Lästige Malware / Trojaner / Virus Problem |
||
---|---|---|
#0
| ||
05.08.2010, 14:32
Member
Beiträge: 20 |
||
|
||
05.08.2010, 18:25
Member
Beiträge: 420 |
#2
Hi,
1. Malwarebytes http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten. 2. OTL http://oldtimer.geekstogo.com/OTL.exe Das Programm starten und auf Run Scan klicken. Es werden zwei Logs erstellt, OTL.txt und Extras.txt, die beiden bitte posten. |
|
|
||
06.08.2010, 10:55
Member
Themenstarter Beiträge: 20 |
#3
Danke für die Antwort:
OTL logfile created on: 06.08.2010 10:36:29 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Eco_R1\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80.01 Gb Total Space | 31.65 Gb Free Space | 39.56% Space Free | Partition Type: NTFS Drive D: | 69.00 Gb Total Space | 68.91 Gb Free Space | 99.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ECO_R2 Current User Name: Eco_R1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.08.06 10:35:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\OTL.exe PRC - [2010.07.20 09:23:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.08.26 09:04:11 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.09 18:21:19 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2008.06.30 11:18:32 | 000,303,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.04.14 14:03:54 | 000,596,584 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.19 23:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2007.02.05 15:40:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Desktop Search\WindowsSearch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.08.06 10:35:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\OTL.exe MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008.04.14 13:58:14 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010.07.29 14:12:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.05 09:30:59 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3725.dll -- (Akamai) SRV - [2009.10.06 16:42:37 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2009.08.26 09:04:11 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.09 18:21:19 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.27 23:46:33 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.07.18 16:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | System | Stopped] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - [2009.12.08 14:11:31 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.09 18:21:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs) DRV - [2008.07.16 12:52:00 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.07.14 08:12:06 | 000,025,088 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (Ktp) DRV - [2008.06.19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.04.15 11:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.04.15 11:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008.03.28 17:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2008.03.27 17:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.03.11 19:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.03.10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.02.04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.02.04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2007.12.19 23:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007.09.20 11:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.07.26 20:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.01.26 12:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.ftp: "proxy.unizh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "proxy.unizh.ch" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "proxy.unizh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.unizh.ch" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.unizh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.20 09:23:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.20 09:23:15 | 000,000,000 | ---D | M] [2009.01.04 09:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\Mozilla\Extensions [2010.08.05 12:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\Mozilla\Firefox\Profiles\4r9jshdp.default\extensions [2009.09.16 10:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\Mozilla\Firefox\Profiles\4r9jshdp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.05 12:39:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.12 10:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007.05.16 11:30:04 | 000,036,864 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npSfAppM.dll [2010.07.20 09:23:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.20 09:23:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.20 09:23:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.20 09:23:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.20 09:23:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\ohydy.exe) - C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\ohydy.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.02 13:30:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.09.16 11:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6538419f-9ed5-11df-a4bd-00235436dbbe}\Shell\AutoRun\command - "" = E:\myfolder\myfile.exe -- File not found O33 - MountPoints2\{6538419f-9ed5-11df-a4bd-00235436dbbe}\Shell\open\command - "" = E:\myfolder\myfile.exe -- File not found O33 - MountPoints2\{7cfb9568-6ac6-11de-a3bc-00235436dbbe}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe O33 - MountPoints2\{e2af07f6-b025-11de-a402-00235436dbbe}\Shell\AutoRun\command - "" = myfolder\myfile.exe O33 - MountPoints2\{e2af07f6-b025-11de-a402-00235436dbbe}\Shell\open\command - "" = myfolder\myfile.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.08.06 10:35:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\OTL.exe [2010.08.05 14:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010.08.05 14:11:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Eigene Dateien\Downloads [2010.08.05 14:10:55 | 000,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys [2010.07.29 15:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\WINDOWS [2010.07.29 14:21:21 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player [2010.07.29 14:18:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe AIR [2010.07.29 13:41:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Adobe CS4 [2010.07.29 13:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Photoshop [2010.07.29 09:13:03 | 000,000,000 | ---D | C] -- C:\pwt [2010.07.28 17:05:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\Malwarebytes [2010.07.28 17:05:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.28 17:05:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.28 17:05:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.28 17:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.28 17:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\bccwpefqw [2010.07.28 16:13:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\oubxswwrp [2010.07.27 14:28:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Kopie von Sebastian@Henrik [2010.07.12 10:58:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.12 10:44:20 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.12 10:44:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.07.12 10:44:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.07.12 10:44:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.10 21:39:42 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2010.07.10 21:39:42 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2010.07.10 21:39:42 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2010.07.10 21:39:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2010.07.10 21:39:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2010.07.10 20:59:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.07.10 20:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.07.10 20:48:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2010.07.10 20:47:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys [2010.07.10 20:47:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll [2010.07.10 20:47:19 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll [2010.07.10 20:45:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2010.07.10 20:45:52 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC [2010.07.10 20:45:50 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll [2010.07.10 20:45:50 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll [2010.07.10 20:45:50 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl [2010.07.10 20:45:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll [2010.07.10 20:45:50 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll [2010.07.10 20:45:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe [2010.07.10 20:45:50 | 000,000,000 | R--D | C] -- C:\Programme [2010.07.10 20:45:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines [2010.07.10 20:45:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared [2010.07.10 20:45:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien [2010.07.10 20:45:48 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll [2010.07.10 20:45:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll [2010.07.10 20:45:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll [2010.07.10 20:45:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll [2010.07.10 20:45:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll [2010.07.10 20:45:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll [2010.07.10 20:45:43 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll [2010.07.10 20:45:43 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll [2010.07.10 20:45:43 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll [2010.07.10 20:45:43 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll [2010.07.10 20:45:43 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll [2010.07.10 20:45:43 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll [2010.07.10 20:45:43 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010.07.10 20:45:43 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2010.07.10 20:45:43 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL [2010.07.10 20:45:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010.07.10 20:45:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2010.07.10 20:45:43 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV [2010.07.10 20:45:43 | 000,009,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL [2010.07.10 20:45:43 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV [2010.07.10 20:45:43 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV [2010.07.10 20:45:43 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV [2010.07.10 20:45:42 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV [2010.07.10 20:45:42 | 000,127,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL [2010.07.10 20:45:42 | 000,109,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL [2010.07.10 20:45:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL [2010.07.10 20:45:42 | 000,073,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV [2010.07.10 20:45:42 | 000,070,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL [2010.07.10 20:45:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL [2010.07.10 20:45:42 | 000,033,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL [2010.07.10 20:45:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV [2010.07.10 20:45:42 | 000,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV [2010.07.10 20:45:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL [2010.07.10 20:45:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2010.07.10 20:45:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe [2010.07.10 20:45:42 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys [2010.07.10 20:45:42 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL [2010.07.10 20:45:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll [2010.07.10 20:45:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll [2010.07.10 20:45:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL [2010.07.10 20:45:42 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV [2010.07.10 20:45:42 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV [2010.07.10 20:45:42 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV [2010.07.10 20:45:42 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK [2010.07.10 20:45:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll [2010.07.10 20:45:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü [2010.07.10 20:45:29 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente [2010.07.10 20:45:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen [2010.07.10 20:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten [2010.07.10 20:45:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2010.07.10 20:45:22 | 000,000,000 | ---D | C] -- C:\Programme\Eee Storage [2010.07.10 20:45:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2010.07.10 20:45:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2010.07.10 20:45:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft [2010.07.10 20:45:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten [2010.07.10 20:44:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen [2010.07.10 20:37:50 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.07.10 20:36:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010.07.10 20:31:14 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [2010.07.10 20:30:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2010.07.10 20:24:04 | 000,000,000 | ---D | C] -- C:\Programme\Sun [2010.07.10 20:23:41 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.10 20:23:16 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.07.10 20:23:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.07.10 20:22:56 | 000,000,000 | ---D | C] -- C:\adabas [2010.07.10 20:19:52 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll [2010.07.10 20:16:35 | 000,000,000 | ---D | C] -- C:\Programme\Asus [2010.07.10 20:16:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2010.07.10 20:14:43 | 000,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll [2010.07.10 20:14:43 | 000,089,896 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys [2010.07.10 20:14:43 | 000,047,272 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys [2010.07.10 20:14:43 | 000,037,032 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwmodem.sys [2010.07.10 20:14:42 | 000,990,632 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys [2010.07.10 20:14:42 | 000,156,392 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwdndis.sys [2010.07.10 20:14:42 | 000,057,384 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys [2010.07.10 20:14:42 | 000,037,160 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btport.sys [2010.07.10 20:14:41 | 000,534,440 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys [2010.07.10 20:14:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys [2010.07.10 20:14:32 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM [2010.07.10 20:14:26 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys [2010.07.10 20:14:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2010.07.10 20:14:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax [2010.07.10 20:14:22 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys [2010.07.10 20:14:19 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys [2010.07.10 20:14:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys [2010.07.10 20:14:10 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys [2010.07.10 20:14:07 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2010.07.10 20:14:05 | 000,625,024 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2860.sys [2010.07.10 20:14:04 | 000,000,000 | ---D | C] -- C:\Programme\RALINK [2010.07.10 20:13:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2010.07.10 20:13:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax [2010.07.10 20:13:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2010.07.10 20:13:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax [2010.07.10 20:13:56 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys [2010.07.10 20:13:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2010.07.10 20:13:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax [2010.07.10 20:13:56 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2010.07.10 20:13:56 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll [2010.07.10 20:13:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2010.07.10 20:13:55 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax [2010.07.10 20:13:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax [2010.07.10 20:13:55 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax [2010.07.10 20:13:52 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2010.07.10 20:13:35 | 000,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS [2010.07.10 20:13:34 | 000,000,000 | ---D | C] -- C:\Programme\EeePC [2010.07.10 20:13:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e [2010.07.10 20:12:36 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc [2010.07.10 20:12:35 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc [2010.07.10 20:12:35 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc [2010.07.10 20:12:35 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc [2010.07.10 20:12:35 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc [2010.07.10 20:12:35 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc [2010.07.10 20:12:35 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc [2010.07.10 20:12:35 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc [2010.07.10 20:12:35 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll [2010.07.10 20:12:35 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll [2010.07.10 20:12:34 | 005,854,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2010.07.10 20:12:34 | 001,670,144 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll [2010.07.10 20:12:34 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll [2010.07.10 20:12:34 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc [2010.07.10 20:12:34 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc [2010.07.10 20:12:34 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe [2010.07.10 20:12:34 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc [2010.07.10 20:12:34 | 000,102,400 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll [2010.07.10 20:12:34 | 000,048,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll [2010.07.10 20:12:33 | 002,334,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll [2010.07.10 20:12:33 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe [2010.07.10 20:12:33 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc [2010.07.10 20:12:33 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc [2010.07.10 20:12:33 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc [2010.07.10 20:12:33 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc [2010.07.10 20:12:33 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe [2010.07.10 20:12:33 | 000,151,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll [2010.07.10 20:12:32 | 002,643,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll [2010.07.10 20:12:32 | 000,208,896 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll [2010.07.10 20:12:32 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll [2010.07.10 20:12:32 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc [2010.07.10 20:12:32 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc [2010.07.10 20:12:32 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc [2010.07.10 20:12:32 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc [2010.07.10 20:12:32 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc [2010.07.10 20:12:32 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc [2010.07.10 20:12:32 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc [2010.07.10 20:12:32 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc [2010.07.10 20:12:32 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc [2010.07.10 20:12:32 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc [2010.07.10 20:12:32 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll [2010.07.10 20:12:32 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl [2010.07.10 20:12:32 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc [2010.07.10 20:12:32 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc [2010.07.10 20:12:31 | 003,293,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll [2010.07.10 20:12:30 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe [2010.07.10 20:12:30 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2010.07.10 20:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2010.07.10 20:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010.07.10 20:11:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll [2010.07.10 20:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.07.10 20:11:29 | 000,000,000 | ---D | C] -- C:\Intel [2010.07.10 20:11:28 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys [2010.07.10 20:11:23 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys [2010.07.10 20:11:21 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys [2010.07.10 20:11:19 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys [2010.07.10 20:11:17 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys [2010.07.10 20:11:15 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys [2010.07.10 20:11:14 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys [2010.07.10 20:11:12 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys [2010.07.10 20:11:10 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys [2010.07.10 20:11:08 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys [2010.07.10 20:11:04 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys [2010.07.10 20:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2010.07.10 20:10:55 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2010.07.10 20:10:55 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys [2010.07.10 20:10:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2010.07.10 20:10:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax [2010.07.10 20:10:55 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2010.07.10 20:10:55 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys [2010.07.10 20:10:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2010.07.10 20:10:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll [2010.07.10 20:10:42 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2010.07.10 20:10:39 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2010.07.10 20:10:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2010.07.10 20:07:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2010.07.10 20:07:25 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Toolbar [2010.07.10 20:06:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010.07.10 20:05:46 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller [2010.07.10 20:05:44 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.07.10 20:05:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller [2010.07.10 20:05:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2010.07.10 20:04:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2010.07.10 20:04:02 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2010.07.10 20:04:02 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2010.07.10 20:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010.07.10 20:04:01 | 000,018,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2010.07.10 20:04:01 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2010.07.10 20:04:01 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2010.07.10 19:59:33 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010.07.10 19:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010.07.10 19:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2010.07.10 19:56:14 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2010.07.10 19:55:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2010.07.10 19:55:53 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2010.07.10 19:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.07.10 19:55:51 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2010.07.10 19:55:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.07.10 19:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2010.07.10 19:55:49 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.07.10 19:54:55 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2010.07.10 19:54:54 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2010.07.10 19:54:54 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2010.07.10 19:54:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2010.07.10 19:54:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2010.07.10 19:54:47 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2010.07.10 19:54:47 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2010.07.10 19:54:47 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2010.07.10 19:54:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2010.07.10 19:54:43 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll [2010.07.10 19:54:43 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll [2010.07.10 19:54:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2010.07.10 19:54:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2010.07.10 19:54:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe [2010.07.10 19:54:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2010.07.10 19:54:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll [2010.07.10 19:54:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2010.07.10 19:54:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2010.07.10 19:54:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe [2010.07.10 19:54:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe [2010.07.10 19:54:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2010.07.10 19:54:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2010.07.10 19:54:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2010.07.10 19:54:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2010.07.10 19:54:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2010.07.10 19:54:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2010.07.10 19:54:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2010.07.10 19:54:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2010.07.10 19:54:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2010.07.10 19:54:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2010.07.10 19:54:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2010.07.10 19:54:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2010.07.10 19:54:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2010.07.10 19:54:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2010.07.10 19:54:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2010.07.10 19:54:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2010.07.10 19:54:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2010.07.10 19:54:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2010.07.10 19:54:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2010.07.10 19:54:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2010.07.10 19:54:36 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.07.10 19:54:36 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.07.10 19:54:36 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2010.07.10 19:54:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2010.07.10 19:54:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2010.07.10 19:54:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2010.07.10 19:54:33 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2010.07.10 19:54:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2010.07.10 19:54:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2010.07.10 19:54:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2010.07.10 19:54:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2010.07.10 19:54:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2010.07.10 19:54:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2010.07.10 19:54:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe [2010.07.10 19:54:10 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2010.07.10 19:54:10 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2010.07.10 19:54:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2010.07.10 19:54:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2010.07.10 19:54:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll [2010.07.10 19:54:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll [2010.07.10 19:54:08 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll [2010.07.10 19:54:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2010.07.10 19:54:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.07.10 19:54:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.07.10 19:54:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.07.10 19:54:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll [2010.07.10 19:54:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll [2010.07.10 19:54:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll [2010.07.10 19:54:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll [2010.07.10 19:54:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2010.07.10 19:54:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll [2010.07.10 19:54:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.07.10 19:54:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll [2010.07.10 19:54:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll [2010.07.10 19:53:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll [2010.07.10 19:53:50 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll [2010.07.10 19:53:50 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll [2010.07.10 19:53:50 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll [2010.07.10 19:53:50 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe [2010.07.10 19:53:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll [2010.07.10 19:53:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll [2010.07.10 19:53:50 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll [2010.07.10 19:53:49 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll [2010.07.10 19:53:49 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe [2010.07.10 19:53:49 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll [2010.07.10 19:53:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll [2010.07.10 19:53:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2010.07.10 19:53:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll [2010.07.10 19:53:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll [2010.07.10 19:53:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll [2010.07.10 19:53:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2010.07.10 19:53:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll [2010.07.10 19:53:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll [2010.07.10 19:53:48 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll [2010.07.10 19:53:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe [2010.07.10 19:53:48 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2010.07.10 19:53:48 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2010.07.10 19:53:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2010.07.10 19:53:47 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll [2010.07.10 19:53:47 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2010.07.10 19:53:47 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2010.07.10 19:53:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2010.07.10 19:53:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll [2010.07.10 19:53:46 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe [2010.07.10 19:53:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2010.07.10 19:53:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe [2010.07.10 19:53:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll [2010.07.10 19:53:45 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2010.07.10 19:53:45 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2010.07.10 19:53:45 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2010.07.10 19:53:45 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2010.07.10 19:53:44 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll [2010.07.10 19:53:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2010.07.10 19:53:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2010.07.10 19:53:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2010.07.10 19:53:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2010.07.10 19:53:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2010.07.10 19:53:31 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll [2010.07.10 19:53:31 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.07.10 19:53:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2010.07.10 19:53:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.07.10 19:53:23 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2010.07.10 19:53:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll [2010.07.10 19:53:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2010.07.10 19:53:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2010.07.10 19:53:17 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2010.07.10 19:53:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2010.07.10 19:53:16 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2010.07.10 19:53:16 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2010.07.10 19:53:12 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2010.07.10 19:53:11 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2010.07.10 19:53:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2010.07.10 19:53:11 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2010.07.10 19:53:11 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2010.07.10 19:53:10 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2010.07.10 19:53:10 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2010.07.10 19:53:10 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2010.07.10 19:53:10 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2010.07.10 19:53:10 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2010.07.10 19:53:10 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2010.07.10 19:53:10 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2010.07.10 19:53:09 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2010.07.10 19:53:09 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2010.07.10 19:53:09 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2010.07.10 19:53:09 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2010.07.10 19:53:09 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2010.07.10 19:53:08 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2010.07.10 19:53:08 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2010.07.10 19:53:08 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2010.07.10 19:53:07 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2010.07.10 19:53:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2010.07.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Programme\xerox [2010.07.10 19:53:06 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage [2010.07.10 19:52:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll [2010.07.10 19:51:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM [2010.07.10 19:51:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2010.07.10 19:51:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2010.07.10 19:51:26 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate [2010.07.10 19:51:23 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste [2010.07.10 19:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2010.07.10 19:51:12 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe [2010.07.10 19:51:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe [2010.07.10 19:51:12 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll [2010.07.10 19:51:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll [2010.07.10 19:51:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll [2010.07.10 19:51:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll [2010.07.10 19:51:10 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll [2010.07.10 19:51:10 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll [2010.07.10 19:51:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe [2010.07.10 19:51:10 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe [2010.07.10 19:51:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe [2010.07.10 19:51:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll [2010.07.10 19:51:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll [2010.07.10 19:51:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe [2010.07.10 19:51:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste [2010.07.10 19:51:09 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll [2010.07.10 19:51:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx [2010.07.10 19:51:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe [2010.07.10 19:51:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll [2010.07.10 19:51:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll [2010.07.10 19:51:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll [2010.07.10 19:51:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll [2010.07.10 19:51:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2010.07.10 19:51:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll [2010.07.10 19:51:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll [2010.07.10 19:51:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010.07.10 19:51:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap [2010.07.10 19:51:08 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll [2010.07.10 19:51:08 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe [2010.07.10 19:51:08 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2010.07.10 19:51:08 | 000,727,614 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll [2010.07.10 19:51:08 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll [2010.07.10 19:51:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll [2010.07.10 19:51:08 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll [2010.07.10 19:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2010.07.10 19:51:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2010.07.10 19:51:07 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2010.07.10 19:51:07 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe [2010.07.10 19:51:07 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2010.07.10 19:51:07 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2010.07.10 19:51:07 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll [2010.07.10 19:51:07 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2010.07.10 19:51:07 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2010.07.10 19:51:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll [2010.07.10 19:51:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll [2010.07.10 19:51:07 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2010.07.10 19:51:07 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2010.07.10 19:51:07 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll [2010.07.10 19:51:07 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll [2010.07.10 19:51:07 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe [2010.07.10 19:51:07 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe [2010.07.10 19:51:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe [2010.07.10 19:51:07 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2010.07.10 19:51:07 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2010.07.10 19:51:07 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll [2010.07.10 19:51:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll [2010.07.10 19:51:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll [2010.07.10 19:51:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll [2010.07.10 19:51:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll [2010.07.10 19:51:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll [2010.07.10 19:51:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2010.07.10 19:51:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll [2010.07.10 19:51:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll [2010.07.10 19:51:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll [2010.07.10 19:51:07 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe [2010.07.10 19:51:06 | 004,293,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll [2010.07.10 19:51:06 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.07.10 19:51:06 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll [2010.07.10 19:51:06 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll [2010.07.10 19:51:06 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll [2010.07.10 19:51:06 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll [2010.07.10 19:51:06 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll [2010.07.10 19:51:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll [2010.07.10 19:51:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll [2010.07.10 19:51:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll [2010.07.10 19:51:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll [2010.07.10 19:51:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll [2010.07.10 19:51:06 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker [2010.07.10 19:51:02 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll [2010.07.10 19:51:02 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll [2010.07.10 19:51:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe [2010.07.10 19:51:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll [2010.07.10 19:51:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe [2010.07.10 19:51:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll [2010.07.10 19:51:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll [2010.07.10 19:51:01 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe [2010.07.10 19:51:01 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.10 19:51:01 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe [2010.07.10 19:51:01 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe [2010.07.10 19:51:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll [2010.07.10 19:51:01 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll [2010.07.10 19:51:01 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll [2010.07.10 19:51:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll [2010.07.10 19:51:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll [2010.07.10 19:51:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll [2010.07.10 19:51:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll [2010.07.10 19:51:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll [2010.07.10 19:51:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll [2010.07.10 19:51:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll [2010.07.10 19:51:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe [2010.07.10 19:51:00 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe [2010.07.10 19:51:00 | 000,385,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe [2010.07.10 19:51:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll [2010.07.10 19:51:00 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll [2010.07.10 19:51:00 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll [2010.07.10 19:51:00 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll [2010.07.10 19:51:00 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll [2010.07.10 19:51:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll [2010.07.10 19:51:00 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll [2010.07.10 19:51:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll [2010.07.10 19:51:00 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll [2010.07.10 19:51:00 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll [2010.07.10 19:51:00 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys [2010.07.10 19:51:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll [2010.07.10 19:51:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll [2010.07.10 19:51:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll [2010.07.10 19:51:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll [2010.07.10 19:51:00 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys [2010.07.10 19:51:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll [2010.07.10 19:51:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll [2010.07.10 19:51:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll [2010.07.10 19:51:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll [2010.07.10 19:51:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll [2010.07.10 19:51:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll [2010.07.10 19:51:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll [2010.07.10 19:51:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll [2010.07.10 19:51:00 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll [2010.07.10 19:51:00 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll [2010.07.10 19:51:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe [2010.07.10 19:51:00 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll [2010.07.10 19:51:00 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll [2010.07.10 19:51:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll [2010.07.10 19:51:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll [2010.07.10 19:51:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll [2010.07.10 19:51:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe [2010.07.10 19:51:00 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe [2010.07.10 19:51:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll [2010.07.10 19:51:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2010.07.10 19:50:59 | 002,532,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll [2010.07.10 19:50:59 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010.07.10 19:50:59 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll [2010.07.10 19:50:59 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll [2010.07.10 19:50:59 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll [2010.07.10 19:50:59 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll [2010.07.10 19:50:59 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll [2010.07.10 19:50:59 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll [2010.07.10 19:50:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll [2010.07.10 19:50:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll [2010.07.10 19:50:59 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll [2010.07.10 19:50:59 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll [2010.07.10 19:50:59 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2010.07.10 19:50:59 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll [2010.07.10 19:50:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll [2010.07.10 19:50:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe [2010.07.10 19:50:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll [2010.07.10 19:50:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll [2010.07.10 19:50:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll [2010.07.10 19:50:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll [2010.07.10 19:50:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe [2010.07.10 19:50:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe [2010.07.10 19:50:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll [2010.07.10 19:50:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll [2010.07.10 19:50:59 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2010.07.10 19:50:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll [2010.07.10 19:50:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll [2010.07.10 19:50:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe [2010.07.10 19:50:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe [2010.07.10 19:50:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe [2010.07.10 19:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express [2010.07.10 19:50:59 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting [2010.07.10 19:50:58 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll [2010.07.10 19:50:58 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll [2010.07.10 19:50:58 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll [2010.07.10 19:50:58 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll [2010.07.10 19:50:58 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll [2010.07.10 19:50:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll [2010.07.10 19:50:58 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe [2010.07.10 19:50:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll [2010.07.10 19:50:58 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll [2010.07.10 19:50:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll [2010.07.10 19:50:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll [2010.07.10 19:50:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe [2010.07.10 19:50:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll [2010.07.10 19:50:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll [2010.07.10 19:50:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll [2010.07.10 19:50:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll [2010.07.10 19:50:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll [2010.07.10 19:50:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll [2010.07.10 19:50:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe [2010.07.10 19:50:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll [2010.07.10 19:50:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe [2010.07.10 19:50:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll [2010.07.10 19:50:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll [2010.07.10 19:50:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll [2010.07.10 19:50:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll [2010.07.10 19:50:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll [2010.07.10 19:50:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll [2010.07.10 19:50:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll [2010.07.10 19:50:57 | 000,634,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010.07.10 19:50:57 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll [2010.07.10 19:50:57 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010.07.10 19:50:57 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll [2010.07.10 19:50:57 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll [2010.07.10 19:50:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll [2010.07.10 19:50:57 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll [2010.07.10 19:50:57 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll [2010.07.10 19:50:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll [2010.07.10 19:50:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll [2010.07.10 19:50:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb [2010.07.10 19:50:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb [2010.07.10 19:50:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb [2010.07.10 19:50:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe [2010.07.10 19:50:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb [2010.07.10 19:50:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb [2010.07.10 19:50:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll [2010.07.10 19:50:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll [2010.07.10 19:50:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll [2010.07.10 19:50:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll [2010.07.10 19:50:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll [2010.07.10 19:50:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll [2010.07.10 19:50:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll [2010.07.10 19:50:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll [2010.07.10 19:50:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll [2010.07.10 19:50:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll [2010.07.10 19:50:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll [2010.07.10 19:50:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll [2010.07.10 19:50:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll [2010.07.10 19:50:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System [2010.07.10 19:50:57 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer [2010.07.10 19:50:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2010.07.10 19:50:38 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications [2010.07.10 19:50:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2010.07.10 19:49:47 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2010.07.10 19:49:47 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player [2010.07.10 19:49:40 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll [2010.07.10 19:49:40 | 000,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll [2010.07.10 19:49:40 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll [2010.07.10 19:49:40 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll [2010.07.10 19:49:40 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll [2010.07.10 19:49:40 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe [2010.07.10 19:49:40 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe [2010.07.10 19:49:40 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe [2010.07.10 19:49:40 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll [2010.07.10 19:49:40 | 000,000,000 | ---D | C] -- C:\Programme\Messenger [2010.07.10 19:49:39 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll [2010.07.10 19:49:39 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll [2010.07.10 19:49:39 | 001,042,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll [2010.07.10 19:49:39 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll [2010.07.10 19:49:39 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll [2010.07.10 19:49:39 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll [2010.07.10 19:49:39 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll [2010.07.10 19:49:39 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe [2010.07.10 19:49:39 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe [2010.07.10 19:49:39 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll [2010.07.10 19:49:39 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe [2010.07.10 19:49:39 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll [2010.07.10 19:49:39 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll [2010.07.10 19:49:39 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll [2010.07.10 19:49:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe [2010.07.10 19:49:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe [2010.07.10 19:49:39 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll [2010.07.10 19:49:39 | 000,000,000 | ---D | C] -- C:\Programme\MSN Gaming Zone [2010.07.10 19:49:37 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll [2010.07.10 19:49:37 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll [2010.07.10 19:49:37 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2010.07.10 19:49:37 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2010.07.10 19:49:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll [2010.07.10 19:49:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll [2010.07.10 19:49:37 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll [2010.07.10 19:49:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll [2010.07.10 19:49:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll [2010.07.10 19:49:37 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll [2010.07.10 19:49:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe [2010.07.10 19:49:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe [2010.07.10 19:49:35 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll [2010.07.10 19:49:35 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll [2010.07.10 19:49:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe [2010.07.10 19:49:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe [2010.07.10 19:49:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe [2010.07.10 19:49:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2010.07.10 19:49:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe [2010.07.10 19:49:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe [2010.07.10 19:49:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe [2010.07.10 19:49:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe [2010.07.10 19:49:34 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe [2010.07.10 19:49:34 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe [2010.07.10 19:49:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe [2010.07.10 19:49:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe [2010.07.10 19:49:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll [2010.07.10 19:49:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe [2010.07.10 19:49:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe [2010.07.10 19:49:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe [2010.07.10 19:49:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe [2010.07.10 19:49:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe [2010.07.10 19:49:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe [2010.07.10 19:49:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb [2010.07.10 19:49:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe [2010.07.10 19:49:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe [2010.07.10 19:49:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe [2010.07.10 19:49:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe [2010.07.10 19:49:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe [2010.07.10 19:49:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe [2010.07.10 19:49:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe [2010.07.10 19:49:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe [2010.07.10 19:49:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe [2010.07.10 19:49:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe [2010.07.10 19:49:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll [2010.07.10 19:49:34 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe [2010.07.10 19:49:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe [2010.07.10 19:49:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe [2010.07.10 19:49:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe [2010.07.10 19:49:34 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll [2010.07.10 19:49:34 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll [2010.07.10 19:49:33 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll [2010.07.10 19:49:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll [2010.07.10 19:49:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll [2010.07.10 19:49:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb [2010.07.10 19:49:33 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll [2010.07.10 19:49:33 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll [2010.07.10 19:49:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb [2010.07.10 19:49:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll [2010.07.10 19:49:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe [2010.07.10 19:49:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe [2010.07.10 19:49:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll [2010.07.10 19:49:32 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe [2010.07.10 19:49:32 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe [2010.07.10 19:49:32 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe [2010.07.10 19:49:32 | 000,356,352 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll [2010.07.10 19:49:32 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2010.07.10 19:49:32 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2010.07.10 19:49:32 | 000,282,624 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2010.07.10 19:49:32 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll [2010.07.10 19:49:32 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe [2010.07.10 19:49:32 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2010.07.10 19:49:32 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2010.07.10 19:49:32 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe [2010.07.10 19:49:32 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe [2010.07.10 19:49:32 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe [2010.07.10 19:49:32 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll [2010.07.10 19:49:32 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe [2010.07.10 19:49:32 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe [2010.07.10 19:49:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl [2010.07.10 19:49:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl [2010.07.10 19:49:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll [2010.07.10 19:49:32 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll [2010.07.10 19:49:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll [2010.07.10 19:49:32 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT [2010.07.10 19:49:31 | 002,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll [2010.07.10 19:49:31 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe [2010.07.10 19:49:31 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll [2010.07.10 19:49:31 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2010.07.10 19:49:31 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll [2010.07.10 19:49:31 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll [2010.07.10 19:49:31 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll [2010.07.10 19:49:31 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe [2010.07.10 19:49:31 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2010.07.10 19:49:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll [2010.07.10 19:49:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2010.07.10 19:49:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll [2010.07.10 19:49:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll [2010.07.10 19:49:31 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll [2010.07.10 19:49:31 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll [2010.07.10 19:49:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe [2010.07.10 19:49:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe [2010.07.10 19:49:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe [2010.07.10 19:49:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe [2010.07.10 19:49:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll [2010.07.10 19:49:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2010.07.10 19:49:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll [2010.07.10 19:49:31 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll [2010.07.10 19:49:31 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll [2010.07.10 19:49:31 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys [2010.07.10 19:49:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe [2010.07.10 19:49:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe [2010.07.10 19:49:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll [2010.07.10 19:49:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll [2010.07.10 19:49:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe [2010.07.10 19:49:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe [2010.07.10 19:49:31 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys [2010.07.10 19:49:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll [2010.07.10 19:49:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll [2010.07.10 19:49:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2010.07.10 19:49:30 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll [2010.07.10 19:49:30 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll [2010.07.10 19:49:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll [2010.07.10 19:49:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll [2010.07.10 19:49:30 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll [2010.07.10 19:49:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll [2010.07.10 19:49:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll [2010.07.10 19:49:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll [2010.07.10 19:49:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll [2010.07.10 19:49:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll [2010.07.10 19:49:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll [2010.07.10 19:49:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll [2010.07.10 19:49:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll [2010.07.10 19:49:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll [2010.07.10 19:49:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll [2010.07.10 19:49:30 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll [2010.07.10 19:49:30 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll [2010.07.10 19:49:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll [2010.07.10 19:49:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll [2010.07.10 19:49:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll [2010.07.10 19:49:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll [2010.07.10 19:49:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll [2010.07.10 19:49:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll [2010.07.10 19:49:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe [2010.07.10 19:49:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe [2010.07.10 19:49:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe [2010.07.10 19:49:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe [2010.07.10 19:49:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe [2010.07.10 19:49:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll [2010.07.10 19:49:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll [2010.07.10 19:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2010.07.10 19:49:29 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll [2010.07.10 19:49:29 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll [2010.07.10 19:49:29 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll [2010.07.10 19:49:29 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll [2010.07.10 19:49:29 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll [2010.07.10 19:49:29 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll [2010.07.10 19:49:29 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll [2010.07.10 19:49:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll [2010.07.10 19:49:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll [2010.07.10 19:49:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll [2010.07.10 19:49:29 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe [2010.07.10 19:49:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll [2010.07.10 19:49:29 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll [2010.07.10 19:49:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll [2010.07.10 19:49:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll [2010.07.10 19:49:29 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll [2010.07.10 19:49:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll [2010.07.10 19:49:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll [2010.07.10 19:49:29 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe [2010.07.10 19:49:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe [2010.07.10 19:49:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll [2010.07.10 19:49:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll [2010.07.10 19:49:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll [2010.07.10 19:49:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll [2010.07.10 19:49:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll [2010.07.10 19:49:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll [2010.07.10 19:49:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll [2010.07.10 19:49:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll [2010.07.10 19:49:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll [2010.07.10 19:49:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll [2010.07.10 19:49:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll [2010.07.10 19:49:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll [2010.07.10 19:49:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll [2010.07.10 19:49:28 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll [2010.07.10 19:49:28 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll [2010.07.10 19:49:28 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll [2010.07.10 19:49:28 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll [2010.07.10 19:49:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll [2010.07.10 19:49:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll [2010.07.10 19:49:28 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll [2010.07.10 19:49:28 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll [2010.07.10 19:49:28 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll [2010.07.10 19:49:28 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll [2010.07.10 19:49:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll [2010.07.10 19:49:28 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll [2010.07.10 19:49:28 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll [2010.07.10 19:49:28 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll [2010.07.10 19:49:28 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll [2010.07.10 19:49:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll [2010.07.10 19:49:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll [2010.07.10 19:49:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll [2010.07.10 19:49:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll [2010.07.10 19:49:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll [2010.07.10 19:49:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll [2010.07.10 19:49:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll [2010.07.10 19:49:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll [2010.07.10 19:49:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe [2010.07.10 19:49:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll [2010.07.10 19:49:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll [2010.07.10 19:49:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll [2010.07.10 19:49:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll [2010.07.10 19:49:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.08.06 10:35:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\OTL.exe [2010.08.06 10:20:51 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2010.08.06 10:20:49 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.08.06 09:53:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.06 09:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.05 19:11:41 | 006,291,456 | -H-- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\NTUSER.DAT [2010.08.05 19:11:41 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\ntuser.ini [2010.08.05 09:48:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.02 13:31:30 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\winscp.rnd [2010.08.02 10:53:23 | 000,000,754 | ---- | M] () -- C:\WINDOWS\XSTEP.INI [2010.08.02 10:53:23 | 000,000,060 | ---- | M] () -- C:\WINDOWS\xstep32.fnt [2010.07.30 09:34:05 | 002,303,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.29 15:00:10 | 000,136,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.29 09:16:08 | 000,000,428 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Verknüpfung mit pwt.lnk [2010.07.28 18:03:21 | 001,114,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.28 18:03:21 | 000,487,708 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.28 18:03:21 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.28 18:03:21 | 000,095,546 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.28 18:03:21 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.28 17:05:44 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 12:37:30 | 003,245,450 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Master_Thesis_MF_Version1.pdf [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.24 17:59:54 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\gidle.exe [2010.07.15 10:29:07 | 000,000,198 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\vgalusr1.vr [2010.07.14 17:09:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.07.10 21:00:24 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini [2010.07.10 20:45:49 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.10 20:23:02 | 000,007,139 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services [2010.07.10 20:20:10 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2010.07.10 20:20:09 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2010.07.10 20:17:28 | 000,000,692 | ---- | M] () -- C:\WINDOWS\setup.iss [2010.07.10 20:16:35 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2010.07.10 20:14:36 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk [2010.07.10 20:10:39 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2010.07.10 20:07:12 | 000,001,821 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows Live Mail.lnk [2010.07.10 19:52:57 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.07.10 19:52:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010.07.10 19:52:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010.07.10 19:52:40 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010.07.10 19:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.07.10 19:51:40 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.07.10 19:50:54 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.07.10 19:50:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010.07.10 19:50:36 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2010.07.08 18:46:43 | 000,059,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.08.02 10:15:52 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\winscp.rnd [2010.07.29 09:16:08 | 000,000,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Verknüpfung mit pwt.lnk [2010.07.28 17:05:44 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 12:37:27 | 003,245,450 | ---- | C] () -- C:\Dokumente und Einstellungen\Eco_R1\Desktop\Master_Thesis_MF_Version1.pdf [2010.07.24 17:59:54 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\gidle.exe [2010.07.10 21:44:38 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2010.07.10 21:00:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2010.07.10 21:00:17 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf [2010.07.10 20:45:58 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2010.07.10 20:45:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.07.10 20:45:50 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2010.07.10 20:45:50 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2010.07.10 20:45:50 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2010.07.10 20:45:50 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2010.07.10 20:45:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls [2010.07.10 20:45:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls [2010.07.10 20:45:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls [2010.07.10 20:45:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls [2010.07.10 20:45:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls [2010.07.10 20:45:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls [2010.07.10 20:45:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls [2010.07.10 20:45:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls [2010.07.10 20:45:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls [2010.07.10 20:45:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls [2010.07.10 20:45:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls [2010.07.10 20:45:46 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls [2010.07.10 20:45:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls [2010.07.10 20:45:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS [2010.07.10 20:45:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls [2010.07.10 20:45:46 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls [2010.07.10 20:45:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls [2010.07.10 20:45:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls [2010.07.10 20:45:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls [2010.07.10 20:45:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls [2010.07.10 20:45:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls [2010.07.10 20:45:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls [2010.07.10 20:45:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls [2010.07.10 20:45:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls [2010.07.10 20:45:42 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010.07.10 20:45:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010.07.10 20:45:28 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2010.07.10 20:45:28 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010.07.10 20:45:28 | 000,033,765 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2010.07.10 20:45:28 | 000,021,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2010.07.10 20:45:28 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2010.07.10 20:45:28 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010.07.10 20:45:28 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2010.07.10 20:45:28 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2010.07.10 20:45:28 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010.07.10 20:45:28 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010.07.10 20:45:28 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2010.07.10 20:45:27 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010.07.10 20:45:26 | 002,039,179 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2010.07.10 20:45:26 | 000,541,174 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2010.07.10 20:44:56 | 002,303,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.10 20:20:09 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2010.07.10 20:20:08 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2010.07.10 20:17:28 | 000,000,692 | ---- | C] () -- C:\WINDOWS\setup.iss [2010.07.10 20:17:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE [2010.07.10 20:17:27 | 000,001,162 | ---- | C] () -- C:\WINDOWS\sr.VBS [2010.07.10 20:17:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\RUN.REG [2010.07.10 20:17:27 | 000,000,124 | ---- | C] () -- C:\WINDOWS\HW.VBS [2010.07.10 20:17:27 | 000,000,037 | ---- | C] () -- C:\WINDOWS\AUTO.BAT [2010.07.10 20:16:35 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2010.07.10 20:14:36 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk [2010.07.10 20:13:35 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsusACPI.inf [2010.07.10 20:12:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2010.07.10 20:12:32 | 000,026,992 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp [2010.07.10 20:12:32 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp [2010.07.10 20:10:51 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2010.07.10 20:07:12 | 000,001,821 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows Live Mail.lnk [2010.07.10 19:55:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.07.10 19:55:03 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.07.10 19:54:30 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.07.10 19:54:30 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.07.10 19:54:07 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.07.10 19:53:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2010.07.10 19:53:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2010.07.10 19:53:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2010.07.10 19:53:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2010.07.10 19:53:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2010.07.10 19:53:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2010.07.10 19:53:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2010.07.10 19:53:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2010.07.10 19:53:29 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.07.10 19:53:29 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.07.10 19:53:29 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2010.07.10 19:53:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2010.07.10 19:53:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2010.07.10 19:53:27 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.07.10 19:53:27 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2010.07.10 19:53:27 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2010.07.10 19:53:27 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2010.07.10 19:53:27 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2010.07.10 19:53:27 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.07.10 19:53:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2010.07.10 19:53:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2010.07.10 19:53:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2010.07.10 19:53:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2010.07.10 19:53:25 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.07.10 19:53:25 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.07.10 19:53:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.07.10 19:53:25 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.07.10 19:53:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2010.07.10 19:53:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2010.07.10 19:53:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2010.07.10 19:53:24 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.07.10 19:53:24 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.07.10 19:52:57 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2010.07.10 19:52:52 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2010.07.10 19:52:52 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2010.07.10 19:52:50 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2010.07.10 19:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010.07.10 19:51:40 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010.07.10 19:51:31 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010.07.10 19:51:16 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2010.07.10 19:51:12 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2010.07.10 19:51:11 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2010.07.10 19:51:10 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2010.07.10 19:51:01 | 000,380,416 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2010.07.10 19:50:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.07.10 19:49:35 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2010.07.10 19:49:35 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp [2010.07.10 19:49:35 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp [2010.07.10 19:49:35 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp [2010.07.10 19:49:35 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2010.07.10 19:49:35 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp [2010.07.10 19:49:35 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp [2010.07.10 19:49:35 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2010.07.10 19:49:35 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2010.07.10 19:49:35 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2010.07.10 19:49:35 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp [2010.07.10 19:49:35 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp [2010.07.10 19:49:35 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2010.07.10 19:49:35 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp [2010.07.10 19:49:35 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2010.07.10 19:49:35 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp [2010.07.10 19:49:35 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2010.07.10 19:49:35 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2010.07.10 19:49:35 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp [2010.07.10 19:49:34 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2010.07.10 19:49:34 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2010.07.10 19:49:34 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2010.07.10 19:49:32 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2010.04.13 16:44:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\XSTEP.INI [2010.02.16 19:42:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009.10.06 16:56:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2009.04.20 22:32:59 | 000,001,300 | ---- | C] () -- C:\WINDOWS\MultiTimer.ini [2009.03.31 21:02:54 | 000,004,212 | ---- | C] () -- C:\WINDOWS\EPFWIS.INI [2008.10.27 01:19:50 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2008.10.27 00:58:45 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.10.27 00:44:52 | 000,001,243 | ---- | C] () -- C:\WINDOWS\crchpc.INI [2008.10.27 00:40:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll [2008.10.27 00:40:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll [2008.07.08 15:59:10 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.06.19 19:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008.06.19 19:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2008.04.14 13:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini [2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 149 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD < End of report > und hier das Extras.txt: OTL Extras logfile created on: 06.08.2010 10:36:29 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Eco_R1\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80.01 Gb Total Space | 31.65 Gb Free Space | 39.56% Space Free | Partition Type: NTFS Drive D: | 69.00 Gb Total Space | 68.91 Gb Free Space | 99.87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ECO_R2 Current User Name: Eco_R1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found "C:\Programme\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe" = C:\Programme\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe:*:Enabled:ChemBio3D Ultra 11.0.1 -- (CambridgeSoft Corp.) "C:\Programme\Maple 10\jre\bin\maple.exe" = C:\Programme\Maple 10\jre\bin\maple.exe:*:Enabled:maple -- () "C:\Programme\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe" = C:\Programme\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 11.0.1 -- (CambridgeSoft Corp.) "C:\Programme\CrossFire Commander 7.1\xfdlink.exe" = C:\Programme\CrossFire Commander 7.1\xfdlink.exe:*:Enabled:CrossFire DataLink -- (Elsevier Information Systems GmbH) "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.) "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{12377A05-0062-47F9-9CB9-AAAF8C22D645}" = SciFinder Scholar 2007 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B9836F-4536-4BE7-9F06-33D6979AF4A3}" = Handbook of Chemistry & Physics "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{46471218-6964-4B04-A055-A701D29DF6C6}" = CrossFire Commander 7.1 SR2 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010 "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}" = ECAP "{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client "{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1 "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560 "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2 "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-1033-0000-7760-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708 "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010 "{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU "{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Autodesk Design Review 2011" = Autodesk Design Review 2011 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DSMT6" = MathType 6 "DWG TrueView 2010" = DWG TrueView 2010 "Elantech" = ETDWare PS/2-x86 7.0.3.7 WHQL "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008 "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Maple 10" = Maple 10 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Ortep3 for Windows_is1" = Ortep for Windows v2.02 "Platon for Windows Taskbar_is1" = Platon Taskbar 1.15 "QCAD Professional" = QCAD Professional 2.2.2.0 "VLC media player" = VLC media player 1.0.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinGX_is1" = Uninstall WinGX "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.2.7 "WMFDist11" = Windows Media Format 11 runtime [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 05.08.2010 08:05:53 | Computer Name = ECO_R2 | Source = JavaQuickStarterService | ID = 1 Description = Error - 05.08.2010 08:05:55 | Computer Name = ECO_R2 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 05.08.2010 08:05:55 | Computer Name = ECO_R2 | Source = PerfNet | ID = 2002 Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 05.08.2010 08:10:20 | Computer Name = ECO_R2 | Source = JavaQuickStarterService | ID = 1 Description = Error - 05.08.2010 08:10:22 | Computer Name = ECO_R2 | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 05.08.2010 08:10:22 | Computer Name = ECO_R2 | Source = PerfNet | ID = 2002 Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 05.08.2010 08:21:47 | Computer Name = ECO_R2 | Source = Windows Search Service | ID = 3029 Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) Error - 05.08.2010 08:21:47 | Computer Name = ECO_R2 | Source = Windows Search Service | ID = 3028 Description = Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) Error - 05.08.2010 08:21:47 | Computer Name = ECO_R2 | Source = Windows Search Service | ID = 3058 Description = Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) Error - 06.08.2010 04:21:03 | Computer Name = ECO_R2 | Source = Windows Search Service | ID = 3024 Description = Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut. Kontext: Windows Anwendung, SystemIndex Katalog [ OSession Events ] Error - 21.05.2009 10:44:41 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 433 seconds with 60 seconds of active time. This session ended with a crash. Error - 14.01.2010 18:06:23 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 423 seconds with 60 seconds of active time. This session ended with a crash. Error - 16.02.2010 13:03:28 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2747 seconds with 360 seconds of active time. This session ended with a crash. Error - 08.07.2010 11:49:33 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29753 seconds with 7500 seconds of active time. This session ended with a crash. Error - 23.07.2010 07:16:37 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1316 seconds with 1260 seconds of active time. This session ended with a crash. Error - 28.07.2010 08:52:27 | Computer Name = ECO_R2 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7843 seconds with 3300 seconds of active time. This session ended with a crash. [ System Events ] Error - 05.08.2010 08:10:30 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%2001 Error - 05.08.2010 08:10:30 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" wurde mit folgendem Fehler beendet: %%2001 Error - 05.08.2010 08:10:30 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet: %%2147952450 Error - 05.08.2010 08:10:30 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD IPSec MRxSmb NDIS NetBIOS NetBT Tcpip Error - 05.08.2010 08:10:53 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPSEC-Treiber" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.08.2010 08:10:53 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "TCP/IP-Protokolltreiber" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 05.08.2010 08:10:53 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AFD" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.08.2010 08:10:53 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "AFD" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 05.08.2010 08:21:56 | Computer Name = ECO_R2 | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Windows-Suche" wurde mit folgendem dienstspezifischem Fehler beendet: 2147749155 (0x80040D23). Error - 05.08.2010 08:22:29 | Computer Name = ECO_R2 | Source = System Error | ID = 1003 Description = Fehlercode 100000d1, 1. Parameter 00000004, 2. Parameter 00000002, 3. Parameter 00000001, 4. Parameter a42af81d. < End of report > Malwarebytes hab ich schon vor ein paar Tagen drüber laufen lassen, hier die damaligen Funde: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4363 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 28.07.2010 17:57:28 mbam-log-2010-07-28 (17-57-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 264543 Laufzeit: 47 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 2 Infizierte Dateien: 24 Infizierte Speicherprozesse: C:\WINDOWS\cndrive32.exe (Backdoor.IRCBot) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Backdoor.IRCBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\bccwpefqw\mvkdsretssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Anwendungsdaten\oubxswwrp\foqxtwhtssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\274.exe (Trojan.Buzus.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\bohvby.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\husu.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\joujbvje.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\ktktc.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\odelnrq.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BS0K595B\rvqxfn[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NVX0CKY3\hypwhc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8SUGH78\loaderadv600[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8SUGH78\pr3xyy[1].exe (Trojan.Buzus.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\P8SUGH78\rpldr32[1].exe (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q176D8CZ\bsvqbwql[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RG49NAH1\imhbjepxrz[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VO5DFN5P\sjnvpnidk[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WH7D2D4M\yptozgozmu[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\WINDOWS\cndrive32.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. Heute beim Quick Scan hats nix gefunden. Hier noch zusätzlich das Log von AntiVir, dass ich gestern habe drüber laufen lassen: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 5. August 2010 10:23 Es wird nach 2676631 Virenstämmen gesucht. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : ECO_R2 Versionsinformationen: BUILD.DAT : 9.0.0.422 21701 Bytes 09.03.2010 10:23:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 14:42:48 AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44 LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:42:47 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 09:33:33 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 09:48:16 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 06:13:47 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 09:48:09 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 09:23:31 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 07:34:44 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 09:58:58 VBASE008.VDF : 7.10.9.166 2048 Bytes 23.07.2010 09:58:58 VBASE009.VDF : 7.10.9.167 2048 Bytes 23.07.2010 09:58:58 VBASE010.VDF : 7.10.9.168 2048 Bytes 23.07.2010 09:58:58 VBASE011.VDF : 7.10.9.169 2048 Bytes 23.07.2010 09:58:58 VBASE012.VDF : 7.10.9.170 2048 Bytes 23.07.2010 09:58:58 VBASE013.VDF : 7.10.9.198 157696 Bytes 26.07.2010 09:58:55 VBASE014.VDF : 7.10.9.255 997888 Bytes 29.07.2010 07:51:06 VBASE015.VDF : 7.10.10.28 139264 Bytes 02.08.2010 07:51:07 VBASE016.VDF : 7.10.10.52 127488 Bytes 03.08.2010 07:51:07 VBASE017.VDF : 7.10.10.53 1536 Bytes 03.08.2010 07:51:07 VBASE018.VDF : 7.10.10.54 1536 Bytes 03.08.2010 07:51:07 VBASE019.VDF : 7.10.10.55 1536 Bytes 03.08.2010 07:51:08 VBASE020.VDF : 7.10.10.56 1536 Bytes 03.08.2010 07:51:08 VBASE021.VDF : 7.10.10.57 1536 Bytes 03.08.2010 07:51:08 VBASE022.VDF : 7.10.10.58 1536 Bytes 03.08.2010 07:51:08 VBASE023.VDF : 7.10.10.59 1536 Bytes 03.08.2010 07:51:09 VBASE024.VDF : 7.10.10.60 1536 Bytes 03.08.2010 07:51:09 VBASE025.VDF : 7.10.10.61 1536 Bytes 03.08.2010 07:51:09 VBASE026.VDF : 7.10.10.62 1536 Bytes 03.08.2010 07:51:09 VBASE027.VDF : 7.10.10.63 1536 Bytes 03.08.2010 07:51:10 VBASE028.VDF : 7.10.10.64 1536 Bytes 03.08.2010 07:51:10 VBASE029.VDF : 7.10.10.65 1536 Bytes 03.08.2010 07:51:10 VBASE030.VDF : 7.10.10.66 1536 Bytes 03.08.2010 07:51:10 VBASE031.VDF : 7.10.10.75 61952 Bytes 04.08.2010 07:51:11 Engineversion : 8.2.4.32 AEVDF.DLL : 8.1.2.1 106868 Bytes 05.08.2010 07:51:14 AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 05.08.2010 07:51:14 AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 08:33:19 AESBX.DLL : 8.1.3.1 254324 Bytes 26.04.2010 09:04:22 AERDL.DLL : 8.1.8.2 614772 Bytes 21.07.2010 07:38:04 AEPACK.DLL : 8.2.3.3 471414 Bytes 05.08.2010 07:51:13 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 22.07.2010 07:41:53 AEHEUR.DLL : 8.1.2.10 2830711 Bytes 05.08.2010 07:51:13 AEHELP.DLL : 8.1.13.2 242039 Bytes 21.07.2010 07:38:02 AEGEN.DLL : 8.1.3.18 393589 Bytes 05.08.2010 07:51:11 AEEMU.DLL : 8.1.2.0 393588 Bytes 26.04.2010 09:04:21 AECORE.DLL : 8.1.16.2 192887 Bytes 21.07.2010 07:38:01 AEBB.DLL : 8.1.1.0 53618 Bytes 26.04.2010 09:04:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56 AVPREF.DLL : 9.0.3.0 44289 Bytes 14.09.2009 09:46:10 AVREP.DLL : 8.0.0.7 159784 Bytes 17.02.2010 21:20:00 AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28 NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 09.06.2009 16:21:17 RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 14:42:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: c:\programme\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +GAME,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Donnerstag, 5. August 2010 10:23 Der Suchlauf nach versteckten Objekten wird begonnen. Es wurden '100118' Objekte überprüft, '0' versteckte Objekte wurden gefunden. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'WINWORD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WindowsSearch.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'searchindexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'btwdins.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Es wurden '38' Prozesse mit '38' Modulen durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '65' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! [HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei. [HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann. C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\29411.exe [FUND] Ist das Trojanische Pferd TR/Jorik.IRCbot.DP C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\3659973.exe [FUND] Ist das Trojanische Pferd TR/Spy.Gen C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\cvvq.exe [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\dsmjeq.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\jfrevf.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\odyot.exe [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2Q29IC3I\kkemu[1].htm [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F7KRL29N\mjs[1].exe [FUND] Ist das Trojanische Pferd TR/Jorik.IRCbot.DP C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NVX0CKY3\kofmhoahpk[1].htm [FUND] Ist das Trojanische Pferd TR/Injector.EN C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q176D8CZ\aaidkfmhfa[1].htm [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VO5DFN5P\oriqbjdp[1].htm [FUND] Ist das Trojanische Pferd TR/Injector.EN C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdndis.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\System Volume Information\_restore{9916987E-F762-4514-907A-40B8F4E905A6}\RP317\A0085352.exe [FUND] Ist das Trojanische Pferd TR/Fake.SolutionPro.CN C:\System Volume Information\_restore{9916987E-F762-4514-907A-40B8F4E905A6}\RP323\A0085877.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN C:\WINDOWS\system32\dllcache\ndis.sys [FUND] Enthält Erkennungsmuster des Rootkits RKIT/Protector.BC [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\WINDOWS\system32\drivers\btwdndis.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! C:\WINDOWS\system32\drivers\ndis.sys [FUND] Enthält Erkennungsmuster des Rootkits RKIT/Protector.BC [WARNUNG] Die Datei konnte nicht geöffnet werden! Beginne mit der Suche in 'D:\' Beginne mit der Desinfektion: C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\29411.exe [FUND] Ist das Trojanische Pferd TR/Jorik.IRCbot.DP [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c8ea523.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\3659973.exe [FUND] Ist das Trojanische Pferd TR/Spy.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c8fa520.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\cvvq.exe [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cd0a560.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\dsmjeq.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc7a55e.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\jfrevf.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ccca551.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temp\odyot.exe [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cd3a54f.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2Q29IC3I\kkemu[1].htm [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cbfa556.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F7KRL29N\mjs[1].exe [FUND] Ist das Trojanische Pferd TR/Jorik.IRCbot.DP [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ccda555.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NVX0CKY3\kofmhoahpk[1].htm [FUND] Ist das Trojanische Pferd TR/Injector.EN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc0a55a.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q176D8CZ\aaidkfmhfa[1].htm [FUND] Ist das Trojanische Pferd TR/Malagent.A.2513 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc3a54c.qua' verschoben! C:\Dokumente und Einstellungen\Eco_R1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\VO5DFN5P\oriqbjdp[1].htm [FUND] Ist das Trojanische Pferd TR/Injector.EN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc3a55e.qua' verschoben! C:\System Volume Information\_restore{9916987E-F762-4514-907A-40B8F4E905A6}\RP317\A0085352.exe [FUND] Ist das Trojanische Pferd TR/Fake.SolutionPro.CN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c8aa51c.qua' verschoben! C:\System Volume Information\_restore{9916987E-F762-4514-907A-40B8F4E905A6}\RP323\A0085877.exe [FUND] Ist das Trojanische Pferd TR/Injector.EN [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d095965.qua' verschoben! C:\WINDOWS\system32\dllcache\ndis.sys [FUND] Enthält Erkennungsmuster des Rootkits RKIT/Protector.BC [WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004 [WARNUNG] Die Quelldatei konnte nicht gefunden werden. [HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc3a551.qua' verschoben! C:\WINDOWS\system32\drivers\ndis.sys [FUND] Enthält Erkennungsmuster des Rootkits RKIT/Protector.BC [WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004 [WARNUNG] Die Quelldatei konnte nicht gefunden werden. [HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc3a557.qua' verschoben! Ende des Suchlaufs: Donnerstag, 5. August 2010 13:48 Benötigte Zeit: 3:24:07 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 13243 Verzeichnisse wurden überprüft 1714129 Dateien wurden geprüft 15 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 15 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 5 Dateien konnten nicht durchsucht werden 1714109 Dateien ohne Befall 16680 Archive wurden durchsucht 5 Warnungen 16 Hinweise 100118 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Ich danke für jegliche Hilfe herzlich... Grüsse Sebastian |
|
|
||
06.08.2010, 11:33
Member
Beiträge: 420 |
#4
Ok,
im Firefox ist ein Proxy eingerichtet. Ich gehe davon aus, dass das so gewollt ist? Scheint ein Uni-Proxy zu sein. 1. Starte bitte OTL, kopiere unten in das Script-Feld rein: Zitat :OTLund klicke auf Run Fix. ein Neustart ist unter Umständen notwendig. Poste bitte das Fix Log. 2. RootRepeal http://sites.google.com/site/rootrepeal/ Starte RootRepeal. Beende alle anderen Programme. Gehe unten auf den Reiter Report. Klicke auf Scan. Setze alle Häkchen. Bestätige mit OK. Falls gefragt, wähle Laufwerk C: Bestätige mit OK. Am Ende des Scans wird ein Log eingeblendet, poste es bitte. |
|
|
||
06.08.2010, 13:23
Member
Themenstarter Beiträge: 20 |
#5
Hallo, halso hier das OTL log file:
ll processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Dokumente und Einstellungen\Eco_R1\Anwendungsdaten\ohydy.exe deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6538419f-9ed5-11df-a4bd-00235436dbbe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6538419f-9ed5-11df-a4bd-00235436dbbe}\ not found. File E:\myfolder\myfile.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6538419f-9ed5-11df-a4bd-00235436dbbe}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6538419f-9ed5-11df-a4bd-00235436dbbe}\ not found. File E:\myfolder\myfile.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cfb9568-6ac6-11de-a3bc-00235436dbbe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cfb9568-6ac6-11de-a3bc-00235436dbbe}\ not found. File WD_Windows_Tools\Setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2af07f6-b025-11de-a402-00235436dbbe}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2af07f6-b025-11de-a402-00235436dbbe}\ not found. File myfolder\myfile.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2af07f6-b025-11de-a402-00235436dbbe}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2af07f6-b025-11de-a402-00235436dbbe}\ not found. File myfolder\myfile.exe not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Eco_R1 ->Temp folder emptied: 3766200 bytes ->Temporary Internet Files folder emptied: 595314616 bytes ->Java cache emptied: 121404532 bytes ->FireFox cache emptied: 78155530 bytes ->Flash cache emptied: 908 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 248219 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 898476 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 4905351 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49600 bytes RecycleBin emptied: 32066833 bytes Total Files Cleaned = 798.00 mb [EMPTYFLASH] User: All Users User: Default User User: Eco_R1 ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08062010_122340 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found! Registry entries deleted on Reboot... Und dann noch das RootRepeal zeugs: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/08/06 12:36 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA782A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA604000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA2B8000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\Dokumente und Einstellungen\Eco_R1\Eigene Dateien\Master Thesis 2009\DSC_1720.JPG Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xba79f26e #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xba79f264 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xba79f273 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xba79f27d #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xba79f282 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xba79f250 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xba79f255 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xba79f28c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xba79f287 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xba79f278 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xba79f25f ==EOF== Danke dir |
|
|
||
06.08.2010, 13:52
Member
Beiträge: 420 |
#6
Ok,
arbeite bitte diese Anleitung ab und poste das Log: http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird |
|
|
||
hab mir leztztens eine lästige Malware (AntiVir Solution Pro) eingefangen, die ich nach Anleitung wieder entfernen konnte. Seit dem sind jedoch alle meine Hotkeys auf dem Laptop (eeePC) zum beispiel zum ein und ausschalten des WLANs ausser Betrieb. Habe darauf noch Avira laufen lassen und etwa 15 Schädlinge entdecken können.
Kann mir jemand hier weiterhelfen. Das letze Mal hat man mir hier wunderbar geholfen.
Was ist nötig Hijack file?
Grüsse
immi
Hier mal das Hijack Log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:21, on 05.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\Office12\WINWORD.EXE
C:\Programme\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe
C:\Dokumente und Einstellungen\Eco_R1\Desktop\Temporary Rar\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C240204-F53C-4293-A633-B067DC097EDB}: NameServer = 130.60.128.3,130.60.64.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C240204-F53C-4293-A633-B067DC097EDB}: NameServer = 130.60.128.3,130.60.64.51
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C240204-F53C-4293-A633-B067DC097EDB}: NameServer = 130.60.128.3,130.60.64.51
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9173 bytes