:04:22 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010.01.18 17:04:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010.01.18 17:04:22 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010.01.18 17:04:21 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010.01.18 17:04:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010.01.18 17:04:20 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010.01.18 17:04:20 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010.01.18 17:04:19 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010.01.18 17:04:19 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010.01.18 17:04:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010.01.18 17:04:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010.01.18 17:04:18 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010.01.18 17:04:17 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010.01.18 17:04:17 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010.01.18 17:04:17 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010.01.18 17:04:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010.01.18 17:04:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010.01.18 17:04:16 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010.01.18 17:04:16 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010.01.18 17:04:16 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010.01.18 17:04:15 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010.01.18 17:04:15 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010.01.18 17:04:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010.01.18 17:04:14 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010.01.18 17:04:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010.01.18 17:04:14 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010.01.18 17:04:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010.01.18 17:04:12 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010.01.18 17:04:12 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010.01.18 17:04:11 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010.01.18 17:04:10 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010.01.18 17:04:09 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010.01.18 17:04:07 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010.01.18 17:04:07 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010.01.18 17:04:06 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010.01.18 17:04:02 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010.01.18 17:04:02 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010.01.18 17:04:02 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010.01.18 17:04:02 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010.01.18 17:04:02 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010.01.18 17:04:01 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010.01.18 17:04:01 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010.01.18 17:04:00 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010.01.18 17:04:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010.01.18 17:04:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010.01.18 17:04:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010.01.18 17:03:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010.01.18 17:03:58 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010.01.18 17:03:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010.01.18 17:03:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010.01.18 17:03:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010.01.18 17:03:57 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010.01.18 17:03:57 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010.01.18 17:03:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010.01.18 17:03:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010.01.18 17:03:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010.01.18 17:03:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010.01.18 17:03:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010.01.18 17:03:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010.01.18 17:03:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010.01.18 17:03:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010.01.18 17:03:56 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010.01.18 17:03:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010.01.18 17:03:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010.01.18 17:03:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010.01.18 17:03:55 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010.01.18 17:03:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010.01.18 17:03:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010.01.18 17:03:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010.01.18 17:03:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010.01.18 17:03:55 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010.01.18 17:03:55 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010.01.18 17:03:55 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010.01.18 17:03:55 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010.01.18 17:03:54 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010.01.18 17:03:54 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010.01.18 17:03:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010.01.18 17:03:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010.01.18 17:03:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010.01.18 17:03:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010.01.18 17:03:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010.01.18 17:03:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010.01.18 17:03:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010.01.18 17:03:53 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010.01.18 17:03:52 | 00,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010.01.18 17:03:52 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010.01.18 17:03:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010.01.18 17:03:52 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010.01.18 17:03:51 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010.01.18 17:03:51 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010.01.18 17:03:51 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010.01.18 17:03:51 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010.01.18 17:03:51 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010.01.18 17:03:51 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010.01.18 17:03:50 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010.01.18 17:03:50 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010.01.18 17:03:50 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010.01.18 17:03:50 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010.01.18 17:03:50 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010.01.18 17:03:50 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010.01.18 17:03:50 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010.01.18 17:03:49 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010.01.18 17:03:49 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010.01.18 17:03:49 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010.01.18 17:03:49 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010.01.18 17:03:49 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010.01.18 17:03:49 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010.01.18 17:03:49 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010.01.18 17:03:49 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010.01.18 17:03:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010.01.18 17:03:48 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010.01.18 17:03:48 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010.01.18 17:03:48 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010.01.18 17:03:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010.01.18 17:03:48 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010.01.18 17:03:48 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010.01.18 17:03:47 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010.01.18 17:03:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010.01.18 17:03:44 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010.01.18 17:03:37 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010.01.18 17:03:37 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010.01.18 17:03:36 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010.01.18 17:03:36 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010.01.18 17:03:36 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010.01.18 17:03:36 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010.01.18 17:03:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010.01.18 17:03:36 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010.01.18 17:03:35 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010.01.18 17:03:35 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010.01.18 17:03:34 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010.01.18 17:03:34 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010.01.18 17:03:34 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010.01.18 17:03:34 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010.01.18 17:03:33 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010.01.18 17:03:33 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010.01.18 17:03:33 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010.01.18 17:03:33 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010.01.18 17:03:33 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010.01.18 17:03:33 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010.01.18 17:03:33 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010.01.18 17:03:33 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010.01.18 17:03:33 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010.01.18 17:03:33 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010.01.18 17:03:33 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010.01.18 17:03:32 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010.01.18 17:03:32 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010.01.18 17:03:32 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010.01.18 17:03:32 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010.01.18 17:03:32 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010.01.18 17:03:32 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010.01.18 17:03:32 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010.01.18 17:03:32 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010.01.18 17:03:31 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010.01.18 17:03:31 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010.01.18 17:03:31 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010.01.18 17:03:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010.01.18 17:03:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010.01.18 17:03:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010.01.18 17:03:30 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010.01.18 17:03:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010.01.18 17:03:30 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010.01.18 17:03:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010.01.18 17:03:29 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010.01.18 17:03:29 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010.01.18 17:03:29 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.01.18 17:03:29 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.01.18 17:03:29 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.01.18 17:03:29 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010.01.18 17:03:29 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010.01.18 17:03:24 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010.01.18 17:03:24 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010.01.18 17:03:23 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010.01.18 17:03:23 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010.01.18 17:03:22 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010.01.18 17:03:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010.01.18 17:03:22 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010.01.18 17:03:22 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010.01.18 17:03:21 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010.01.18 17:03:21 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010.01.18 17:03:20 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010.01.18 17:03:20 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010.01.18 17:03:20 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010.01.18 17:03:20 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010.01.18 17:03:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010.01.18 17:03:20 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010.01.18 17:03:19 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010.01.18 17:03:19 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010.01.18 17:03:19 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010.01.18 17:03:19 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010.01.18 17:03:19 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010.01.18 17:03:18 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010.01.18 17:03:18 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010.01.18 17:03:18 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010.01.18 17:03:18 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010.01.18 17:03:17 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010.01.18 17:03:17 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.01.18 17:03:17 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010.01.18 17:03:17 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010.01.18 17:03:11 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010.01.18 17:03:10 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010.01.18 17:03:10 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010.01.18 17:03:10 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010.01.18 17:03:09 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010.01.18 17:03:08 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010.01.18 17:03:08 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010.01.18 17:03:08 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010.01.18 17:03:08 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010.01.18 17:03:08 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010.01.18 17:03:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010.01.18 17:03:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010.01.18 17:03:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010.01.18 17:03:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010.01.18 17:03:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010.01.18 17:03:06 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010.01.18 17:03:06 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010.01.18 17:03:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010.01.18 17:03:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010.01.18 17:03:03 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010.01.18 17:03:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010.01.18 17:03:03 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010.01.18 17:03:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010.01.18 17:03:02 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010.01.18 17:03:02 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010.01.18 17:03:02 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010.01.18 17:03:02 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010.01.18 17:02:59 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010.01.18 17:02:59 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010.01.18 17:02:58 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010.01.18 17:02:58 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010.01.18 17:02:58 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010.01.18 17:02:58 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010.01.18 17:02:58 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010.01.18 17:02:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010.01.18 17:02:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010.01.18 17:02:57 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010.01.18 17:02:57 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010.01.18 17:02:57 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010.01.18 17:02:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010.01.18 17:02:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010.01.18 17:02:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010.01.18 17:02:56 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010.01.18 17:02:56 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010.01.18 17:02:56 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010.01.18 17:02:56 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010.01.18 17:02:56 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010.01.18 17:02:56 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010.01.18 17:02:56 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010.01.18 17:02:56 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010.01.18 17:02:55 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010.01.18 17:02:55 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010.01.18 17:02:55 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010.01.18 17:02:55 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010.01.18 17:02:55 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010.01.18 17:02:55 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010.01.18 17:02:55 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010.01.18 17:02:54 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010.01.18 17:02:54 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010.01.18 17:02:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010.01.18 17:02:54 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010.01.18 17:02:54 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010.01.18 17:02:54 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010.01.18 17:02:54 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010.01.18 17:02:53 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010.01.18 17:02:53 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010.01.18 17:02:53 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010.01.18 17:02:52 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010.01.18 17:02:48 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010.01.18 16:54:32 | 00,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\drivers\fetnd5.sys
[2010.01.18 16:51:38 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010.01.18 16:51:38 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010.01.18 16:51:38 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010.01.18 16:51:38 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010.01.18 16:13:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.01.18 16:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.01.17 19:44:55 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stu2.exe
[2010.01.04 12:40:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010.01.04 12:40:09 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010.01.04 12:40:09 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010.01.04 12:40:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010.01.04 12:40:06 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010.01.04 12:40:06 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2010.01.04 12:40:06 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010.01.04 12:40:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2010.01.04 12:40:06 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2010.01.04 12:40:06 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010.01.04 12:40:06 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2010.01.04 12:40:06 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010.01.04 12:40:05 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010.01.04 12:40:05 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2010.01.04 12:39:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010.01.04 12:39:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010.01.04 12:39:04 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010.01.04 12:39:04 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010.01.04 12:39:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010.01.04 12:39:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010.01.04 12:39:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010.01.04 12:39:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010.01.04 12:39:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010.01.04 12:39:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010.01.04 12:39:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010.01.04 12:39:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010.01.04 12:39:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010.01.04 12:39:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010.01.04 12:39:03 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010.01.04 12:39:03 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010.01.04 12:39:03 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010.01.04 12:39:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010.01.04 12:39:03 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010.01.04 12:39:03 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010.01.04 12:39:03 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010.01.04 12:39:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010.01.04 12:39:03 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010.01.04 12:39:02 | 00,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010.01.04 12:39:02 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2010.01.04 12:39:02 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010.01.04 12:39:02 | 00,139,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2010.01.04 12:39:02 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010.01.04 12:39:02 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010.01.04 12:39:02 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2010.01.04 12:39:02 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2010.01.04 12:39:01 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010.01.04 12:39:01 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010.01.04 12:39:01 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2010.01.04 12:39:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2010.01.04 12:39:01 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010.01.04 12:39:01 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2010.01.04 12:39:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2010.01.04 12:39:01 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010.01.04 12:39:01 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010.01.04 12:39:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010.01.04 12:39:01 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010.01.04 12:39:00 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010.01.04 12:39:00 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010.01.04 12:39:00 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010.01.04 12:39:00 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2010.01.04 12:39:00 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010.01.04 12:39:00 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010.01.04 12:39:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010.01.04 12:39:00 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2010.01.04 12:39:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010.01.04 12:39:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010.01.04 12:39:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010.01.04 12:39:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2009.07.16 19:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008.09.14 23:19:58 | 00,140,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasbus.sys
[2008.09.14 23:19:58 | 00,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasscsi.sys
[2008.09.14 12:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008.09.14 12:58:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008.09.14 12:58:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008.09.14 12:58:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[25 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.01.19 01:41:48 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SN\Desktop\OTL.exe
[2010.01.19 01:37:25 | 00,000,366 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010.01.19 01:37:19 | 00,088,565 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.01.19 01:37:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.19 01:37:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.19 01:37:13 | 21,458,98496 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.19 01:13:57 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\SN\NTUSER.DAT
[2010.01.19 01:13:57 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\SN\ntuser.ini
[2010.01.18 21:26:13 | 00,000,124 | ---- | M] () -- C:\Documents and Settings\SN\default.pls
[2010.01.18 21:23:59 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.18 19:36:30 | 00,000,250 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\gmer.ini
[2010.01.18 19:36:29 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2010.01.18 19:36:29 | 00,300,544 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\Tralala.dll
[2010.01.18 19:36:29 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010.01.18 19:36:29 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.01.18 19:32:58 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\Tralala.exe
[2010.01.18 19:32:58 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2010.01.18 18:51:12 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.18 18:51:12 | 00,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.18 18:51:12 | 00,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.18 18:24:42 | 02,108,572 | -H-- | M] () -- C:\Documents and Settings\SN\Local Settings\Application Data\IconCache.db
[2010.01.18 17:05:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.18 17:05:20 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.01.18 17:02:33 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.01.18 17:02:33 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.01.18 17:02:33 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.01.18 17:02:24 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.18 17:01:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.01.18 17:01:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.01.18 17:01:32 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.18 17:00:53 | 00,022,780 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.18 16:59:37 | 00,000,324 | -HS- | M] () -- C:\boot.ini
[2010.01.18 16:51:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.18 16:13:07 | 00,000,943 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\dum.lnk
[2010.01.18 16:10:01 | 00,458,306 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010.01.18 15:58:58 | 03,828,273 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\ballaballa.exe
[2010.01.18 15:19:03 | 00,524,800 | ---- | M] () -- C:\WINDOWS\System32\iebho1D.dll
[2010.01.18 15:03:56 | 00,524,800 | ---- | M] () -- C:\WINDOWS\System32\iebho.dll
[2010.01.18 10:21:47 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010.01.17 14:13:21 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010.01.16 19:44:14 | 00,145,408 | ---- | M] () -- C:\Documents and Settings\SN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.13 12:33:58 | 00,147,423 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\lost.jpg
[2010.01.10 14:33:26 | 00,004,455 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\jue4056851001404.fdf
[2010.01.05 09:18:59 | 01,656,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.01.04 14:08:11 | 00,117,624 | ---- | M] () -- C:\Documents and Settings\SN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.01.02 15:44:39 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\SN\My Documents\West cost Blues.doc
[2010.01.02 15:44:39 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\SN\My Documents\~$st cost Blues.doc
[2010.01.02 15:42:21 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\SN\Desktop\Word.lnk
[2009.12.22 11:39:25 | 00,016,384 | ---- | M] (BitLeader) -- C:\WINDOWS\System32\lgfwunis.exe
[25 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.01.18 19:36:30 | 00,000,250 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\gmer.ini
[2010.01.18 19:36:29 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2010.01.18 19:36:29 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2010.01.18 19:36:29 | 00,300,544 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\Tralala.dll
[2010.01.18 19:36:29 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010.01.18 19:36:28 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\Tralala.exe
[2010.01.18 18:20:39 | 21,458,98496 | -HS- | C] () -- C:\hiberfil.sys
[2010.01.18 17:04:46 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.01.18 17:04:17 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.01.18 17:04:17 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.01.18 17:04:16 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.01.18 17:03:59 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.01.18 17:03:58 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.01.18 17:03:51 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.01.18 17:03:50 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.01.18 17:03:48 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.01.18 17:03:40 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.01.18 17:03:35 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.01.18 17:03:31 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010.01.18 17:03:20 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.01.18 17:03:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010.01.18 17:03:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010.01.18 17:03:16 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.01.18 17:03:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010.01.18 17:03:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010.01.18 17:03:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010.01.18 17:03:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010.01.18 17:03:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010.01.18 17:03:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.01.18 17:03:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010.01.18 17:03:15 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.01.18 17:03:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010.01.18 17:03:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010.01.18 17:03:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010.01.18 17:03:13 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.01.18 17:03:13 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010.01.18 17:03:13 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010.01.18 17:03:13 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010.01.18 17:03:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010.01.18 17:03:13 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.01.18 17:03:13 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010.01.18 17:03:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010.01.18 17:03:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010.01.18 17:03:11 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.01.18 17:03:11 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.01.18 17:03:11 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.01.18 17:03:11 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.01.18 17:03:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010.01.18 17:03:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010.01.18 17:03:10 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.01.18 17:03:10 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.01.18 17:01:45 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.01.18 17:01:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.01.18 16:51:31 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010.01.18 16:51:31 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010.01.18 16:51:31 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.01.18 16:51:31 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010.01.18 16:51:31 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010.01.18 16:51:31 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010.01.18 16:51:31 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.01.18 16:51:31 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.01.18 16:51:31 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010.01.18 16:51:30 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010.01.18 16:51:30 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010.01.18 16:51:30 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.01.18 16:51:30 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010.01.18 16:51:30 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.01.18 16:51:30 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010.01.18 16:51:30 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010.01.18 16:51:30 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.01.18 16:51:30 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010.01.18 16:13:07 | 00,000,943 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\dum.lnk
[2010.01.18 16:10:31 | 03,828,273 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\ballaballa.exe
[2010.01.18 15:19:03 | 00,524,800 | ---- | C] () -- C:\WINDOWS\System32\iebho1D.dll
[2010.01.18 15:03:56 | 00,524,800 | ---- | C] () -- C:\WINDOWS\System32\iebho.dll
[2010.01.18 10:21:47 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010.01.13 12:33:57 | 00,147,423 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\lost.jpg
[2010.01.10 14:22:45 | 00,004,455 | ---- | C] () -- C:\Documents and Settings\SN\Desktop\jue4056851001404.fdf
[2010.01.04 12:39:04 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010.01.04 12:39:04 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010.01.02 15:44:39 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\SN\My Documents\West cost Blues.doc
[2010.01.02 15:44:39 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\SN\My Documents\~$st cost Blues.doc
[2009.10.06 19:17:02 | 00,000,366 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.10.02 08:30:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\CoInstaller7x.dll
[2009.10.02 08:22:23 | 00,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.08.12 07:42:17 | 00,000,012 | ---- | C] () -- C:\Documents and Settings\SN\Application Data\wiaserva.log
[2009.05.08 00:10:40 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.05.08 00:10:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.19 13:02:42 | 00,000,597 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008.06.07 11:10:38 | 00,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008.06.03 14:44:08 | 00,145,408 | ---- | C] () -- C:\Documents and Settings\SN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.03 14:41:27 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.06.03 13:34:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.03 13:20:30 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.06.03 13:20:30 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.06.03 13:20:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.06.03 13:20:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.06.03 13:20:30 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.06.03 13:20:30 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.06.02 23:19:52 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008.06.02 23:19:52 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008.06.02 23:19:52 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008.06.02 23:19:52 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008.06.02 23:19:52 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008.06.02 23:14:03 | 00,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008.06.02 22:44:51 | 00,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007.01.03 23:02:23 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.01.03 22:58:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.10.06 15:38:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.06 15:38:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.06 15:38:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.06 15:38:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.06 15:38:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.07.29 19:38:24 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005.07.01 12:14:48 | 00,000,966 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2005.07.01 09:38:06 | 00,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2005.07.01 09:37:46 | 00,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2004.12.20 17:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004.08.04 13:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
< End of report >

Code

OTL Extras logfile created on: 19.01.2010 01:46:11 - Run 1
OTL by OldTimer - Version 3.1.25.2     Folder = C:\Documents and Settings\SN\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 490,91 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 637,69 Gb Free Space | 68,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124,92 Mb Total Space | 99,33 Mb Free Space | 79,51% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SN-2787FDE07518
Current User Name: SN
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Disabled:Seb1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe" = C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod" = C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid -- (Pinnacle Systems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
"{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 CARD READER
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3938850F-423F-4C13-AC64-655387539156}" = TitleDeko
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software  1.14.19.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{690D1794-6D7C-4A55-8371-17BAC69C66CE}" = DiscAPI (Liquid)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DE1AE26-8599-4378-9F17-328B5A3984A4}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B58D3D06-1C79-48EF-AF7E-79D8629D16E0}" = phase6_197
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CEF37035-C1BB-4174-8175-1E878435F61A}" = RAPID (Liquid)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN-Karte
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Avid Liquid 7.20" = Avid Liquid 7.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"[url="http://www.ccleaner.de"]CCleaner[/url]" = [url="http://www.ccleaner.de"]CCleaner[/url] (remove only)
"CDex" = CDex extraction audio
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Forte Free" = Forte Free 2.0
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 6.0 for Liquid" = Pinnacle Hollywood FX 6.0 for Liquid
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.6
"PowerISO" = PowerISO
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"ScummVM_is1" = ScummVM 0.11.1
"SureThing CD Labeler LightScribe_is1" = SureThing CD Labeler LightScribe 5.0.581.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2010 14:32:00 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 16.01.2010 14:32:03 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 17.01.2010 16:21:29 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 17.01.2010 16:21:48 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 17.01.2010 16:21:52 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 18.01.2010 05:20:11 | Computer Name = SN-2787FDE07518 | Source = MsiInstaller | ID = 11706
Description = Produkt: phase6_197 -- Fehler 1706. Für das Produkt phase6_197 wurde
 kein Installationspaket gefunden. Wiederholen Sie die Installation und verwenden
 Sie dabei eine gültige Kopie des Installationspakets "phase6_197.msi".
 
Error - 18.01.2010 12:13:01 | Computer Name = SN-2787FDE07518 | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "select * from SnmpExtendedNotification"
 whose target class "SnmpExtendedNotification"  does not exist.  The query will be ignored.
 
Error - 18.01.2010 12:13:01 | Computer Name = SN-2787FDE07518 | Source = WinMgmt | ID = 24
Description = Event provider attempted to register query "select * from SnmpNotification"
 whose target class "SnmpNotification"  does not exist.  The query will be ignored.
 
Error - 18.01.2010 15:12:38 | Computer Name = SN-2787FDE07518 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
 module user32.dll, version 5.1.2600.2180, fault address 0x0002ec58.
 
Error - 18.01.2010 20:02:31 | Computer Name = SN-2787FDE07518 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
 module mshtml.dll, version 6.0.2900.2180, fault address 0x0009af28.
 
[ System Events ]
Error - 18.01.2010 13:43:30 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM 
Service service to connect.
 
Error - 18.01.2010 13:43:30 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
Error - 18.01.2010 13:45:45 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Planer 
service to connect.
 
Error - 18.01.2010 13:45:45 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Planer service failed to start due to the following
 error:   %%1053
 
Error - 18.01.2010 13:45:47 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM 
Service service to connect.
 
Error - 18.01.2010 13:45:47 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
Error - 18.01.2010 20:37:21 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Planer 
service to connect.
 
Error - 18.01.2010 20:37:21 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Planer service failed to start due to the following
 error:   %%1053
 
Error - 18.01.2010 20:37:23 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM 
Service service to connect.
 
Error - 18.01.2010 20:37:23 | Computer Name = SN-2787FDE07518 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
 
< End of report >

19.01.2010, 14:28

virenfinder

Member

Beiträge: 3716

#2 http://board.protecus.de/t23188.htm
bitte combofix, beachte auch den abschnitt zu combofix umbenennen, poste das log.

19.01.2010, 15:34

Mal

Member

Themenstarter

Beiträge: 20

#3 Ich hab den Abschnitt über das Umbenennen von combofix nicht gefunden?

19.01.2010, 16:16

virenfinder

Member

Beiträge: 3716

#4 http://virus-protect.org/artikel/tools/combofix3.html

19.01.2010, 18:53

Mal

Member

Themenstarter

Beiträge: 20

#5 Vielen Dank!

Hier das ComboFix log

Code

ComboFix 10-01-18.03 - SN 19.01.2010  18:31:39.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1734 [GMT 1:00]
Running from: c:\documents and settings\SN\desktop\cf.exe
Command switches used :: /killall
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\SN\Application Data\wiaserva.log
c:\documents and settings\SN\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\Documents
c:\windows\system32\2628513064.dat
c:\windows\system32\547372
c:\windows\system32\drivers\H8SRTfdqxrlnrjl.sys
c:\windows\system32\H8SRTarubvdppay.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTqbrwpxemax.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvvholirvdy.dat
c:\windows\system32\H8SRTxlojxnbmxw.dll
c:\windows\system32\H8SRTyreeutkepi.dll
c:\windows\system32\IEBHO.dll
c:\windows\system32\iebho1D.dll
c:\windows\system32\twain_32.dll

----- BITS: Possible infected sites -----

hxxp://prantsusmailm.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


(((((((((((((((((((((((((   Files Created from 2009-12-19 to 2010-01-19  )))))))))))))))))))))))))))))))
.

2010-01-18 16:03 . 2004-08-04 12:00    33792    -c--a-w-    c:\windows\system32\dllcache\lmmib2.dll
2010-01-18 16:02 . 2004-08-04 12:00    68608    -c--a-w-    c:\windows\system32\dllcache\isatq.dll
2010-01-18 15:54 . 2001-08-17 11:13    27165    ----a-w-    c:\windows\system32\drivers\fetnd5.sys
2010-01-18 15:51 . 2004-08-04 12:00    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2010-01-18 15:51 . 2004-08-04 12:00    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2010-01-18 15:51 . 2004-08-04 12:00    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2010-01-18 15:51 . 2004-08-04 12:00    13312    ----a-w-    c:\windows\system32\irclass.dll
2010-01-18 15:50 . 2010-01-18 15:50    --------    d-s---w-    c:\windows\system32\config\systemprofile\History
2010-01-18 15:13 . 2010-01-19 17:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 15:13 . 2010-01-18 15:13    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-01-18 09:26 . 2010-01-18 09:26    --------    d-s---w-    c:\windows\system32\config\systemprofile\UserData
2010-01-17 18:44 . 2004-08-04 12:00    24576    ----a-w-    c:\windows\system32\stu2.exe
2010-01-04 11:41 . 2004-08-04 12:00    221184    ----a-w-    c:\windows\system32\wmpns.dll
2010-01-04 11:39 . 2004-08-04 12:00    9728    -c--a-w-    c:\windows\system32\dllcache\reset.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 17:37 . 2009-10-06 18:16    --------    d-----w-    c:\program files\lg_fwupdate
2010-01-18 16:00 . 2008-06-01 22:17    22780    ----a-w-    c:\windows\system32\emptyregdb.dat
2010-01-16 13:24 . 2008-06-01 22:34    --------    d-----w-    c:\documents and settings\SN\Application Data\uTorrent
2010-01-16 11:24 . 2008-06-04 14:09    --------    d-----w-    c:\documents and settings\SN\Application Data\DVD Profiler
2010-01-16 11:21 . 2008-06-04 14:04    --------    d-----w-    c:\program files\DVD Profiler
2010-01-04 13:08 . 2008-06-01 22:18    117624    ----a-w-    c:\documents and settings\SN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 10:39 . 2009-10-06 18:16    16384    ----a-w-    c:\windows\system32\lgfwunis.exe
2009-12-12 17:40 . 2009-12-12 17:40    --------    d-----w-    c:\program files\Lugert Verlag
2009-12-08 12:14 . 2009-07-10 16:07    56816    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-12-01 09:28 . 2009-09-16 21:40    --------    d-----w-    c:\program files\Java
2009-12-01 09:28 . 2009-12-01 09:28    152576    ----a-w-    c:\documents and settings\SN\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-01 09:27 . 2009-12-01 09:27    79488    ----a-w-    c:\documents and settings\SN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-31 14:36 . 2009-10-31 14:36    152576    ----a-w-    c:\documents and settings\SN\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-03 16:37 . 2009-09-03 16:37    10437264    ----a-w-    c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-09-03 16:58 . 2009-09-03 16:58    107760    ----a-w-    c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-06 7700480]
"nwiz"="nwiz.exe" [2006-10-06 1617920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-22 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-10-20 210216]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 16236032]
"AlcWzrd"="ALCWZRD.EXE" [2006-10-09 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-10-2 716800]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"c:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:Seb1

R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [06.10.2009 19:10 10368]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [03.06.2008 16:54 17920]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [14.09.2008 23:19 5504]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [23.08.2008 22:56 3026]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [10.07.2009 17:07 108289]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [06.10.2009 19:10 154368]
S4 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [14.09.2008 23:19 140800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 08:39    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\SN\Application Data\Mozilla\Firefox\Profiles\yt55ipu0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 445
FF - prefs.js: network.proxy.type - 1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 18:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-01-19  18:39:43 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-19 17:39
ComboFix2.txt  2009-05-21 11:45

Pre-Run: 527.049.785.344 bytes free
Post-Run: 528.069.980.160 bytes free

- - End Of File - - B868F19BF7EFBD9E7362DB0A5ADBE9E8

19.01.2010, 18:58

virenfinder

Member

Beiträge: 3716

#6 öffne spybot, allgemein, erweitert einstellen.
dann werkzeuge, resident, teatimer abschalten, pc neu starten, gmer ausführen, log posten.

19.01.2010, 19:13

Mal

Member

Themenstarter

Beiträge: 20

#7 Als ich habe jetzt auf Advanced Mode gestellt und bei Tools Resident ausgeschaltet - ist dasa auch der teatimer?

19.01.2010, 19:38

virenfinder

Member

Beiträge: 3716

#8 ja. neu starten und gmer.

19.01.2010, 19:43

Mal

Member

Themenstarter

Beiträge: 20

#9 Hab ik -> hier das Log

Code

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2010-01-19 19:40:13
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT  BAF0C3B6                                                                                                            ZwCreateKey
SSDT  BAF0C3AC                                                                                                            ZwCreateThread
SSDT  BAF0C3BB                                                                                                            ZwDeleteKey
SSDT  BAF0C3C5                                                                                                            ZwDeleteValueKey
SSDT  BAF0C3CA                                                                                                            ZwLoadKey
SSDT  BAF0C398                                                                                                            ZwOpenProcess
SSDT  BAF0C39D                                                                                                            ZwOpenThread
SSDT  BAF0C3D4                                                                                                            ZwReplaceKey
SSDT  BAF0C3CF                                                                                                            ZwRestoreKey
SSDT  BAF0C3C0                                                                                                            ZwSetValueKey
SSDT  BAF0C3A7                                                                                                            ZwTerminateProcess

---- Registry - GMER 1.0.14 ----

Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start                                                                 1
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type                                                                  1
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath                                                             \systemroot\system32\drivers\H8SRTfdqxrlnrjl.sys
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group                                                                 file system
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules                                                               
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd                                                        \\?\globalroot\systemroot\system32\drivers\H8SRTfdqxrlnrjl.sys
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc                                                        \\?\globalroot\systemroot\system32\H8SRTqbrwpxemax.dll
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr                                                     \\?\globalroot\systemroot\system32\H8SRTvvholirvdy.dat
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf                                                     \\?\globalroot\systemroot\system32\H8SRTarubvdppay.dll
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtmsg                                                      \\?\globalroot\systemroot\system32\H8SRTyreeutkepi.dll
Reg   HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr                                                      \\?\globalroot\systemroot\system32\H8SRTxlojxnbmxw.dll
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x46 0x47 0x15 0xB0 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0xAA 0x52 0xC6 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.14 ----

19.01.2010, 19:47

virenfinder

Member

Beiträge: 3716

#10 nutze noch den tdss killer, poste das log.
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/124825-rootkit-tdss-entfernen-kaspersky-tdss-killer.html#post760397

19.01.2010, 19:48

Mal

Member

Themenstarter

Beiträge: 20

#11 Combofix hat mir übrigens die Medlung gegeben, dass ich folgende Dateien (die gesäubert werden) mitschreiben soll:

C:/windows/system32/diverses/H8SRTfdqxrlnrjl.sys
C:/windows/system32/H8SRTqbrwpxemax.dll
C:/windows/system32/H8SRTvvholirvdy.dat
C:/windows/system32/H8SRTarvbvdppay.dll
C:/windows/system32/H8SRTyreeutkepi.dll
C:/windows/system32/H8SRTxfojxmbmxw.dll

19.01.2010, 19:53

Mal

Member

Themenstarter

Beiträge: 20

#12 tdss killer hat leider nix gefunden.
Also leider hab ich beim ersten mal, als da stand, drücke beliebige Taste, gedrückt.
Ich dachte der würde erst starten - also ich glaub der hat auch beim ersten mal nix gefunden/nix anderes angezeigt...

19.01.2010, 20:00

virenfinder

Member

Beiträge: 3716

#13 kannst den tdss killer löschen.
download
www.malwarebytes.org
instalieren, updaten, registerkarte scanner, komplett scan, funde in Quarantäne, log posten + berichten wie der PC läuft.

19.01.2010, 20:02

Mal

Member

Themenstarter

Beiträge: 20

#14

bin schon dabei (bin selbst auf die Idee gekommen, auch wenn das bei Euch sicherlich nicht so gern gesehen wird).
Poste nachher das log.

Was ich merkwürdig finde, vor dem Malwarebytes Durchlauf ging Firefox noch immer nicht...
Nachher mal sehen...

19.01.2010, 20:08

virenfinder

Member

Beiträge: 3716

#15 ja, bitte nicht selbstständig rumwerkeln, sonst verliert man einfach den überblick und ich weis ja nciht was du dann evtl. entfernst etc. ff bekommen wir schon noch zum laufen.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3