| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.09.2010, 00:11
| #1 |
 |  BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll Hallo, wie so viele Andere hier habe ich mir auch den BDS/Papras.RL eingefangen. Anti-Vir meldete "Meldung: Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Papras.RL" Wobei kann ich allerdings nicht genau sagen. Ich las im Forum von einem Zusammenhang mit Java, welches sich bei mir nicht mehr auf dem aktuellsten Stand befand. Betriebssystem ist Vista. Habe Malwarebytes scannen lassen und folgendes ist rausgekommen: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4621 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 16.09.2010 00:42:01 mbam-log-2010-09-16 (00-42-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 333380 Laufzeit: 1 Stunde(n), 35 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Log von OTL ergab Folgendes:OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.09.2010 01:07:17 - Run 3 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 56,89 Gb Free Space | 18,75% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBI-PC Current User Name: Tobi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Naevius YouTube Converter\mon.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (P1110VID) -- C:\Windows\System32\drivers\P1110Vid.sys (Creative Technology Ltd.) DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.schwerte.de/service/freemail/login/" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 12:09:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\program files\Mozilla Firefox\components [2010.09.12 21:56:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010.09.12 21:56:05 | 000,000,000 | ---D | M] [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.09.15 23:16:19 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions [2009.11.30 23:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.20 21:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.08.02 19:26:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.18 09:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.15 17:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007.12.25 10:58:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2010.03.24 18:23:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.24 18:23:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.24 18:23:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.24 18:23:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.24 18:23:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [recinfo284] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\mon.exe () O4 - HKCU..\Run: [FilterHost] C:\Users\Tobi\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0d577a45-8714-11de-ab4c-0019214c00db}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{63421511-b25d-11dc-af49-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63421511-b25d-11dc-af49-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{f149029b-0a2c-11de-8a87-0019214c00db}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.15 13:02:22 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.15 13:02:18 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.15 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Sunbelt Software [2010.09.15 12:24:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF} [2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.09.15 00:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.09.14 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira [2010.09.14 23:49:21 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.09.14 23:49:21 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.09.14 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2010.09.14 23:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.14 23:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 23:35:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.14 23:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.14 23:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.09.12 23:20:22 | 000,000,000 | ---D | C] -- C:\Users\Tobi\dt05_x.img [2010.09.10 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.10 18:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2010.09.16 01:07:14 | 003,145,728 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat [2010.09.16 01:05:11 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4543B1A4-40CE-40BF-94A7-825C9CDE50F4}.job [2010.09.16 00:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.16 00:43:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.16 00:43:46 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 20:47:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.15 17:44:13 | 000,099,716 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.15 17:44:12 | 000,099,716 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.15 17:43:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 17:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.15 17:43:42 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2010.09.15 17:42:29 | 004,769,080 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db [2010.09.15 17:37:48 | 000,011,264 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.15 13:02:18 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.15 12:33:07 | 000,002,623 | ---- | M] () -- C:\Users\Tobi\Desktop\Microsoft Word.lnk [2010.09.15 12:24:36 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.09.14 23:35:16 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:10 | 000,511,968 | ---- | M] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.13 14:30:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PESEdit.com 2010 Patch.lnk [2010.09.12 20:01:46 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.12 20:01:46 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.12 20:01:46 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.12 20:01:46 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.12 20:01:46 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.10 18:52:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.10 18:49:53 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.10 17:15:51 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.09.08 14:59:42 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.09.08 14:59:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.08.26 14:07:23 | 000,027,136 | ---- | M] () -- C:\Users\Tobi\Documents\Hi Tobi.doc [2010.08.21 10:36:22 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.08.18 15:32:39 | 005,260,168 | ---- | M] () -- C:\Users\Tobi\PES2010_EDIT.bin ========== Files Created - No Company Name ========== [2010.09.15 16:01:38 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.09.15 12:24:36 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.09.14 23:35:16 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:30 | 000,511,968 | ---- | C] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.10 18:52:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.10 18:49:53 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.26 14:07:23 | 000,027,136 | ---- | C] () -- C:\Users\Tobi\Documents\Hi Tobi.doc [2010.05.03 10:56:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.10 12:47:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.24 17:38:45 | 000,099,716 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.24 17:38:43 | 000,099,716 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.14 14:01:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.02 20:00:17 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2009.11.02 20:00:17 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2009.11.02 20:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.02 19:59:56 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.02 19:59:56 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009.11.02 19:58:14 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.12 15:39:55 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2009.07.04 11:21:05 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009.07.03 22:38:04 | 000,000,289 | ---- | C] () -- C:\Windows\Sierra.ini [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.22 13:34:59 | 000,081,888 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\mdbu.bin [2009.04.09 14:54:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.04.09 14:54:31 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.14 17:05:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.07.10 11:06:39 | 000,000,021 | ---- | C] () -- C:\Windows\PI_SETUP.ini [2008.05.01 17:33:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.03.25 15:57:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.01.18 18:03:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.15 14:17:07 | 000,001,356 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat [2007.12.27 18:07:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.25 14:00:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.25 01:55:03 | 000,011,264 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1998.03.25 21:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\vbzlib.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Tobi\Desktop\Lieferbar Spot2.avi:TOC.WMV < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.09.2010 01:07:17 - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 56,89 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\program files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B51886-2D90-492A-A380-EFF2B675E18A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D7B5527-91C6-46AD-8A40-35CA5108644F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1FD0EF9F-AD9D-4EDA-8A1D-44677DA7F832}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F447F3F-C713-4B5B-8917-B5FCAACF0CFB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4A65013F-7B9D-47FE-AA0C-1D0DA8E65110}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CBE48A1-0EB9-4739-897B-E3D1943782BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90ECF0DB-A05D-4008-8530-A4B0C09F7B8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DB94E8C-7986-412B-B40E-516F4D54087A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A375C673-7532-4555-8DEA-33EEFECDC76D}" = rport=137 | protocol=17 | dir=out | app=system |
"{C9514EA4-6002-4D31-8116-36AC6C7D8C63}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3186EEE-11FB-4D6F-AAAA-0598AC303192}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB3E5C3A-0891-4EE6-8111-434B0BC0FE05}" = rport=445 | protocol=6 | dir=out | app=system |
"{F696EA09-67C1-48C0-99F7-69D315380086}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6EF9FFC-8370-4F1C-A686-6B0F0928663E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7C64B30-B947-4AF2-A965-51BE2A8B30AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FE38DB6D-3EA6-4484-BFEC-8C4CFFAE4577}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF857E0-0CCB-48DE-8628-E7F4874FBBD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1137BE8A-AA9D-4910-AD2D-DFAD9230C4CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2426740A-5C68-4238-9EE1-EC35C22AFEF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BBA20C9-D0AD-413C-85B7-31C8C2327536}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3B529FB9-B148-45E2-96E9-DE3291870E4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E474F6A-BE9F-444A-95BA-B6E4E1DE246D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3F8E3922-6AF3-4A58-8B1F-A1D918C8918B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41B66EBF-B48D-49F9-897A-83F2D78EC3BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4FC69DFB-2792-4EA6-BC00-BAD64ACC2BC5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{52C9DD19-7E03-468C-BEDC-FC2B46342F52}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{53E4588F-6594-49C2-B922-39431224ECEF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6859127E-EF12-4199-A951-9DC5F0E422B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{706CCAF5-0587-4FC5-A5C9-2866BD91523D}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{8E74298E-D2EA-499C-B1C5-49A5E573A7C1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{927DA504-DBC7-47B8-97CD-4C4102C72B54}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9EDA56A4-1588-48BF-9EB4-412BE0324A89}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9FD29421-05AC-49F7-931C-2EDD59CD421A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A5B43B67-88D4-4BE0-A5CD-05A9AAA4BDCE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B348ED89-4B61-4338-99CD-8FA8D578E3C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B385BFF8-F5E0-43A1-A2C7-27A4B5703EE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF87DAC1-9218-4B1A-987C-013C55B539DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDC90420-6DE0-439E-AE96-C8E1247578FE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D0955710-E8D3-4FBA-9D72-9915CD979600}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E6F55F72-1F69-47E0-9E0E-AA645F34A103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F00C4A4A-DC0B-4AB5-A9A2-3C1366D7366E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{00742117-E2C3-45F1-9BA3-F9B2FB33406A}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{2423E0A3-9A10-4CC0-9ABE-0BF63EAD6174}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{329DDDDE-F8CC-4592-8542-45DB5EB63EF6}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{5AB4FF24-2346-4A98-BED3-ED2351D83BED}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"TCP Query User{88EC6702-D85A-440D-A8F3-D925AF075910}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{993DC233-DDC7-4016-8A75-0B11CD11DC12}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{9D4CC5BB-AC33-4D13-89DE-4E31A820A960}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B33F168C-880C-4565-93E5-F37E3AC74841}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"TCP Query User{D80580DC-1B9E-4E3F-95A8-67A1BE5054EE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DED71E19-2AFE-48DA-8D50-069ACB0ABFF9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{323BC18E-9FC4-444D-9A74-F6F61FCAB977}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{487382ED-4180-4400-A683-1D732886E415}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"UDP Query User{53E55322-14EE-4690-A7B2-3392DECD3DBA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{65F3A1DC-F84D-440E-ABF8-0AB688F24475}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"UDP Query User{99AAEDC5-A971-4567-B0B6-EA70C7003713}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{9FD82C1C-DC7C-43C0-A762-B243C6542A3E}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{AD40402E-00F2-4776-A4BE-56AD35FDFF25}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C969B16F-9491-4569-96EA-695B6C44F0F9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E5BFD167-9B3C-4B00-A1E9-F67B9A57F1AC}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"UDP Query User{F985F73E-1ABF-4E5B-A8FF-B8F781752B68}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DB921F-6DFF-4743-AD3D-6A2F2D0A4794}" = Brother HL-2035
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}" = Game Graphic Studio
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFF8A42A-0814-4864-92D7-52EFB3048ABD}" = PhotoImpression
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"ALDI Nord Foto Service D" = ALDI Nord Foto Service
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bundesliga-Patch 2009 v1.70" = Bundesliga-Patch 2009 v1.70
"Creative PC-CAM Center" = Creative PC-CAM Center Lite
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor" = Creative WebCam Monitor
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Family Fun RC Racers" = Big Fun Funk-Flitzer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Naevius YouTube Converter_is1" = Naevius YouTube Converter 2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PKR" = PKR
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"TomTom HOME" = TomTom HOME 2.7.0.1785
"TOPSIM - Startup! Produktion - Businessplan" = TOPSIM - Startup! Produktion - Businessplan
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.09.2010 08:54:09 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00ca8c92, Prozess-ID 0x1394, Anwendungsstartzeit 01cb534163a33f26.
Error - 13.09.2010 08:58:41 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description =
Error - 13.09.2010 11:28:07 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.09.2010 03:04:10 | Computer Name = Tobi-PC | Source = Google Update | ID = 20
Description =
Error - 14.09.2010 03:04:13 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.09.2010 03:04:13 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.09.2010 04:03:45 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description =
Error - 14.09.2010 06:06:08 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00ca8c92, Prozess-ID 0x15cc, Anwendungsstartzeit 01cb53f1d6b7ae5f.
Error - 14.09.2010 06:30:46 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.09.2010 13:15:01 | Computer Name = Tobi-PC | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 13.09.2010 12:19:14 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 13.09.2010 13:35:25 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 14.09.2010 03:17:45 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 14.09.2010 05:45:59 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 14.09.2010 08:52:36 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 14.09.2010 09:26:13 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 14.09.2010 13:42:17 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 15.09.2010 07:26:59 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15.09.2010 07:30:32 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 15.09.2010 11:44:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Wie gehe ich nun weiter vor? Möchte meinen Computer eigentlich ungern formatieren wegen der ganzen Internetsoftware, Routereinstellungen, usw. . Bitte um Hilfe! |
|
16.09.2010, 10:08
| #2 |
| /// Malware-holic   | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll dein ganzer pc befindet sich nicht auf dem aktuellstem stand... schon mal was von windows updates gehört? :-)
__________________bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
16.09.2010, 15:46
| #3 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll combofix log:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 10-09-15.02 - Tobi 16.09.2010 16:33:08.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3071.2170 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\Cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Tobi\Google_Earth_BZXD.exe
c:\users\Tobi\PES2008.exe
c:\users\Tobi\PES2010_EDIT-ch.bin
c:\users\Tobi\PES2010_EDIT-def.bin
c:\users\Tobi\PES2010_EDIT-l2.bin
c:\users\Tobi\PES2010_EDIT-la.bin
c:\users\Tobi\PES2010_EDIT-sb.bin
c:\users\Tobi\PES2010_EDIT.bin
c:\windows\system32\spool\prtprocs\w32x86\CNMPP78.DLL
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-16 bis 2010-09-16 ))))))))))))))))))))))))))))))
.
2010-09-16 14:39 . 2010-09-16 14:39 -------- d-----w- c:\users\Tobi\AppData\Local\temp
2010-09-16 11:10 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-16 10:54 . 2010-09-16 10:54 -------- d-----w- c:\users\Tobi\Tracing
2010-09-16 10:53 . 2010-04-28 05:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-16 10:52 . 2010-09-16 10:52 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-16 10:50 . 2010-09-16 10:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-16 10:48 . 2010-09-16 11:02 -------- d-----w- c:\program files\Microsoft
2010-09-16 10:48 . 2010-09-16 10:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-16 10:34 . 2010-09-16 10:34 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-16 10:33 . 2010-09-16 11:02 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 10:28 . 2006-09-12 18:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD78.DLL
2010-09-16 10:28 . 2010-09-16 10:31 -------- d-----w- c:\windows\LastGood
2010-09-16 10:27 . 2006-09-12 18:00 197632 ----a-w- c:\windows\system32\CNMLM78.DLL
2010-09-15 14:01 . 2010-09-08 12:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-15 11:02 . 2010-09-08 12:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-15 11:02 . 2010-09-15 11:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-15 10:45 . 2010-09-15 10:45 -------- d-----w- c:\users\Tobi\AppData\Local\Sunbelt Software
2010-09-15 10:24 . 2010-09-08 13:00 2985688 -c--a-w- c:\programdata\{437292BE-95BD-4B12-B699-6D217A03ACAF}\Ad-AwareInstall.exe
2010-09-15 10:24 . 2010-09-15 10:24 -------- dc-h--w- c:\programdata\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-09-15 10:23 . 2010-09-15 10:53 -------- d-----w- c:\programdata\Lavasoft
2010-09-15 10:23 . 2010-09-15 10:23 -------- d-----w- c:\program files\Lavasoft
2010-09-14 22:05 . 2010-09-14 22:05 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-09-14 21:50 . 2010-09-14 21:50 -------- d-----w- c:\users\Tobi\AppData\Roaming\Avira
2010-09-14 21:49 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-14 21:49 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-14 21:35 . 2010-09-14 21:35 -------- d-----w- c:\users\Tobi\AppData\Roaming\Malwarebytes
2010-09-14 21:35 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 21:35 . 2010-09-14 21:35 -------- d-----w- c:\programdata\Malwarebytes
2010-09-14 21:35 . 2010-09-14 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 21:35 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 21:21 . 2010-09-14 21:27 76704960 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-14 21:21 . 2010-09-14 21:21 -------- d-----w- c:\programdata\PC Tools
2010-09-12 21:20 . 2010-09-12 21:20 -------- d-----w- c:\users\Tobi\dt05_x.img
2010-09-10 16:52 . 2010-09-10 16:52 -------- d-----w- c:\program files\iTunes
2010-09-10 16:49 . 2010-09-10 16:49 -------- d-----w- c:\program files\QuickTime
2010-09-10 16:45 . 2010-09-10 16:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 14:16 . 2008-01-15 13:54 -------- d-----w- c:\users\Tobi\AppData\Roaming\ICQ
2010-09-16 14:16 . 2010-02-10 10:42 -------- d-----w- c:\users\Tobi\AppData\Roaming\Skype
2010-09-16 14:03 . 2010-02-10 10:47 -------- d-----w- c:\users\Tobi\AppData\Roaming\skypePM
2010-09-16 11:16 . 2008-06-30 17:14 -------- d-----w- c:\program files\KONAMI
2010-09-16 11:12 . 2008-02-04 08:57 -------- d-----w- c:\program files\Common Files\Java
2010-09-16 11:10 . 2008-02-04 08:58 -------- d-----w- c:\program files\Java
2010-09-16 10:53 . 2009-01-05 19:45 -------- d-----w- c:\program files\Windows Live
2010-09-16 10:34 . 2009-11-24 15:38 99721 ----a-w- c:\programdata\nvModes.dat
2010-09-16 10:32 . 2007-11-14 13:54 -------- d-----w- c:\programdata\NVIDIA
2010-09-15 15:40 . 2010-02-10 10:42 -------- d-----w- c:\users\Tobi\AppData\Roaming\Gutscheinmieze
2010-09-12 18:01 . 2006-11-02 15:33 641106 ----a-w- c:\windows\system32\perfh007.dat
2010-09-12 18:01 . 2006-11-02 15:33 116500 ----a-w- c:\windows\system32\perfc007.dat
2010-09-10 16:52 . 2008-01-15 15:15 -------- d-----w- c:\program files\iPod
2010-09-10 16:52 . 2008-09-30 17:32 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 17:26 . 2010-07-21 18:15 456200 ----a-w- c:\users\Tobi\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-08-31 07:25 . 2010-02-02 15:50 -------- d-----w- c:\program files\ICQ7.0
2010-08-02 17:26 . 2010-08-02 17:26 52224 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-02 17:26 . 2010-08-02 17:26 101376 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-02 17:22 . 2010-06-18 07:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-04-27 19:40 . 2008-05-01 15:33 952 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-11-02 23:53 . 2007-11-02 23:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"FilterHost"="c:\users\Tobi\AppData\Roaming\mmserver\FilterHost.exe" [2010-01-18 827392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-02 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"recinfo284"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"youtubeconverter"="c:\program files\Naevius YouTube Converter\mon.exe" [2008-09-22 647680]
"ALDI_SUED_FotoSuite_Download"="c:\program files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"ALDI_NORD_FotoSuite_Download"="c:\program files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-30 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
R2 gupdate1c9abd1f2a60597;Google Update Service (gupdate1c9abd1f2a60597);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-08 1355928]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-09-10 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:19]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:10]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 16:10]
2010-09-16 c:\windows\Tasks\User_Feed_Synchronization-{4543B1A4-40CE-40BF-94A7-825C9CDE50F4}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local;*.local
IE: Free YouTube to Mp3 Converter - c:\users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5r79f0fc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.schwerte.de/service/freemail/login/
FF - component: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-BearShare - c:\program files\BearShare\BearShare.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-16 16:39
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-16 16:41:25
ComboFix-quarantined-files.txt 2010-09-16 14:41
Vor Suchlauf: 27 Verzeichnis(se), 62.972.379.136 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 63.021.674.496 Bytes frei
- - End Of File - - 284E478262CA789A2D9B48D557E06437
|
|
16.09.2010, 16:26
| #4 |
| /// Malware-holic | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll deinstaliere ad-aware, kann mit avira zu problemen kommen. • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
16.09.2010, 18:36
| #5 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Tobi ->Flash cache emptied: 109650 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Tobi ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 1674570 bytes ->Java cache emptied: 86171735 bytes ->FireFox cache emptied: 105308463 bytes ->Apple Safari cache emptied: 1286144 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 10580176 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 196,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09162010_192833 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
16.09.2010, 18:38
| #6 |
| /// Malware-holic | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
16.09.2010, 21:30
| #7 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll log anti-vir: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 16. September 2010 20:17 Es wird nach 2849716 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (plain) [6.0.6000] Boot Modus : Normal gebootet Benutzername : Tobi Computername : TOBI-PC Versionsinformationen: BUILD.DAT : 10.0.0.567 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 18:16:09 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 18:16:12 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 18:16:19 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 18:16:24 VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 18:16:24 VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 18:16:24 VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 18:16:24 VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 18:16:24 VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 18:16:25 VBASE014.VDF : 7.10.11.166 2048 Bytes 15.09.2010 18:16:25 VBASE015.VDF : 7.10.11.167 2048 Bytes 15.09.2010 18:16:25 VBASE016.VDF : 7.10.11.168 2048 Bytes 15.09.2010 18:16:25 VBASE017.VDF : 7.10.11.169 2048 Bytes 15.09.2010 18:16:25 VBASE018.VDF : 7.10.11.170 2048 Bytes 15.09.2010 18:16:25 VBASE019.VDF : 7.10.11.171 2048 Bytes 15.09.2010 18:16:25 VBASE020.VDF : 7.10.11.172 2048 Bytes 15.09.2010 18:16:25 VBASE021.VDF : 7.10.11.173 2048 Bytes 15.09.2010 18:16:25 VBASE022.VDF : 7.10.11.174 2048 Bytes 15.09.2010 18:16:25 VBASE023.VDF : 7.10.11.175 2048 Bytes 15.09.2010 18:16:25 VBASE024.VDF : 7.10.11.176 2048 Bytes 15.09.2010 18:16:25 VBASE025.VDF : 7.10.11.177 2048 Bytes 15.09.2010 18:16:25 VBASE026.VDF : 7.10.11.178 2048 Bytes 15.09.2010 18:16:26 VBASE027.VDF : 7.10.11.179 2048 Bytes 15.09.2010 18:16:26 VBASE028.VDF : 7.10.11.180 2048 Bytes 15.09.2010 18:16:26 VBASE029.VDF : 7.10.11.181 2048 Bytes 15.09.2010 18:16:26 VBASE030.VDF : 7.10.11.182 2048 Bytes 15.09.2010 18:16:26 VBASE031.VDF : 7.10.11.196 90112 Bytes 16.09.2010 18:16:26 Engineversion : 8.2.4.52 AEVDF.DLL : 8.1.2.1 106868 Bytes 16.09.2010 18:16:31 AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 16.09.2010 18:16:31 AESCN.DLL : 8.1.6.1 127347 Bytes 16.09.2010 18:16:31 AESBX.DLL : 8.1.3.1 254324 Bytes 16.09.2010 18:16:32 AERDL.DLL : 8.1.8.2 614772 Bytes 16.09.2010 18:16:30 AEPACK.DLL : 8.2.3.5 471412 Bytes 16.09.2010 18:16:30 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 16.09.2010 18:16:30 AEHEUR.DLL : 8.1.2.21 2883958 Bytes 16.09.2010 18:16:29 AEHELP.DLL : 8.1.13.3 242038 Bytes 16.09.2010 18:16:28 AEGEN.DLL : 8.1.3.21 401780 Bytes 16.09.2010 18:16:27 AEEMU.DLL : 8.1.2.0 393588 Bytes 16.09.2010 18:16:27 AECORE.DLL : 8.1.16.2 192887 Bytes 16.09.2010 18:16:27 AEBB.DLL : 8.1.1.0 53618 Bytes 16.09.2010 18:16:27 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, H:, I:, J:, K:, L:, E:, F:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: ein Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Beginn des Suchlaufs: Donnerstag, 16. September 2010 20:17 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TomTomHOMERunner.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdSync.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD3 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD4 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD5 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Bootsektor 'H:\' [INFO] Im Laufwerk 'H:\' ist kein Datenträger eingelegt! Bootsektor 'I:\' [INFO] Im Laufwerk 'I:\' ist kein Datenträger eingelegt! Bootsektor 'J:\' [INFO] Im Laufwerk 'J:\' ist kein Datenträger eingelegt! Bootsektor 'K:\' [INFO] Im Laufwerk 'K:\' ist kein Datenträger eingelegt! Bootsektor 'L:\' [INFO] Im Laufwerk 'L:\' ist kein Datenträger eingelegt! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1637' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <SYSTEM> Beginne mit der Suche in 'D:\' <DATA> Beginne mit der Suche in 'H:\' Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'I:\' Der zu durchsuchende Pfad I:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'J:\' Der zu durchsuchende Pfad J:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'K:\' Der zu durchsuchende Pfad K:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'L:\' Der zu durchsuchende Pfad L:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Ende des Suchlaufs: Donnerstag, 16. September 2010 21:27 Benötigte Zeit: 1:09:26 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 31738 Verzeichnisse wurden überprüft 534536 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 534536 Dateien ohne Befall 4073 Archive wurden durchsucht 0 Warnungen 0 Hinweise |
|
17.09.2010, 10:26
| #8 |
| /// Malware-holic | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll 1. aktiviere die rootkit suche in avira. 2. besuche die windows update seite, spiele das servicepack 1 ein, dann das servicepack 2 dann restliche wichtigen updates. dann den internet explorer 8. dann gehts hiermit weiter: Updates sind für dein system genauso wichtig, wie ein antivirenscanner. Sehr häufig gelangen schädlinge nur aufs system, weil der user veraltete software nutzt. instaliere die folgenden update checker. Secunia: http://www.trojaner-board.de/83959-s...ector-psi.html und file hippo update checker: FileHippo.com Update Checker - FileHippo.com das file Hippo Symbol wird im infobereich neben der uhr auftauchen, mache bitte nen rechtsklick darauf, wähle settings, results, setze einen haken bei "hide beta updates" klicke ok. dann postest du bitte ne neue otl.txt übrigens, hättest du vernünftig geupdatet, wäre es warscheinlich gar nicht so weit gekommen. |
|
17.09.2010, 15:47
| #9 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2010 16:43:29 - Run 4 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 62,45 Gb Free Space | 20,59% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBI-PC Current User Name: Tobi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Naevius YouTube Converter\mon.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Tobi\AppData\Local\Temp\catchme.sys File not found DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (P1110VID) -- C:\Windows\System32\drivers\P1110Vid.sys (Creative Technology Ltd.) DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.schwerte.de/service/freemail/login/" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 12:09:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 13:44:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 16:38:28 | 000,000,000 | ---D | M] [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.09.17 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions [2009.11.30 23:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.20 21:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.08.02 19:26:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.18 09:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.17 16:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007.12.25 10:58:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.17 13:46:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 13:10:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.24 18:23:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.24 18:23:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.24 18:23:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.24 18:23:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.24 18:23:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.16 16:39:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [recinfo284] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\mon.exe () O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [FilterHost] C:\Users\Tobi\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.17 16:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.09.17 16:36:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.17 14:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2 [2010.09.17 14:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2010.09.17 14:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2010.09.17 14:18:43 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2010.09.17 14:18:42 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2010.09.17 14:18:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2010.09.17 14:18:41 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2010.09.17 14:18:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2010.09.17 14:18:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2010.09.17 14:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2010.09.17 14:16:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.09.17 13:46:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.17 13:46:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.17 13:46:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.17 13:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com [2010.09.17 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.09.17 12:12:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.09.17 11:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2010.09.16 20:10:41 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira [2010.09.16 20:08:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.09.16 20:08:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.09.16 20:08:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.09.16 20:08:22 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.09.16 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.09.16 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.09.16 19:28:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010.09.16 16:41:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.16 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.09.16 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\temp [2010.09.16 16:30:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.09.16 16:30:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.09.16 16:30:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.09.16 16:30:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.09.16 16:30:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.09.16 16:30:33 | 000,000,000 | ---D | C] -- C:\Cofi [2010.09.16 16:28:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.09.16 13:10:36 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.09.16 12:54:40 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Tracing [2010.09.16 12:53:43 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys [2010.09.16 12:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010.09.16 12:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010.09.16 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010.09.16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.09.16 12:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010.09.16 12:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010.09.16 12:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.09.16 12:27:33 | 000,197,632 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM78.DLL [2010.09.15 13:02:18 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.15 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Sunbelt Software [2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.09.15 00:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.09.14 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2010.09.14 23:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.14 23:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 23:35:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.14 23:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.14 23:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.09.12 23:20:22 | 000,000,000 | ---D | C] -- C:\Users\Tobi\dt05_x.img [2010.09.10 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2010.09.17 16:45:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4543B1A4-40CE-40BF-94A7-825C9CDE50F4}.job [2010.09.17 16:43:30 | 003,145,728 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat [2010.09.17 16:38:28 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.17 15:55:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 15:55:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.17 15:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.17 14:25:45 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.17 14:22:15 | 000,001,615 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.09.17 14:18:47 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.09.17 14:05:22 | 000,000,234 | ---- | M] () -- C:\Windows\Sierra.ini [2010.09.17 14:01:29 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.17 14:01:29 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.17 14:01:29 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.17 14:01:29 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.17 14:01:29 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.17 13:56:29 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.17 13:55:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.17 13:55:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.17 13:54:57 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2010.09.17 13:53:49 | 005,107,465 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db [2010.09.17 13:43:27 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.17 13:43:21 | 000,001,760 | ---- | M] () -- C:\Users\Tobi\Desktop\Update Checker.lnk [2010.09.17 12:13:28 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.17 12:12:20 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.09.16 22:30:02 | 000,002,623 | ---- | M] () -- C:\Users\Tobi\Desktop\Microsoft Word.lnk [2010.09.16 20:08:50 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.16 19:33:04 | 000,099,721 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.16 19:33:04 | 000,099,721 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.16 16:39:44 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.09.16 16:39:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.16 16:15:46 | 003,845,701 | R--- | M] () -- C:\Users\Tobi\Desktop\Cofi.exe [2010.09.16 12:49:31 | 000,000,764 | ---- | M] () -- C:\Users\Tobi\Documents\Meine freigegebenen Ordner.lnk [2010.09.15 17:37:48 | 000,011,264 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.15 13:02:18 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.14 23:35:16 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:10 | 000,511,968 | ---- | M] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.13 14:30:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PESEdit.com 2010 Patch.lnk [2010.09.10 18:52:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.10 17:15:51 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.08.26 14:07:23 | 000,027,136 | ---- | M] () -- C:\Users\Tobi\Documents\Hi Tobi.doc ========== Files Created - No Company Name ========== [2010.09.17 16:38:28 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.17 14:25:45 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.17 14:22:15 | 000,001,615 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.09.17 14:18:47 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.09.17 14:18:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.09.17 13:43:27 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.17 13:43:21 | 000,001,760 | ---- | C] () -- C:\Users\Tobi\Desktop\Update Checker.lnk [2010.09.17 12:13:28 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.16 20:08:50 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.16 16:30:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.09.16 16:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.09.16 16:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.09.16 16:30:39 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.09.16 16:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.09.16 16:15:35 | 003,845,701 | R--- | C] () -- C:\Users\Tobi\Desktop\Cofi.exe [2010.09.14 23:35:16 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:30 | 000,511,968 | ---- | C] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.10 18:52:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.26 14:07:23 | 000,027,136 | ---- | C] () -- C:\Users\Tobi\Documents\Hi Tobi.doc [2010.02.10 12:47:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.24 17:38:45 | 000,099,721 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.24 17:38:43 | 000,099,721 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.14 14:01:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.02 20:00:17 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2009.11.02 20:00:17 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2009.11.02 20:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.02 19:59:56 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.02 19:59:56 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009.11.02 19:58:14 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.12 15:39:55 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2009.07.04 11:21:05 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009.07.03 22:38:04 | 000,000,234 | ---- | C] () -- C:\Windows\Sierra.ini [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.22 13:34:59 | 000,081,888 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\mdbu.bin [2009.04.09 14:54:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.04.09 14:54:31 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.14 17:05:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.05.01 17:33:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.03.25 15:57:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.01.18 18:03:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.15 14:17:07 | 000,001,356 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat [2007.12.27 18:07:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.25 14:00:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.25 01:55:03 | 000,011,264 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Tobi\Desktop\Lieferbar Spot2.avi:TOC.WMV < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2010 16:43:29 - Run 4
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 62,45 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B51886-2D90-492A-A380-EFF2B675E18A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D7B5527-91C6-46AD-8A40-35CA5108644F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1FD0EF9F-AD9D-4EDA-8A1D-44677DA7F832}" = rport=139 | protocol=6 | dir=out | app=system |
"{3F447F3F-C713-4B5B-8917-B5FCAACF0CFB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4A65013F-7B9D-47FE-AA0C-1D0DA8E65110}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C105BEC-33B7-47DA-BF9B-8450E5AF2B4B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90ECF0DB-A05D-4008-8530-A4B0C09F7B8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A375C673-7532-4555-8DEA-33EEFECDC76D}" = rport=137 | protocol=17 | dir=out | app=system |
"{C9514EA4-6002-4D31-8116-36AC6C7D8C63}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3186EEE-11FB-4D6F-AAAA-0598AC303192}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7F0CEBC-18E1-4938-82B5-8B849C56A4BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB3E5C3A-0891-4EE6-8111-434B0BC0FE05}" = rport=445 | protocol=6 | dir=out | app=system |
"{F696EA09-67C1-48C0-99F7-69D315380086}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6EF9FFC-8370-4F1C-A686-6B0F0928663E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F7C64B30-B947-4AF2-A965-51BE2A8B30AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FE38DB6D-3EA6-4484-BFEC-8C4CFFAE4577}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070DFD7C-BC80-4D8B-99B3-28B6A1688ACC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0748B2F6-0EE7-4340-AAB5-A3A8DE0ADB96}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0BF857E0-0CCB-48DE-8628-E7F4874FBBD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10D2CA6F-C0C2-46EB-BBD4-6EA510C28FE6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1137BE8A-AA9D-4910-AD2D-DFAD9230C4CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2426740A-5C68-4238-9EE1-EC35C22AFEF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BBA20C9-D0AD-413C-85B7-31C8C2327536}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3B529FB9-B148-45E2-96E9-DE3291870E4F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3F8E3922-6AF3-4A58-8B1F-A1D918C8918B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{41B66EBF-B48D-49F9-897A-83F2D78EC3BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4FC69DFB-2792-4EA6-BC00-BAD64ACC2BC5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{52C9DD19-7E03-468C-BEDC-FC2B46342F52}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{53E4588F-6594-49C2-B922-39431224ECEF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{57B5EF67-05F8-40BC-BC05-62E9084F731C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{618EA8DB-815F-47F0-8E04-D1909A07FE52}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{64ED57C5-6D03-4593-B9FE-6F3E8CE777EE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6859127E-EF12-4199-A951-9DC5F0E422B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{706CCAF5-0587-4FC5-A5C9-2866BD91523D}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{72D556C6-A5E6-4CE7-AC75-176D354A1B76}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8BCC1DB3-5D5B-4DA4-9B3A-6DE585D5BFDD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8E74298E-D2EA-499C-B1C5-49A5E573A7C1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{927DA504-DBC7-47B8-97CD-4C4102C72B54}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9EDA56A4-1588-48BF-9EB4-412BE0324A89}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9FD29421-05AC-49F7-931C-2EDD59CD421A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A5B43B67-88D4-4BE0-A5CD-05A9AAA4BDCE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B348ED89-4B61-4338-99CD-8FA8D578E3C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B385BFF8-F5E0-43A1-A2C7-27A4B5703EE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF87DAC1-9218-4B1A-987C-013C55B539DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C78C8149-8E1A-450B-93E4-DFAC017C8B4E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CDC90420-6DE0-439E-AE96-C8E1247578FE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E1B8A875-2380-47B7-AD21-D495003E9B0A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E3274F41-7D96-4DF4-AD0F-7A1F8615FD7D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E6F55F72-1F69-47E0-9E0E-AA645F34A103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EDF3124E-EA10-481C-8796-9E40E159E4BA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F00C4A4A-DC0B-4AB5-A9A2-3C1366D7366E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F3978835-0AAD-4801-B83F-2983B8317AF5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FF5E6521-B399-4431-85C3-6BB81495BCCF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{00742117-E2C3-45F1-9BA3-F9B2FB33406A}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{2423E0A3-9A10-4CC0-9ABE-0BF63EAD6174}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{329DDDDE-F8CC-4592-8542-45DB5EB63EF6}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{5AB4FF24-2346-4A98-BED3-ED2351D83BED}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"TCP Query User{88EC6702-D85A-440D-A8F3-D925AF075910}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{993DC233-DDC7-4016-8A75-0B11CD11DC12}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{9D4CC5BB-AC33-4D13-89DE-4E31A820A960}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B33F168C-880C-4565-93E5-F37E3AC74841}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"TCP Query User{D80580DC-1B9E-4E3F-95A8-67A1BE5054EE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DED71E19-2AFE-48DA-8D50-069ACB0ABFF9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{323BC18E-9FC4-444D-9A74-F6F61FCAB977}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{487382ED-4180-4400-A683-1D732886E415}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"UDP Query User{53E55322-14EE-4690-A7B2-3392DECD3DBA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{65F3A1DC-F84D-440E-ABF8-0AB688F24475}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"UDP Query User{99AAEDC5-A971-4567-B0B6-EA70C7003713}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{9FD82C1C-DC7C-43C0-A762-B243C6542A3E}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{AD40402E-00F2-4776-A4BE-56AD35FDFF25}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C969B16F-9491-4569-96EA-695B6C44F0F9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E5BFD167-9B3C-4B00-A1E9-F67B9A57F1AC}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"UDP Query User{F985F73E-1ABF-4E5B-A8FF-B8F781752B68}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DB921F-6DFF-4743-AD3D-6A2F2D0A4794}" = Brother HL-2035
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"ALDI Nord Foto Service D" = ALDI Nord Foto Service
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bundesliga-Patch 2009 v1.70" = Bundesliga-Patch 2009 v1.70
"Creative PC-CAM Center" = Creative PC-CAM Center Lite
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Creative WebCam Monitor" = Creative WebCam Monitor
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"RealPlayer 6.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"SopCast" = SopCast 3.2.4
"TomTom HOME" = TomTom HOME 2.7.0.1785
"TOPSIM - Startup! Produktion - Businessplan" = TOPSIM - Startup! Produktion - Businessplan
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.09.2010 13:55:23 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.09.2010 13:55:23 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.09.2010 14:00:04 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.09.2010 14:01:45 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description =
Error - 12.09.2010 17:29:05 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00cad0c0, Prozess-ID 0x121c, Anwendungsstartzeit 01cb52c17a38cc12.
Error - 12.09.2010 17:30:52 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a,
fehlerhaftes Modul pes2010.exe, Version 1.3.0.0, Zeitstempel 0x562b029a, Ausnahmecode
0xc0000005, Fehleroffset 0x00cad0c0, Prozess-ID 0x67c, Anwendungsstartzeit 01cb52c1bac69e08.
Error - 13.09.2010 05:03:51 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.09.2010 05:03:51 | Computer Name = Tobi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.09.2010 06:01:44 | Computer Name = Tobi-PC | Source = WerSvc | ID = 5007
Description =
Error - 13.09.2010 06:33:46 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
0x4b9658a0, fehlerhaftes Modul gears.dll, Version 0.5.36.0, Zeitstempel 0x4b83dd45,
Ausnahmecode 0xc0000005, Fehleroffset 0x000280fa, Prozess-ID 0xc70, Anwendungsstartzeit
01cb532f1c374bcd.
[ System Events ]
Error - 15.09.2010 07:30:32 | Computer Name = Tobi-PC | Source = bowser | ID = 8003
Description =
Error - 15.09.2010 11:44:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 16.09.2010 03:01:51 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 16.09.2010 06:30:46 | Computer Name = Tobi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 16.09.2010 06:58:01 | Computer Name = Tobi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 16.09.2010 10:32:10 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.09.2010 10:39:41 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 16.09.2010 13:33:03 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.09.2010 05:49:17 | Computer Name = Tobi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 17.09.2010 10:36:35 | Computer Name = Tobi-PC | Source = DCOM | ID = 10005
Description =
< End of report >
virenfrei?  |
|
17.09.2010, 15:59
| #10 |
| /// Malware-holic | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll du hast weder servicepacks noch den internet explorer 8 aufgespielt. fange mit servicepack 1 an: Downloaddetails: Windows Vista Service Pack 1 Five Language Standalone (KB936330) servicepack 2: Downloaddetails: Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465) internet explorer 8: Internet Explorer (für Vista) - Download - CHIP Online danach windows update seite erneut aufrufen, updates einspielen. dann bitte neue otl logs erstellen und den inhalt der otl.txt posten |
|
18.09.2010, 21:16
| #11 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll OTL logfile created on: 18.09.2010 22:06:53 - Run 7 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Tobi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 93,56 Gb Free Space | 30,84% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBI-PC Current User Name: Tobi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - C:\Program Files\Naevius YouTube Converter\mon.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tobi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Tobi\AppData\Local\Temp\catchme.sys File not found DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (P1110VID) -- C:\Windows\System32\drivers\P1110Vid.sys (Creative Technology Ltd.) DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.schwerte.de/service/freemail/login/" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 12:09:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 13:44:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 16:38:28 | 000,000,000 | ---D | M] [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2009.08.12 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.09.18 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions [2009.11.30 23:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.20 21:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.08.02 19:26:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.18 09:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\5r79f0fc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.17 16:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2007.12.25 10:58:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.17 13:46:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 13:10:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org [2008.08.27 22:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.24 18:23:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.24 18:23:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.24 18:23:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.24 18:23:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.24 18:23:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.16 16:39:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Program Files\ALDI Nord Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [ALDI_SUED_FotoSuite_Download] C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation) O4 - HKLM..\Run: [recinfo284] c:\RecInfo\RecInfo.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [youtubeconverter] C:\Program Files\Naevius YouTube Converter\mon.exe () O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [FilterHost] C:\Users\Tobi\AppData\Roaming\mmserver\FilterHost.exe (Synatix GmbH) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.09.18 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2010.09.18 21:43:11 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2010.09.18 21:43:10 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2010.09.18 21:43:10 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2010.09.18 21:42:49 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2010.09.18 21:42:49 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2010.09.18 21:42:48 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2010.09.18 21:42:48 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2010.09.18 21:42:48 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2010.09.18 21:42:48 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2010.09.18 21:42:48 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2010.09.18 21:42:48 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2010.09.18 21:42:48 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2010.09.18 21:42:48 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2010.09.18 21:42:48 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2010.09.18 21:42:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2010.09.18 21:42:48 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2010.09.18 21:42:48 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2010.09.18 21:42:48 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2010.09.18 21:42:48 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2010.09.18 21:42:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.09.18 21:42:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2010.09.18 21:42:48 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2010.09.18 21:42:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2010.09.18 21:42:48 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2010.09.18 21:42:48 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2010.09.18 21:42:48 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2010.09.18 21:42:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2010.09.18 21:42:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2010.09.18 21:42:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2010.09.18 21:42:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2010.09.18 21:42:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2010.09.18 21:42:16 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2010.09.18 21:42:15 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2010.09.18 21:42:15 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2010.09.18 21:42:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2010.09.18 21:42:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2010.09.18 21:42:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2010.09.18 21:41:29 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2010.09.18 21:41:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2010.09.18 21:40:11 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.09.18 21:40:11 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.09.18 21:40:11 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.09.18 20:13:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010.09.18 20:13:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010.09.18 20:13:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010.09.18 20:07:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2010.09.18 19:59:59 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll [2010.09.18 19:59:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe [2010.09.18 19:59:07 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.09.18 19:59:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2010.09.18 19:59:06 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll [2010.09.18 19:59:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2010.09.18 19:59:04 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll [2010.09.18 19:59:04 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2010.09.18 19:59:04 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2010.09.18 19:59:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2010.09.18 19:59:03 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll [2010.09.18 19:59:03 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll [2010.09.18 19:59:03 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2010.09.18 19:59:03 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2010.09.18 19:59:03 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2010.09.18 19:59:03 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll [2010.09.18 19:58:59 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2010.09.18 19:58:59 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll [2010.09.18 19:58:59 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll [2010.09.18 19:58:59 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll [2010.09.18 19:58:59 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime [2010.09.18 19:58:59 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys [2010.09.18 19:58:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll [2010.09.18 19:58:58 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2010.09.18 19:58:58 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll [2010.09.18 19:58:58 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2010.09.18 19:58:58 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2010.09.18 19:58:58 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll [2010.09.18 19:58:58 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll [2010.09.18 19:58:58 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys [2010.09.18 19:58:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2010.09.18 19:58:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime [2010.09.18 19:58:58 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2010.09.18 19:58:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll [2010.09.18 19:58:58 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2010.09.18 19:58:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe [2010.09.18 19:58:57 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2010.09.18 19:58:56 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2010.09.18 19:58:56 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll [2010.09.18 19:58:56 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll [2010.09.18 19:58:56 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.09.18 19:58:56 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2010.09.18 19:58:56 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2010.09.18 19:58:56 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe [2010.09.18 19:58:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2010.09.18 19:58:56 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2010.09.18 19:58:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll [2010.09.18 19:58:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2010.09.18 19:58:56 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2010.09.18 19:58:55 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll [2010.09.18 19:58:55 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll [2010.09.18 19:58:55 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll [2010.09.18 19:58:55 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2010.09.18 19:58:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll [2010.09.18 19:58:55 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll [2010.09.18 19:58:55 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.09.18 19:58:55 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll [2010.09.18 19:58:55 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll [2010.09.18 19:58:55 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime [2010.09.18 19:58:55 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime [2010.09.18 19:58:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll [2010.09.18 19:58:55 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll [2010.09.18 19:58:55 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe [2010.09.18 19:58:54 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2010.09.18 19:58:54 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll [2010.09.18 19:58:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe [2010.09.18 19:58:52 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2010.09.18 19:58:52 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2010.09.18 19:58:52 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2010.09.18 19:58:52 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2010.09.18 19:58:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll [2010.09.18 19:58:52 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe [2010.09.18 19:58:51 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll [2010.09.18 19:58:50 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2010.09.18 19:58:50 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll [2010.09.18 19:58:49 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2010.09.18 19:58:49 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.09.18 19:58:49 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll [2010.09.18 19:58:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2010.09.18 19:58:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.09.18 19:58:48 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL [2010.09.18 19:58:44 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2010.09.18 19:58:37 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2010.09.18 19:58:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2010.09.18 19:58:36 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.09.18 19:58:36 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2010.09.18 19:58:36 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2010.09.18 19:58:36 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll [2010.09.18 19:58:36 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2010.09.18 19:58:36 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2010.09.18 19:58:36 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll [2010.09.18 19:58:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll [2010.09.18 19:58:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2010.09.18 19:58:36 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys [2010.09.18 19:58:36 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys [2010.09.18 19:58:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2010.09.18 19:58:35 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2010.09.18 19:58:35 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.09.18 19:58:35 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2010.09.18 19:58:35 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2010.09.18 19:58:35 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2010.09.18 19:58:35 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll [2010.09.18 19:58:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll [2010.09.18 19:58:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll [2010.09.18 19:58:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.09.18 19:58:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll [2010.09.18 19:58:34 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2010.09.18 19:58:34 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe [2010.09.18 19:58:34 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll [2010.09.18 19:58:34 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2010.09.18 19:58:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2010.09.18 19:58:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe [2010.09.18 19:58:34 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll [2010.09.18 19:58:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll [2010.09.18 19:58:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2010.09.18 19:58:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2010.09.18 19:58:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe [2010.09.18 19:58:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2010.09.18 19:58:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2010.09.18 19:58:33 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2010.09.18 19:58:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2010.09.18 19:58:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe [2010.09.18 19:58:32 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe [2010.09.18 19:58:32 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll [2010.09.18 19:58:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll [2010.09.18 19:58:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll [2010.09.18 19:58:32 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2010.09.18 19:58:31 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2010.09.18 19:58:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll [2010.09.18 19:58:31 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe [2010.09.18 19:58:31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll [2010.09.18 19:58:31 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll [2010.09.18 19:58:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll [2010.09.18 19:58:31 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2010.09.18 19:58:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll [2010.09.18 19:58:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll [2010.09.18 19:58:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe [2010.09.18 19:58:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll [2010.09.18 19:58:30 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll [2010.09.18 19:58:30 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll [2010.09.18 19:58:30 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2010.09.18 19:58:30 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll [2010.09.18 19:58:30 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll [2010.09.18 19:58:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2010.09.18 19:58:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2010.09.18 19:58:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll [2010.09.18 19:58:29 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2010.09.18 19:58:29 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2010.09.18 19:58:29 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2010.09.18 19:58:29 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2010.09.18 19:58:29 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2010.09.18 19:58:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2010.09.18 19:58:29 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll [2010.09.18 19:58:29 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2010.09.18 19:58:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2010.09.18 19:58:29 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2010.09.18 19:58:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2010.09.18 19:58:28 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2010.09.18 19:58:28 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll [2010.09.18 19:58:28 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2010.09.18 19:58:28 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2010.09.18 19:58:28 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll [2010.09.18 19:58:28 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2010.09.18 19:58:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll [2010.09.18 19:58:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll [2010.09.18 19:58:26 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll [2010.09.18 19:58:26 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll [2010.09.18 19:58:26 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll [2010.09.18 19:58:26 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll [2010.09.18 19:58:26 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll [2010.09.18 19:58:26 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll [2010.09.18 19:58:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [2010.09.18 19:58:25 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2010.09.18 19:58:25 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll [2010.09.18 19:58:25 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll [2010.09.18 19:58:25 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys [2010.09.18 19:58:24 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2010.09.18 19:58:24 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2010.09.18 19:58:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll [2010.09.18 19:58:24 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe [2010.09.18 19:58:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2010.09.18 19:58:24 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll [2010.09.18 19:58:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe [2010.09.18 19:58:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2010.09.18 19:58:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll [2010.09.18 19:58:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe [2010.09.18 19:58:23 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2010.09.18 19:58:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll [2010.09.18 19:58:23 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll [2010.09.18 19:58:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2010.09.18 19:58:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe [2010.09.18 19:58:22 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2010.09.18 19:58:22 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2010.09.18 19:58:22 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.09.18 19:58:22 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2010.09.18 19:58:22 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2010.09.18 19:58:22 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys [2010.09.18 19:58:22 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime [2010.09.18 19:58:22 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe [2010.09.18 19:58:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe [2010.09.18 19:58:22 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe [2010.09.18 19:58:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll [2010.09.18 19:58:21 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2010.09.18 19:58:21 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2010.09.18 19:58:21 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2010.09.18 19:58:21 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe [2010.09.18 19:58:21 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime [2010.09.18 19:58:20 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll [2010.09.18 19:58:20 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll [2010.09.18 19:58:20 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll [2010.09.18 19:58:20 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2010.09.18 19:58:19 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2010.09.18 19:58:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll [2010.09.18 19:58:19 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll [2010.09.18 19:58:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll [2010.09.18 19:58:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2010.09.18 19:58:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2010.09.18 19:58:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll [2010.09.18 19:58:17 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2010.09.18 19:58:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll [2010.09.18 19:58:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll [2010.09.18 19:58:17 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.09.18 19:58:16 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2010.09.18 19:58:16 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2010.09.18 19:58:15 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2010.09.18 19:58:15 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll [2010.09.18 19:58:15 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2010.09.18 19:58:15 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2010.09.18 19:58:15 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.09.18 19:58:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2010.09.18 19:58:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2010.09.18 19:58:14 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll [2010.09.18 19:58:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll [2010.09.18 19:58:13 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2010.09.18 19:58:13 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll [2010.09.18 19:58:13 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll [2010.09.18 19:58:13 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.09.18 19:58:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe [2010.09.18 19:58:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll [2010.09.18 19:58:12 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll [2010.09.18 19:58:12 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL [2010.09.18 19:58:12 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2010.09.18 19:58:12 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll [2010.09.18 19:58:12 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll [2010.09.18 19:58:12 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll [2010.09.18 19:58:12 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll [2010.09.18 19:58:12 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2010.09.18 19:58:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2010.09.18 19:58:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2010.09.18 19:58:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll [2010.09.18 19:58:11 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll [2010.09.18 19:58:11 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll [2010.09.18 19:58:11 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll [2010.09.18 19:58:11 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll [2010.09.18 19:58:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll [2010.09.18 19:58:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll [2010.09.18 19:58:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll [2010.09.18 19:58:10 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2010.09.18 19:58:10 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll [2010.09.18 19:58:10 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll [2010.09.18 19:58:10 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll [2010.09.18 19:58:10 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2010.09.18 19:58:10 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2010.09.18 19:58:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2010.09.18 19:58:09 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2010.09.18 19:58:09 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2010.09.18 19:58:09 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll [2010.09.18 19:58:09 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.09.18 19:58:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2010.09.18 19:58:09 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll [2010.09.18 19:58:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2010.09.18 19:58:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2010.09.18 19:58:08 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2010.09.18 19:58:08 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll [2010.09.18 19:58:08 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2010.09.18 19:58:08 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2010.09.18 19:58:08 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2010.09.18 19:58:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll [2010.09.18 19:58:07 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2010.09.18 19:58:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll [2010.09.18 19:58:06 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll [2010.09.18 19:58:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2010.09.18 19:58:06 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL [2010.09.18 19:58:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe [2010.09.18 19:58:05 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll [2010.09.18 19:58:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll [2010.09.18 19:58:05 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll [2010.09.18 19:58:05 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2010.09.18 19:58:04 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2010.09.18 19:58:04 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL [2010.09.18 19:58:04 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2010.09.18 19:58:04 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll [2010.09.18 19:58:04 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2010.09.18 19:58:04 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2010.09.18 19:58:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll [2010.09.18 19:58:03 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2010.09.18 19:58:03 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2010.09.18 19:58:03 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll [2010.09.18 19:58:02 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2010.09.18 19:58:02 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2010.09.18 19:58:01 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll [2010.09.18 19:58:01 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2010.09.18 19:57:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2010.09.18 19:57:58 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2010.09.18 19:57:58 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe [2010.09.18 19:57:58 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll [2010.09.18 19:57:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll [2010.09.18 19:57:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.09.18 19:57:56 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2010.09.18 19:57:56 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2010.09.18 19:57:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll [2010.09.18 19:57:55 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2010.09.18 19:57:54 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2010.09.18 19:57:54 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2010.09.18 19:57:54 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2010.09.18 19:57:54 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2010.09.18 19:57:54 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll [2010.09.18 19:57:54 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll [2010.09.18 19:57:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2010.09.18 19:57:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2010.09.18 19:57:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe [2010.09.18 19:57:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2010.09.18 19:57:51 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe [2010.09.18 19:57:51 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll [2010.09.18 19:57:51 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2010.09.18 19:57:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll [2010.09.18 19:57:50 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll [2010.09.18 19:57:49 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe [2010.09.18 19:57:49 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2010.09.18 19:57:49 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll [2010.09.18 19:57:49 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe [2010.09.18 19:57:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe [2010.09.18 19:57:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll [2010.09.18 19:57:48 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll [2010.09.18 19:57:48 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll [2010.09.18 19:57:48 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll [2010.09.18 19:57:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll [2010.09.18 19:57:47 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll [2010.09.18 19:57:47 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe [2010.09.18 19:57:47 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2010.09.18 19:57:46 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll [2010.09.18 19:57:46 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll [2010.09.18 19:57:46 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll [2010.09.18 19:57:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys [2010.09.18 19:57:44 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl [2010.09.18 19:57:44 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2010.09.18 19:57:44 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll [2010.09.18 19:57:44 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll [2010.09.18 19:57:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll [2010.09.18 19:57:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2010.09.18 19:57:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll [2010.09.18 19:57:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll [2010.09.18 19:57:43 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2010.09.18 19:57:43 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL [2010.09.18 19:57:43 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL [2010.09.18 19:57:43 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll [2010.09.18 19:57:42 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll [2010.09.18 19:57:42 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe [2010.09.18 19:57:41 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2010.09.18 19:57:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2010.09.18 19:57:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2010.09.18 19:57:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll [2010.09.18 19:57:26 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll [2010.09.18 19:57:26 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll [2010.09.18 19:57:19 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll [2010.09.18 19:57:19 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe [2010.09.18 19:57:16 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll [2010.09.18 19:57:11 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.09.18 19:57:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll [2010.09.18 19:57:08 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe [2010.09.18 19:57:08 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2010.09.18 19:57:08 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.09.18 19:57:08 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2010.09.18 19:57:08 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys [2010.09.18 19:57:07 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.09.18 19:57:07 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2010.09.18 19:56:48 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2010.09.18 19:56:46 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.09.18 19:56:46 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys [2010.09.18 19:56:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll [2010.09.18 19:56:46 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys [2010.09.18 19:56:44 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2010.09.18 19:56:41 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2010.09.18 19:56:41 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2010.09.18 19:56:40 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2010.09.18 19:56:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll [2010.09.18 19:56:39 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll [2010.09.18 19:56:39 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2010.09.18 19:56:39 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx [2010.09.18 19:56:39 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll [2010.09.18 19:56:39 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2010.09.18 19:56:39 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll [2010.09.18 19:56:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll [2010.09.18 19:56:38 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll [2010.09.18 19:56:38 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll [2010.09.18 19:56:38 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2010.09.18 19:56:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe [2010.09.18 19:56:38 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2010.09.18 19:56:38 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll [2010.09.18 19:56:38 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe [2010.09.18 19:56:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2010.09.18 19:56:38 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll [2010.09.18 19:56:38 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll [2010.09.18 19:56:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll [2010.09.18 19:56:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010.09.18 19:56:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll [2010.09.18 19:56:37 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys [2010.09.18 19:56:37 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2010.09.18 19:56:37 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe [2010.09.18 19:56:37 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2010.09.18 19:56:37 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll [2010.09.18 19:56:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2010.09.18 19:56:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe [2010.09.18 19:56:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe [2010.09.18 19:56:36 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2010.09.18 19:56:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2010.09.18 19:56:35 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll [2010.09.18 19:56:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp [2010.09.18 19:56:35 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll [2010.09.18 19:56:35 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll [2010.09.18 19:56:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2010.09.18 19:56:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2010.09.18 19:56:34 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2010.09.18 19:56:27 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2010.09.18 19:56:27 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2010.09.18 19:56:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll [2010.09.18 19:56:27 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime [2010.09.18 19:56:26 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll [2010.09.18 19:56:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2010.09.18 19:56:26 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.09.18 15:42:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.09.18 15:42:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.09.18 15:42:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.09.18 15:42:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.09.18 15:42:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.09.18 15:42:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.09.18 15:42:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.09.18 15:42:54 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.09.18 15:42:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.09.18 15:42:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.09.18 15:42:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.09.18 15:42:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.09.18 15:42:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.09.18 15:42:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.09.18 15:42:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.09.18 15:42:38 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.09.18 15:42:31 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.09.18 15:42:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.09.18 15:42:24 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.09.18 15:42:24 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.09.18 15:42:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.09.18 15:42:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.18 15:42:08 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.09.18 15:42:05 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.18 15:42:04 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.09.18 15:42:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.09.18 15:42:03 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.09.18 15:42:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.09.18 15:41:57 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.09.18 15:41:56 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.09.18 10:35:00 | 000,000,000 | ---D | C] -- C:\PerfLogs [2010.09.18 09:48:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- |
|
18.09.2010, 21:30
| #12 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll das mit den updates war schwierig, da ich häufig nicht daheim bin und ich diese dann meist vergesse, aber das problem wird durch die automatischen update-erinnerungsprogramme ja hoffentlich nun kleiner. nun alles vernünftig geupdated? ich würde übrigens grad liebend gern den zweiten teil des logs posten aber es funktioniert nicht. |
|
18.09.2010, 21:32
| #13 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll teil 2: C:\Windows\System32\recdisc.exe [2010.09.18 09:48:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll [2010.09.18 09:47:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll [2010.09.18 09:46:37 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe [2010.09.18 09:46:37 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll [2010.09.18 09:46:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll [2010.09.18 09:46:37 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx [2010.09.18 09:46:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll [2010.09.18 09:46:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr [2010.09.18 09:46:35 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL [2010.09.18 09:46:35 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe [2010.09.18 09:46:35 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll [2010.09.18 09:46:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL [2010.09.18 09:46:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll [2010.09.18 09:46:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe [2010.09.18 09:46:35 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL [2010.09.18 09:46:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll [2010.09.18 09:46:35 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll [2010.09.18 09:46:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll [2010.09.18 09:46:34 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll [2010.09.18 09:46:34 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll [2010.09.18 09:46:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll [2010.09.18 09:46:34 | 000,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdv.sys [2010.09.18 09:46:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll [2010.09.18 09:46:33 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll [2010.09.18 09:46:32 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.09.18 09:46:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll [2010.09.18 09:46:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe [2010.09.18 09:46:32 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll [2010.09.18 09:46:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll [2010.09.18 09:46:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll [2010.09.18 09:46:27 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL [2010.09.18 09:46:27 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe [2010.09.18 09:46:27 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll [2010.09.18 09:46:27 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL [2010.09.18 09:46:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll [2010.09.18 09:46:27 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll [2010.09.18 09:46:27 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll [2010.09.18 09:46:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll [2010.09.18 09:46:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll [2010.09.18 09:46:27 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll [2010.09.18 09:46:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll [2010.09.18 09:46:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll [2010.09.18 09:46:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll [2010.09.18 09:46:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll [2010.09.18 09:46:24 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll [2010.09.18 09:46:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll [2010.09.18 09:46:23 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll [2010.09.18 09:46:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll [2010.09.18 09:46:22 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe [2010.09.18 09:46:22 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll [2010.09.18 09:46:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll [2010.09.18 09:46:22 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll [2010.09.18 09:46:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll [2010.09.18 09:46:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll [2010.09.18 09:46:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll [2010.09.18 09:46:21 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll [2010.09.18 09:46:21 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE [2010.09.18 09:46:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe [2010.09.18 09:46:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll [2010.09.18 09:46:21 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll [2010.09.18 09:46:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll [2010.09.18 09:46:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2010.09.18 09:46:21 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2010.09.18 09:46:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll [2010.09.18 09:46:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe [2010.09.18 09:46:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll [2010.09.18 09:46:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll [2010.09.18 09:46:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2010.09.18 09:46:21 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2010.09.18 09:46:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe [2010.09.18 09:46:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe [2010.09.18 09:46:19 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll [2010.09.18 09:46:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll [2010.09.18 09:46:19 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe [2010.09.18 09:46:19 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll [2010.09.18 09:46:19 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe [2010.09.18 09:46:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll [2010.09.18 09:46:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe [2010.09.18 09:46:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe [2010.09.18 09:46:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe [2010.09.18 09:46:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll [2010.09.18 09:46:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll [2010.09.18 09:46:18 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr [2010.09.18 09:46:18 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL [2010.09.18 09:46:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll [2010.09.18 09:46:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll [2010.09.18 09:46:17 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe [2010.09.18 09:46:17 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll [2010.09.18 09:46:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys [2010.09.18 09:46:16 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll [2010.09.18 09:46:16 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe [2010.09.18 09:46:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl [2010.09.18 09:46:15 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll [2010.09.18 09:46:15 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll [2010.09.18 09:46:15 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax [2010.09.18 09:46:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax [2010.09.18 09:46:15 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll [2010.09.18 09:46:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll [2010.09.18 09:46:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax [2010.09.18 09:46:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe [2010.09.18 09:46:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll [2010.09.18 09:46:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll [2010.09.18 09:46:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe [2010.09.18 09:46:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll [2010.09.18 09:46:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll [2010.09.18 09:46:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll [2010.09.18 09:46:14 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl [2010.09.18 09:46:14 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll [2010.09.18 09:46:14 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll [2010.09.18 09:46:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll [2010.09.18 09:46:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll [2010.09.18 09:46:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL [2010.09.18 09:46:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL [2010.09.18 09:46:13 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL [2010.09.18 09:46:13 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL [2010.09.18 09:46:13 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe [2010.09.18 09:46:13 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL [2010.09.18 09:46:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe [2010.09.18 09:46:12 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL [2010.09.18 09:46:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll [2010.09.18 09:46:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll [2010.09.18 09:46:11 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll [2010.09.18 09:46:11 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll [2010.09.18 09:46:10 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll [2010.09.18 09:46:10 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe [2010.09.18 09:46:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll [2010.09.18 09:46:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe [2010.09.18 09:46:08 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe [2010.09.18 09:46:08 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll [2010.09.18 09:46:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll [2010.09.18 09:46:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll [2010.09.18 09:46:08 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe [2010.09.18 09:46:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll [2010.09.18 09:46:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2010.09.18 09:46:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys [2010.09.18 09:46:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll [2010.09.18 09:46:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll [2010.09.18 09:46:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe [2010.09.18 09:46:05 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe [2010.09.18 09:46:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll [2010.09.18 09:46:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe [2010.09.18 09:46:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe [2010.09.18 09:46:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll [2010.09.18 09:46:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll [2010.09.18 09:46:03 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll [2010.09.18 09:46:03 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll [2010.09.18 09:46:03 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl [2010.09.18 09:46:03 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll [2010.09.18 09:46:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll [2010.09.18 09:46:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll [2010.09.18 09:46:02 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL [2010.09.18 09:46:02 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll [2010.09.18 09:46:02 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll [2010.09.18 09:46:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2010.09.18 09:46:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll [2010.09.18 09:46:01 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll [2010.09.18 09:46:01 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll [2010.09.18 09:46:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe [2010.09.18 09:46:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll [2010.09.18 09:46:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll [2010.09.18 09:46:01 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll [2010.09.18 09:46:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll [2010.09.18 09:46:00 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll [2010.09.18 09:46:00 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe [2010.09.18 09:46:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll [2010.09.18 09:46:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll [2010.09.18 09:46:00 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll [2010.09.18 09:46:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll [2010.09.18 09:45:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll [2010.09.18 09:45:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll [2010.09.18 09:45:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE [2010.09.18 09:45:58 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2010.09.18 09:45:58 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll [2010.09.18 09:45:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe [2010.09.18 09:45:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe [2010.09.18 09:45:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll [2010.09.18 09:45:58 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll [2010.09.18 09:45:57 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr [2010.09.18 09:45:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL [2010.09.18 09:45:57 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.09.18 09:45:57 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll [2010.09.18 09:45:57 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll [2010.09.18 09:45:57 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe [2010.09.18 09:45:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll [2010.09.18 09:45:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe [2010.09.18 09:45:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe [2010.09.18 09:45:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll [2010.09.18 09:45:56 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll [2010.09.18 09:45:56 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2010.09.18 09:45:56 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2010.09.18 09:45:56 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys [2010.09.18 09:45:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe [2010.09.18 09:45:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rapistub.dll [2010.09.18 09:45:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll [2010.09.18 09:45:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe [2010.09.18 09:45:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll [2010.09.18 09:45:54 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll [2010.09.18 09:45:54 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll [2010.09.18 09:45:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll [2010.09.18 09:45:54 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL [2010.09.18 09:45:54 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll [2010.09.18 09:45:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL [2010.09.18 09:45:54 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL [2010.09.18 09:45:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL [2010.09.18 09:45:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe [2010.09.18 09:45:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe [2010.09.18 09:45:53 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll [2010.09.18 09:45:53 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll [2010.09.18 09:45:53 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll [2010.09.18 09:45:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe [2010.09.18 09:45:53 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll [2010.09.18 09:45:53 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll [2010.09.18 09:45:53 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll [2010.09.18 09:45:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe [2010.09.18 09:45:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll [2010.09.18 09:45:52 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll [2010.09.18 09:45:52 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll [2010.09.18 09:45:52 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll [2010.09.18 09:45:52 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl [2010.09.18 09:45:52 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe [2010.09.18 09:45:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll [2010.09.18 09:45:52 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll [2010.09.18 09:45:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll [2010.09.18 09:45:52 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll [2010.09.18 09:45:51 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll [2010.09.18 09:45:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe [2010.09.18 09:45:51 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe [2010.09.18 09:45:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2010.09.18 09:45:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll [2010.09.18 09:45:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll [2010.09.18 09:45:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll [2010.09.18 09:45:50 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe [2010.09.18 09:45:50 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe [2010.09.18 09:45:50 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe [2010.09.18 09:45:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe [2010.09.18 09:45:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL [2010.09.18 09:45:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll [2010.09.18 09:45:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe [2010.09.18 09:45:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll [2010.09.18 09:45:49 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe [2010.09.18 09:45:49 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll [2010.09.18 09:45:49 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll [2010.09.18 09:45:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe [2010.09.18 09:45:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll [2010.09.18 09:45:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll [2010.09.18 09:45:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll [2010.09.18 09:45:48 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll [2010.09.18 09:45:48 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll [2010.09.18 09:45:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll [2010.09.18 09:45:48 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll [2010.09.18 09:45:48 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe [2010.09.18 09:45:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll [2010.09.18 09:45:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll [2010.09.18 09:45:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll [2010.09.18 09:45:48 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe [2010.09.18 09:45:48 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe [2010.09.18 09:45:47 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll [2010.09.18 09:45:47 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll [2010.09.18 09:45:47 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL [2010.09.18 09:45:47 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe [2010.09.18 09:45:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.09.18 09:45:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll [2010.09.18 09:45:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll [2010.09.18 09:45:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll [2010.09.18 09:45:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll [2010.09.18 09:45:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll [2010.09.18 09:45:46 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll [2010.09.18 09:45:46 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe [2010.09.18 09:45:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll [2010.09.18 09:45:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL [2010.09.18 09:45:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll [2010.09.18 09:45:46 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll [2010.09.18 09:45:45 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe [2010.09.18 09:45:45 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl [2010.09.18 09:45:45 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll [2010.09.18 09:45:45 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll [2010.09.18 09:45:45 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll [2010.09.18 09:45:45 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll [2010.09.18 09:45:45 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll [2010.09.18 09:45:44 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll [2010.09.18 09:45:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll [2010.09.18 09:45:44 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe [2010.09.18 09:45:44 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe [2010.09.18 09:45:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2010.09.18 09:45:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll [2010.09.18 09:45:44 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll [2010.09.18 09:45:44 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll [2010.09.18 09:45:43 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll [2010.09.18 09:45:43 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2010.09.18 09:45:43 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2010.09.18 09:45:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll [2010.09.18 09:45:43 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll [2010.09.18 09:45:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe [2010.09.18 09:45:43 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll [2010.09.18 09:45:43 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys [2010.09.18 09:45:43 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll [2010.09.18 09:45:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe [2010.09.18 09:45:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll [2010.09.18 09:45:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll [2010.09.18 09:45:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll [2010.09.18 09:45:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll [2010.09.18 09:45:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2010.09.18 09:45:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll [2010.09.18 09:45:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll [2010.09.18 09:45:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll [2010.09.18 09:45:42 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE [2010.09.18 09:45:42 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx [2010.09.18 09:45:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll [2010.09.18 09:45:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll [2010.09.18 09:45:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll [2010.09.18 09:45:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys [2010.09.18 09:45:41 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll [2010.09.18 09:45:41 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll [2010.09.18 09:45:41 | 000,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll [2010.09.18 09:45:41 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll [2010.09.18 09:45:41 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll [2010.09.18 09:45:41 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe [2010.09.18 09:45:40 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll [2010.09.18 09:45:40 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr [2010.09.18 09:45:40 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll [2010.09.18 09:45:40 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll [2010.09.18 09:45:40 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll [2010.09.18 09:45:40 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe [2010.09.18 09:45:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe [2010.09.18 09:45:39 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe [2010.09.18 09:45:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll [2010.09.18 09:45:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll [2010.09.18 09:45:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe [2010.09.18 09:45:38 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll [2010.09.18 09:45:38 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll [2010.09.18 09:45:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe [2010.09.18 09:45:38 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll [2010.09.18 09:45:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys [2010.09.18 09:45:37 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll [2010.09.18 09:45:37 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll [2010.09.18 09:45:37 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll [2010.09.18 09:45:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll [2010.09.18 09:45:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb [2010.09.18 09:45:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe [2010.09.18 09:45:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\avc.sys [2010.09.18 09:45:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll [2010.09.18 09:45:37 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\avcstrm.sys [2010.09.18 09:45:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll [2010.09.18 09:45:36 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll [2010.09.18 09:45:36 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll [2010.09.18 09:45:36 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys [2010.09.18 09:45:36 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\61883.sys [2010.09.18 09:45:35 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll [2010.09.18 09:45:35 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll [2010.09.18 09:45:35 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll [2010.09.18 09:45:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2010.09.18 09:45:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2010.09.18 09:45:34 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr [2010.09.18 09:45:34 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll [2010.09.18 09:45:34 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll [2010.09.18 09:45:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll [2010.09.18 09:45:33 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll [2010.09.18 09:45:33 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll [2010.09.18 09:45:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll [2010.09.18 09:45:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe [2010.09.18 09:45:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll [2010.09.18 09:45:32 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll [2010.09.18 09:45:32 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL [2010.09.18 09:45:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe [2010.09.18 09:45:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe [2010.09.18 09:45:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll [2010.09.18 09:45:31 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2010.09.18 09:45:31 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll [2010.09.18 09:45:31 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll [2010.09.18 09:45:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll [2010.09.18 09:45:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe [2010.09.18 09:45:24 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll [2010.09.18 09:44:59 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll [2010.09.18 09:44:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe [2010.09.18 09:44:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll [2010.09.18 09:44:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- |
|
18.09.2010, 21:33
| #14 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll teil 3 C:\Windows\System32\iashost.exe [2010.09.18 09:44:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll [2010.09.18 09:44:48 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll [2010.09.18 09:44:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll [2010.09.18 09:44:47 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll [2010.09.18 09:44:47 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll [2010.09.18 09:44:47 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe [2010.09.18 09:44:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll [2010.09.18 09:44:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll [2010.09.18 09:44:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe [2010.09.18 09:44:46 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll [2010.09.18 09:44:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll [2010.09.18 09:44:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll [2010.09.18 09:44:45 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll [2010.09.18 09:44:45 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll [2010.09.18 09:44:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2010.09.18 09:44:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll [2010.09.18 09:44:45 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll [2010.09.18 09:44:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe [2010.09.18 09:44:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll [2010.09.18 09:44:44 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx [2010.09.18 09:44:44 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe [2010.09.18 09:44:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll [2010.09.18 09:44:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll [2010.09.18 09:44:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe [2010.09.18 09:44:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll [2010.09.18 09:44:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax [2010.09.18 09:44:44 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2010.09.18 09:44:44 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2010.09.18 09:44:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll [2010.09.18 09:44:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com [2010.09.18 09:44:40 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe [2010.09.18 09:44:40 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe [2010.09.18 09:44:39 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll [2010.09.18 09:44:39 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll [2010.09.18 09:44:39 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll [2010.09.18 09:44:39 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll [2010.09.18 09:44:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.09.18 09:44:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll [2010.09.18 09:44:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll [2010.09.18 09:44:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL [2010.09.18 09:44:38 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll [2010.09.18 09:44:38 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll [2010.09.18 09:44:38 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.09.18 09:44:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll [2010.09.18 09:44:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll [2010.09.18 09:44:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2010.09.18 09:44:37 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.09.18 09:44:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe [2010.09.18 09:44:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.09.18 09:44:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.09.18 09:44:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll [2010.09.18 09:44:36 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll [2010.09.18 09:44:36 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll [2010.09.18 09:44:36 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe [2010.09.18 09:44:36 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll [2010.09.18 09:44:36 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe [2010.09.18 09:44:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll [2010.09.18 09:44:34 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.09.18 09:44:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe [2010.09.18 09:44:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.09.18 09:44:34 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2010.09.18 09:44:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll [2010.09.18 09:44:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl [2010.09.18 09:44:33 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll [2010.09.18 09:44:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll [2010.09.18 09:44:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll [2010.09.18 09:44:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll [2010.09.18 09:44:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll [2010.09.18 09:44:32 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2010.09.18 09:44:32 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll [2010.09.18 09:44:31 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll [2010.09.18 09:44:31 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe [2010.09.18 09:44:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe [2010.09.18 09:44:30 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll [2010.09.18 09:44:30 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll [2010.09.18 09:44:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2010.09.18 09:44:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll [2010.09.18 09:44:29 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll [2010.09.18 09:44:29 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll [2010.09.18 09:44:29 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2010.09.18 09:44:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe [2010.09.18 09:44:29 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.09.18 09:44:29 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2010.09.18 09:44:29 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.09.18 09:44:29 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax [2010.09.18 09:44:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.09.18 09:44:29 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2010.09.18 09:44:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll [2010.09.18 09:44:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.09.18 09:44:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll [2010.09.18 09:44:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll [2010.09.18 09:44:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.09.18 09:44:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL [2010.09.18 09:44:29 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll [2010.09.18 09:44:28 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll [2010.09.18 09:44:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll [2010.09.18 09:44:27 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL [2010.09.18 09:44:27 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll [2010.09.18 09:44:27 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL [2010.09.18 09:44:27 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll [2010.09.18 09:44:27 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll [2010.09.18 09:44:27 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll [2010.09.18 09:44:27 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll [2010.09.18 09:44:27 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll [2010.09.18 09:44:27 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys [2010.09.18 09:44:26 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL [2010.09.18 09:44:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL [2010.09.18 09:44:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll [2010.09.18 09:44:25 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2010.09.18 09:44:25 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL [2010.09.18 09:44:25 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll [2010.09.18 09:44:25 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll [2010.09.18 09:44:24 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll [2010.09.18 09:44:24 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll [2010.09.18 09:44:23 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll [2010.09.18 09:44:23 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe [2010.09.18 09:44:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.09.18 09:44:22 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe [2010.09.18 09:44:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe [2010.09.18 09:44:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll [2010.09.18 09:44:21 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl [2010.09.18 09:44:21 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll [2010.09.18 09:44:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll [2010.09.18 09:44:21 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe [2010.09.18 09:44:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll [2010.09.18 09:44:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys [2010.09.18 09:44:21 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys [2010.09.18 09:44:20 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll [2010.09.18 09:44:20 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll [2010.09.18 09:44:20 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr [2010.09.18 09:44:20 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll [2010.09.18 09:44:20 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll [2010.09.18 09:44:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll [2010.09.18 09:44:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe [2010.09.18 09:44:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll [2010.09.18 09:44:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2010.09.18 09:44:19 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll [2010.09.18 09:44:19 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr [2010.09.18 09:44:19 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll [2010.09.18 09:44:19 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe [2010.09.18 09:44:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll [2010.09.18 09:44:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll [2010.09.18 09:44:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll [2010.09.18 09:44:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll [2010.09.18 09:44:18 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll [2010.09.18 09:44:18 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll [2010.09.18 09:44:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2010.09.18 09:44:18 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe [2010.09.18 09:44:18 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll [2010.09.18 09:44:17 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll [2010.09.18 09:44:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll [2010.09.18 09:44:17 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe [2010.09.18 09:44:16 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll [2010.09.18 09:44:16 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll [2010.09.18 09:44:16 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll [2010.09.18 09:44:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2010.09.18 09:44:15 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll [2010.09.18 09:44:15 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe [2010.09.18 09:44:15 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2010.09.18 09:44:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll [2010.09.18 09:44:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll [2010.09.18 09:44:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll [2010.09.18 09:44:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL [2010.09.18 09:44:13 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax [2010.09.18 09:44:13 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys [2010.09.18 09:44:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax [2010.09.18 09:44:13 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll [2010.09.18 09:44:12 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll [2010.09.18 09:44:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe [2010.09.18 09:44:12 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll [2010.09.18 09:44:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll [2010.09.18 09:44:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll [2010.09.18 09:44:12 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe [2010.09.18 09:44:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll [2010.09.18 09:44:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll [2010.09.18 09:44:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll [2010.09.18 09:44:12 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll [2010.09.18 09:44:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe [2010.09.18 09:44:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe [2010.09.18 09:44:10 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll [2010.09.18 09:44:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll [2010.09.18 09:44:10 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll [2010.09.18 09:44:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll [2010.09.18 09:44:09 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll [2010.09.18 09:44:09 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll [2010.09.18 09:44:09 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll [2010.09.18 09:44:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll [2010.09.18 09:44:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe [2010.09.18 09:44:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2010.09.18 09:44:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe [2010.09.18 09:44:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys [2010.09.18 09:44:08 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll [2010.09.18 09:44:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll [2010.09.18 09:44:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll [2010.09.18 09:44:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll [2010.09.18 09:39:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2010.09.18 09:18:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.09.18 09:18:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.09.18 09:18:18 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.09.18 09:18:18 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.09.18 09:18:18 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.09.18 09:18:18 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.09.18 09:18:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.09.18 09:18:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.09.18 09:18:17 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.09.18 09:18:17 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.09.18 09:18:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.09.18 09:18:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.09.18 09:18:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.09.18 09:18:17 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.09.18 09:18:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.09.18 09:18:16 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.09.18 09:18:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.09.18 09:18:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.09.18 09:18:15 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.09.18 09:18:15 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.09.18 09:18:15 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.09.18 09:18:15 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.09.18 09:18:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.09.18 09:18:15 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.09.18 09:18:15 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.09.17 16:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010.09.17 14:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2 [2010.09.17 14:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2010.09.17 14:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2010.09.17 14:18:43 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2010.09.17 14:18:42 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2010.09.17 14:18:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2010.09.17 14:18:41 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2010.09.17 14:18:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2010.09.17 14:18:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2010.09.17 14:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2010.09.17 14:16:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.09.17 13:46:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.17 13:46:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.17 13:46:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.17 13:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com [2010.09.17 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.09.17 12:12:18 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010.09.17 11:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2010.09.16 20:10:41 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira [2010.09.16 20:08:22 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.09.16 20:08:22 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.09.16 20:08:22 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.09.16 20:08:22 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.09.16 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.09.16 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.09.16 19:28:33 | 000,000,000 | ---D | C] -- C:\_OTL [2010.09.16 16:41:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.16 16:41:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.09.16 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\temp [2010.09.16 16:30:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.09.16 16:30:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.09.16 16:30:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.09.16 16:30:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.09.16 16:30:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.09.16 16:30:33 | 000,000,000 | ---D | C] -- C:\Cofi [2010.09.16 16:28:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.09.16 13:10:36 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.09.16 12:54:40 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Tracing [2010.09.16 12:53:43 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys [2010.09.16 12:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2010.09.16 12:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010.09.16 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010.09.16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.09.16 12:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010.09.16 12:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010.09.16 12:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010.09.16 12:27:33 | 000,197,632 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM78.DLL [2010.09.15 13:02:18 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.15 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Sunbelt Software [2010.09.15 12:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.09.15 00:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.09.14 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2010.09.14 23:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.14 23:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 23:35:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.14 23:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.14 23:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.09.12 23:20:22 | 000,000,000 | ---D | C] -- C:\Users\Tobi\dt05_x.img [2010.09.10 18:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2010.09.18 22:07:30 | 003,145,728 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat [2010.09.18 22:05:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4543B1A4-40CE-40BF-94A7-825C9CDE50F4}.job [2010.09.18 22:01:53 | 000,002,623 | ---- | M] () -- C:\Users\Tobi\Desktop\Microsoft Word.lnk [2010.09.18 21:53:52 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.18 21:53:52 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.18 21:53:52 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.18 21:53:51 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.18 21:53:51 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.18 21:48:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.18 21:47:50 | 000,524,288 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{124cbaa5-c363-11dc-a840-001cf089eb58}.TMContainer00000000000000000001.regtrans-ms [2010.09.18 21:47:50 | 000,065,536 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{124cbaa5-c363-11dc-a840-001cf089eb58}.TM.blf [2010.09.18 21:47:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 21:47:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 21:47:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.18 21:47:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.18 21:47:04 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys [2010.09.18 21:44:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.09.18 21:44:38 | 001,938,765 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db [2010.09.18 21:24:37 | 000,294,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.18 20:47:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.18 20:11:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2010.09.18 10:45:04 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010.09.18 10:17:03 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2010.09.18 10:16:58 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2010.09.18 10:06:17 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2010.09.17 18:07:16 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.09.17 16:38:28 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.17 14:25:45 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.17 14:22:15 | 000,001,615 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.09.17 14:18:47 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.09.17 14:05:22 | 000,000,234 | ---- | M] () -- C:\Windows\Sierra.ini [2010.09.17 13:43:27 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.17 13:43:21 | 000,001,760 | ---- | M] () -- C:\Users\Tobi\Desktop\Update Checker.lnk [2010.09.17 12:13:28 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.17 12:12:20 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.09.16 20:08:50 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.16 19:33:04 | 000,099,721 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.16 19:33:04 | 000,099,721 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.16 16:39:44 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.09.16 16:39:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.16 16:15:46 | 003,845,701 | R--- | M] () -- C:\Users\Tobi\Desktop\Cofi.exe [2010.09.16 12:49:31 | 000,000,764 | ---- | M] () -- C:\Users\Tobi\Documents\Meine freigegebenen Ordner.lnk [2010.09.15 17:37:48 | 000,011,264 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.15 13:02:18 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.09.14 23:35:16 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:10 | 000,511,968 | ---- | M] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.13 14:30:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\PESEdit.com 2010 Patch.lnk [2010.09.10 18:52:48 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.08.26 14:07:23 | 000,027,136 | ---- | M] () -- C:\Users\Tobi\Documents\Hi Tobi.doc ========== Files Created - No Company Name ========== [2010.09.18 21:44:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010.09.18 20:11:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2010.09.18 19:58:56 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2010.09.18 19:58:54 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2010.09.18 19:58:54 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2010.09.18 19:58:36 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2010.09.18 19:58:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.09.18 19:58:34 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2010.09.18 19:57:55 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2010.09.18 19:57:53 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls [2010.09.18 19:57:49 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2010.09.18 19:56:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.09.18 19:56:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.09.18 19:56:38 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2010.09.18 19:56:38 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2010.09.18 19:56:34 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2010.09.18 15:42:55 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.09.18 09:46:33 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf [2010.09.18 09:44:45 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc [2010.09.18 09:44:44 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs [2010.09.18 09:44:37 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.09.18 09:41:06 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl [2010.09.17 16:38:28 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.17 14:25:45 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.09.17 14:22:15 | 000,001,615 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.09.17 14:18:47 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2010.09.17 14:18:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.09.17 13:43:27 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.17 13:43:21 | 000,001,760 | ---- | C] () -- C:\Users\Tobi\Desktop\Update Checker.lnk [2010.09.17 12:13:28 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.16 20:08:50 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.16 16:30:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.09.16 16:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.09.16 16:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.09.16 16:30:39 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.09.16 16:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.09.16 16:15:35 | 003,845,701 | R--- | C] () -- C:\Users\Tobi\Desktop\Cofi.exe [2010.09.14 23:35:16 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 23:21:30 | 000,511,968 | ---- | C] () -- C:\Users\Tobi\Desktop\sdsetup.exe [2010.09.10 18:52:48 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.26 14:07:23 | 000,027,136 | ---- | C] () -- C:\Users\Tobi\Documents\Hi Tobi.doc [2010.02.10 12:47:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.24 17:38:45 | 000,099,721 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.24 17:38:43 | 000,099,721 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.14 14:01:36 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.02 20:00:17 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2009.11.02 20:00:17 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2009.11.02 20:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.11.02 19:59:56 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.11.02 19:59:56 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009.11.02 19:58:14 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.12 15:39:55 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2009.07.04 11:21:05 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009.07.03 22:38:04 | 000,000,234 | ---- | C] () -- C:\Windows\Sierra.ini [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.22 13:34:59 | 000,081,888 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\mdbu.bin [2009.04.09 14:54:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.04.09 14:54:31 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.14 17:05:53 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.05.01 17:33:04 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.03.25 15:57:46 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.01.18 18:03:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.15 14:17:07 | 000,001,356 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat [2007.12.27 18:07:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.25 14:00:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.25 01:55:03 | 000,011,264 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Tobi\Desktop\Lieferbar Spot2.avi:TOC.WMV < End of report > |
|
18.09.2010, 21:34
| #15 |
| | BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll sorry für die ganzen posts aber es funktionierte auch keine textbox?! |
|
| Themen zu BDS/Papras.RL in C:\Users\Tobi\AppData\Local\Temp\forfkrnl.dll |
| 7-zip, acroiehelper.dll, ad-aware, alternate, antivir, audacity, audiograbber, avgntflt.sys, avira, bho, bonjour, components, converter, corp./icp, desktop, druck, error, firefox, firefox.exe, flash player, google, graphic, home, home premium, iastor.sys, install.exe, kaspersky, local\temp, location, logfile, mozilla, mp3, need for speed, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, svchost.exe, usb, visual studio, vlc media player, youtube converter, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
