Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   VLC Player von vlc.de runtergeladen - nun infizierter Computer? Symptom: startseite geändert (https://www.trojaner-board.de/123767-vlc-player-vlc-de-runtergeladen-infizierter-computer-symptom-startseite-geaendert.html)

maurizio 08.09.2012 23:39
VLC Player von vlc.de runtergeladen - nun infizierter Computer? Symptom: startseite geändert
 
Hallo,

ich wollte mir gestern "auf die Schnelle" den VLC player runterladen und habe dies ohne nachzudenken von der ersten bei Google angezeigten Seite getan - h**p://www.vlc.de . Als ich den Player installiert hatte und ins Internet ging, war meine Startseite auf hxxp://www.startfenster.com geändert. Dies ließ sich aber in den Firefox-Einstellungen ändern und stellte sich auch nach einem Neustart von Firefox nicht wieder um. Außerdem fand ich auf meinem Desktop eine Verknüpfung auf die Internetseite startfenster.com, die ich in den Papierkorb verschob und diesen anschließend leerte. Dann deinstallierte ich den VLC-Player über die Windows-Systemsteuerung.
Ich verwende avast und ließ nun einen Komplettscan durchführen, bei dem ich auch meine externe Festplatte, die ich auch zum Zeitpunkt der Installation des VLC-Players angeschlossen hatte, anschloss. Dieser Scan führte keine infizierten Dateien zu Tage, avast meldete lediglich, dass einige Dateien nicht überprüft werden konnten, da die Archive kennwortgeschützt seien. Diese Dateien befinden sich im Ordner C:\$RecycleBin oder C:\Users\Moritz\AppData\Local\Temp. Leider weiß ich nicht, wie ich diese Prüfergebnisse in eine Textdatei bekomme, um sie hier zu posten.

Da dies für mich kein zufriedenstellendes Ergebnis war, ging ich auf Online-Recherche und wurde hier bei trojanerboard fündig. In dem Thread http://www.trojaner-board.de/66529-w...ware-mehr.html hat gezopfer ein ähnliches Problem.

Allerdings ist dieser Thread schon älter und meine Startseite wurde ja uch auf eine andere Seite geändert, sodass ich annehme, dass es sich um eine neuere Version des Schadprogrammes handelt. Deshalb eröffne ich hier einen neuen Thread.

Die dort von undoreal beschriebene Anleitung habe ich durchgelesen, allerdings ist dies mein erster Kontakt mit Schadsoftware und deshalb habe ich beispielsweise keine Ahnung was "hijackthis" ist.

Ich würde mich also über eine Anleitung freuen, die etwas früher ansetzt.

Weiter habe ich jetzt noch nichts unternommen.

Ich habe meinen Laptop gerade neu aufgesetzt, wobei ich die C-Partition formatiert habe. Seitdem habe ich noch nicht viel gemacht, bis auf Microsoft Office 2010, für das ich eine legale Lizenz erworben habe, sowie avast und vlc zu installieren, sodass ich auch schon überlegt einfach noch einmal C zu formatieren und Windows 7 neu zu installieren. Allerdings habe ich meine Daten auf der externen Festplatte gesichert, die ja wie oben erwähnt während der Installation von VLC angeschlossen war. Somit weiß ich nicht ob diese vielleicht auch infiziert ist.

Vielen Dank schon mal im Voraus

Maurizio

PS: Ich hatte dieses Thema erst im falschen Subforum gepostet. Ich hoffe ich bin hier jetzt richtig.

t'john 09.09.2012 01:55
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

maurizio 09.09.2012 10:28
hallo t'john,

erstmal vielen Dank für deine superschnelle Rückmeldung!

Ich würde gern eine Formatierung durchführen, aber ich kann meine externe Festplatte ja aufgrund der darauf vorhandenen Daten nicht formatieren und ich weiß ja nun nicht, ob die auch infiziert ist. Ich dachte mir jetzt nur, da ich ja dann für die externe sowieso die Bereinigung durchführen muss, macht es dann doch zeitmäßig nicht so den Unterschied, ob ich nur die externe oder auch den laptop bereinige, oder?
Abgesehen davon schreibt sich der Schädling nicht vielleicht wieder auf meinen Laptop, wenn ich erst formatiere und dann wieder die externe anschließe, um sie zu beinigen?

Wie gesagt ist es mein erster Kontakt mit Schadsoftware, deshalb kenne ich leider die Verbreitungswege solcher Software nur von prominenten Fällen wie bspw. Stuxnet, der sich ja automatisch auf alle Laufwerke geschrieben hat.

Vielen Dank

Moritz

t'john 09.09.2012 23:50
Fuehre die oben genannten Schritte durch!

Wahrscheinlich hast du garkeinen Schaedling auf dem Rechner!

maurizio 10.09.2012 21:16
hallo t'john,

habe nun beide programme laufen lassen.

Hier ist das log von malwarebytes:

---------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.10.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***:: ***-NOTEBOOK [Administrator]

10.09.2012 15:26:22
mbam-log-2012-09-10 (16-45-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 298916
Laufzeit: 1 Stunde(n), 3 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-----------------------




ich hoffe das hilft weiter.
Hinweis: ich habe entsprechend der anleitung meinen namen überall durch *** ersetzt.

vielen dank

maurizio

hier die erste von otl: otl.txt

------------------------------------

OTL logfile created on: 10.09.2012 17:19:18 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,27% Memory free
5,99 Gb Paging File | 4,75 Gb Available in Paging File | 79,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,45 Gb Total Space | 255,70 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Drive D: | 10,64 Gb Total Space | 1,30 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive F: | 983,72 Mb Total Space | 62,56 Mb Free Space | 6,36% Space Free | Partition Type: FAT
Drive G: | 931,51 Gb Total Space | 128,03 Gb Free Space | 13,74% Space Free | Partition Type: NTFS

Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3503.38409__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()


========== Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3688508481-3698709217-2400867380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Startfenster.com - Mein Fenster ins Internet
IE - HKU\S-1-5-21-3688508481-3698709217-2400867380-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3688508481-3698709217-2400867380-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.auto-motor-und-sport.de/"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.01 21:46:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 22:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.01 22:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.09.01 22:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.05 19:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ez0lutys.default\extensions
[2012.09.05 19:33:22 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ez0lutys.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.09.05 18:19:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ez0lutys.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.09.05 18:18:06 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ez0lutys.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.05 15:24:56 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ez0lutys.default\searchplugins\firefox-add-ons.xml
[2012.09.01 22:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A58C23C-F7C2-45BD-8D53-286735C87EC8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.10 17:08:09 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.10 15:22:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.10 15:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 15:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 15:21:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.10 15:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.10 15:18:40 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.10 12:10:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2012.09.10 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard
[2012.09.10 12:09:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012.09.07 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.09.07 21:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.09.06 17:38:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\C
[2012.09.06 15:54:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012.09.06 15:54:42 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012.09.06 15:54:33 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012.09.06 15:54:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012.09.05 18:38:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.05 18:37:27 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.09.05 18:36:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2012.09.05 18:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.05 18:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.09.05 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nero
[2012.09.05 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.09.05 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.09.05 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.09.05 15:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.09.05 15:29:49 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.05 15:29:49 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.05 15:29:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012.09.05 15:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.04 17:56:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.09.04 17:56:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.04 17:56:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.04 17:56:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.04 17:56:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.04 17:56:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.09.04 17:56:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.09.04 17:56:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.09.04 17:56:42 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.09.04 17:56:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.04 17:56:42 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.09.04 17:56:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.09.04 17:56:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.04 17:56:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.09.04 17:56:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.09.04 17:56:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.09.04 17:56:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.09.04 17:56:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.09.04 17:56:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.04 17:56:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.09.04 17:56:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.09.04 17:56:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.09.04 17:56:42 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.09.04 17:56:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.09.04 17:56:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.09.04 17:56:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.09.04 17:56:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.09.04 17:56:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.09.04 17:56:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.09.04 17:56:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.04 17:56:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.09.04 17:56:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.09.04 17:56:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.09.04 17:56:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.09.04 17:56:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.09.04 17:56:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.09.04 17:56:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.09.04 17:52:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.09.04 17:39:08 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.09.04 17:39:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.09.04 17:37:38 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.09.04 17:36:54 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.09.04 17:36:54 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.09.04 17:36:52 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.09.04 17:36:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.09.04 17:36:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.09.04 17:36:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.09.04 17:36:48 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.09.04 17:36:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.09.04 17:36:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.09.04 17:36:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.09.04 17:36:31 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012.09.04 17:36:30 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012.09.04 17:36:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012.09.04 17:36:25 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.09.04 17:35:54 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.09.04 17:35:53 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.09.04 17:35:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012.09.04 17:35:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.09.04 17:35:47 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.09.04 17:35:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.09.04 17:35:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.09.04 17:35:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.09.04 17:35:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.09.04 17:35:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.09.04 17:35:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.09.04 17:35:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.09.04 17:35:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.09.04 17:35:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.09.04 17:35:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.09.04 17:35:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.09.04 17:35:42 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.09.04 17:35:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.09.04 17:35:35 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.09.04 17:35:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012.09.04 17:35:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012.09.04 17:35:23 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012.09.04 17:35:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.09.04 17:35:21 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012.09.04 17:35:21 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012.09.04 17:35:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012.09.04 17:35:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012.09.04 17:35:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012.09.04 17:35:19 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.09.04 17:35:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.09.04 17:35:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.09.04 17:35:10 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.09.04 17:35:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.09.04 17:35:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.09.04 17:35:06 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.09.04 17:34:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.09.04 17:34:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.09.04 17:34:46 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.09.04 17:34:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.09.04 17:34:43 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.09.04 17:34:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012.09.04 17:34:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012.09.04 17:34:20 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012.09.04 17:34:20 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012.09.04 17:33:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012.09.04 17:33:42 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012.09.04 17:33:41 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012.09.04 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Outlook-Dateien
[2012.09.02 03:18:33 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.09.02 03:18:16 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.09.01 22:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012.09.01 22:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012.09.01 22:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.09.01 22:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012.09.01 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2012.09.01 22:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.09.01 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.09.01 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.09.01 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.09.01 22:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.01 22:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.01 22:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.01 22:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.09.01 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.09.01 22:08:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.09.01 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.09.01 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.09.01 22:05:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2012.09.01 22:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.09.01 22:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.09.01 22:04:34 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.09.01 22:03:21 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.09.01 21:59:12 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.09.01 21:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.01 21:47:20 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.09.01 21:47:20 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.09.01 21:47:18 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.09.01 21:47:17 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.09.01 21:47:16 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.09.01 21:47:13 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.09.01 21:46:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.09.01 21:46:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.01 21:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.01 21:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.09.01 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI
[2012.09.01 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI
[2012.09.01 21:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.09.01 19:09:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.09.01 19:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.09.01 19:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012.09.01 19:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2012.09.01 19:01:49 | 000,000,000 | ---D | C] -- C:\System.sav
[2012.09.01 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.09.01 19:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.09.01 19:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.09.01 19:00:14 | 000,000,000 | ---D | C] -- C:\HP
[2012.09.01 18:57:21 | 007,360,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSUSTORicon.dll
[2012.09.01 18:56:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA
[2012.09.01 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\JMicron
[2012.09.01 18:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012.09.01 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hpqLog
[2012.09.01 18:53:30 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
[2012.09.01 18:53:30 | 000,015,872 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys
[2012.09.01 18:53:29 | 001,885,488 | R--- | C] (Hewlett-Packard Company) -- C:\Windows\System32\BttnCmn.dll
[2012.09.01 18:53:29 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\BttnCmns.dll
[2012.09.01 18:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012.09.01 18:52:14 | 000,303,160 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32.dll
[2012.09.01 18:52:14 | 000,106,552 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwi2c32.dll
[2012.09.01 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinTV
[2012.09.01 18:52:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Hauppauge
[2012.09.01 18:51:25 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll
[2012.09.01 18:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\HP USB TV Tuner
[2012.09.01 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.09.01 18:50:22 | 000,028,344 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys
[2012.09.01 18:50:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.09.01 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012.09.01 18:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.09.01 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012.09.01 18:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.09.01 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.09.01 18:45:45 | 000,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2012.09.01 18:45:45 | 000,380,928 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2012.09.01 18:45:45 | 000,140,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2012.09.01 18:45:45 | 000,086,016 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AESTCom.dll
[2012.09.01 18:45:45 | 000,061,440 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2012.09.01 18:45:44 | 012,628,060 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2012.09.01 18:45:44 | 003,354,624 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2012.09.01 18:45:44 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2012.09.01 18:45:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2012.09.01 18:45:41 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2012.09.01 18:44:55 | 000,940,544 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2012.09.01 18:44:55 | 000,527,872 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2012.09.01 18:44:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.09.01 18:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012.09.01 18:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.09.01 18:41:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.09.01 18:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.09.01 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.09.01 18:34:36 | 000,000,000 | ---D | C] -- C:\SwSetup
[2012.09.01 18:24:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.09.01 17:44:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2012.09.01 17:44:11 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2012.09.01 17:44:11 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012.09.01 17:44:11 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012.09.01 17:44:11 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012.09.01 17:44:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2012.09.01 17:44:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2012.09.01 17:44:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2012.09.01 17:44:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2012.09.01 17:44:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2012.09.01 17:44:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2012.09.01 17:44:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2012.09.01 17:44:10 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012.09.01 17:44:10 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012.09.01 17:44:10 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.01 17:44:10 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012.09.01 17:44:10 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2012.09.01 17:44:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2012.09.01 17:44:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2012.09.01 17:44:10 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012.09.01 17:44:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012.09.01 17:44:10 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012.09.01 17:44:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2012.09.01 17:44:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2012.09.01 17:44:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2012.09.01 17:44:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012.09.01 17:44:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012.09.01 17:44:09 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2012.09.01 17:44:09 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012.09.01 17:44:09 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2012.09.01 17:44:09 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.09.01 17:44:09 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.01 17:44:09 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2012.09.01 17:44:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012.09.01 17:44:09 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012.09.01 17:44:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2012.09.01 17:44:07 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2012.09.01 17:44:07 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012.09.01 17:44:07 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012.09.01 17:44:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2012.09.01 17:44:07 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2012.09.01 17:44:07 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2012.09.01 17:44:07 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2012.09.01 17:44:07 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012.09.01 17:44:07 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2012.09.01 17:44:07 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012.09.01 17:44:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012.09.01 17:44:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012.09.01 17:44:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2012.09.01 17:44:06 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012.09.01 17:44:06 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012.09.01 17:44:06 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2012.09.01 17:44:06 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.09.01 17:44:06 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012.09.01 17:44:06 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2012.09.01 17:44:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012.09.01 17:44:06 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2012.09.01 17:44:06 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2012.09.01 17:44:06 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2012.09.01 17:44:06 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012.09.01 17:44:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2012.09.01 17:44:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2012.09.01 17:44:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.09.01 17:44:06 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2012.09.01 17:44:06 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2012.09.01 17:44:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2012.09.01 17:44:05 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012.09.01 17:44:05 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2012.09.01 17:44:05 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012.09.01 17:44:05 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2012.09.01 17:44:05 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012.09.01 17:44:05 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2012.09.01 17:44:05 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2012.09.01 17:44:05 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012.09.01 17:44:05 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2012.09.01 17:44:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012.09.01 17:44:05 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012.09.01 17:44:05 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012.09.01 17:44:05 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012.09.01 17:44:05 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2012.09.01 17:44:05 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2012.09.01 17:44:05 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2012.09.01 17:44:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.09.01 17:44:05 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2012.09.01 17:44:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2012.09.01 17:44:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.09.01 17:44:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2012.09.01 17:44:05 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2012.09.01 17:44:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2012.09.01 17:44:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012.09.01 17:44:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2012.09.01 17:44:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012.09.01 17:44:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2012.09.01 17:44:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2012.09.01 17:44:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2012.09.01 17:44:04 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012.09.01 17:44:04 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2012.09.01 17:44:04 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012.09.01 17:44:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2012.09.01 17:44:04 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2012.09.01 17:44:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2012.09.01 17:44:04 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2012.09.01 17:44:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2012.09.01 17:44:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2012.09.01 17:44:04 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2012.09.01 17:44:04 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2012.09.01 17:44:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2012.09.01 17:44:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2012.09.01 17:44:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2012.09.01 17:44:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2012.09.01 17:44:04 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2012.09.01 17:44:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012.09.01 17:44:03 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2012.09.01 17:44:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012.09.01 17:44:03 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012.09.01 17:44:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2012.09.01 17:44:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2012.09.01 17:44:02 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012.09.01 17:44:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012.09.01 17:44:02 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012.09.01 17:44:02 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012.09.01 17:44:02 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2012.09.01 17:44:02 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012.09.01 17:44:02 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2012.09.01 17:44:02 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012.09.01 17:44:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.09.01 17:44:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2012.09.01 17:44:02 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2012.09.01 17:44:02 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012.09.01 17:44:02 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2012.09.01 17:44:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012.09.01 17:44:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2012.09.01 17:44:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2012.09.01 17:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2012.09.01 17:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2012.09.01 17:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2012.09.01 17:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2012.09.01 17:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2012.09.01 17:44:01 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.09.01 17:44:01 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012.09.01 17:44:01 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012.09.01 17:44:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2012.09.01 17:44:01 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012.09.01 17:44:01 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2012.09.01 17:44:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012.09.01 17:44:01 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2012.09.01 17:44:01 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012.09.01 17:44:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2012.09.01 17:44:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.09.01 17:44:01 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2012.09.01 17:44:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012.09.01 17:44:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2012.09.01 17:44:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2012.09.01 17:44:01 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2012.09.01 17:44:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012.09.01 17:44:01 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2012.09.01 17:44:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2012.09.01 17:44:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2012.09.01 17:44:00 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012.09.01 17:44:00 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012.09.01 17:44:00 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012.09.01 17:44:00 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012.09.01 17:44:00 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2012.09.01 17:44:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012.09.01 17:44:00 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012.09.01 17:44:00 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012.09.01 17:44:00 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012.09.01 17:44:00 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2012.09.01 17:44:00 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2012.09.01 17:44:00 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2012.09.01 17:44:00 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.09.01 17:44:00 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2012.09.01 17:44:00 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012.09.01 17:44:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.01 17:44:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012.09.01 17:44:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2012.09.01 17:44:00 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2012.09.01 17:44:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012.09.01 17:44:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2012.09.01 17:43:59 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012.09.01 17:43:59 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012.09.01 17:43:59 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012.09.01 17:43:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012.09.01 17:43:59 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2012.09.01 17:43:59 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2012.09.01 17:43:59 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2012.09.01 17:43:59 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2012.09.01 17:43:58 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.09.01 17:43:58 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2012.09.01 17:43:57 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012.09.01 17:43:57 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012.09.01 17:43:57 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2012.09.01 17:43:57 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2012.09.01 17:43:57 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2012.09.01 17:43:57 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012.09.01 17:43:57 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012.09.01 17:43:57 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.09.01 17:43:57 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012.09.01 17:43:57 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2012.09.01 17:43:57 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2012.09.01 17:43:57 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.09.01 17:43:57 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012.09.01 17:43:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2012.09.01 17:43:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.09.01 17:43:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2012.09.01 17:43:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2012.09.01 17:43:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012.09.01 17:43:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012.09.01 17:43:57 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2012.09.01 17:43:56 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012.09.01 17:43:56 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012.09.01 17:43:56 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2012.09.01 17:43:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2012.09.01 17:43:56 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012.09.01 17:43:56 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2012.09.01 17:43:56 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012.09.01 17:43:56 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012.09.01 17:43:56 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2012.09.01 17:43:56 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2012.09.01 17:43:56 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012.09.01 17:43:56 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2012.09.01 17:43:56 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2012.09.01 17:43:56 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012.09.01 17:43:56 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2012.09.01 17:43:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2012.09.01 17:43:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012.09.01 17:43:55 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012.09.01 17:43:55 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012.09.01 17:43:55 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2012.09.01 17:43:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2012.09.01 17:43:55 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012.09.01 17:43:55 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012.09.01 17:43:55 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012.09.01 17:43:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2012.09.01 17:43:55 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2012.09.01 17:43:55 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2012.09.01 17:43:55 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2012.09.01 17:43:55 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2012.09.01 17:43:55 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012.09.01 17:43:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2012.09.01 17:43:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012.09.01 17:43:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2012.09.01 17:43:54 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012.09.01 17:43:54 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2012.09.01 17:43:54 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2012.09.01 17:43:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2012.09.01 17:43:54 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012.09.01 17:43:54 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2012.09.01 17:43:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2012.09.01 17:43:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2012.09.01 17:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2012.09.01 17:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2012.09.01 17:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2012.09.01 17:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2012.09.01 17:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2012.09.01 17:43:53 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012.09.01 17:43:53 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012.09.01 17:43:53 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2012.09.01 17:43:53 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012.09.01 17:43:53 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012.09.01 17:43:53 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2012.09.01 17:43:53 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2012.09.01 17:43:53 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012.09.01 17:43:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.09.01 17:43:53 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2012.09.01 17:43:53 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2012.09.01 17:43:53 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012.09.01 17:43:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.09.01 17:43:53 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2012.09.01 17:43:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.09.01 17:43:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2012.09.01 17:43:53 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2012.09.01 17:43:53 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2012.09.01 17:43:53 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012.09.01 17:43:53 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2012.09.01 17:43:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012.09.01 17:43:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012.09.01 17:43:52 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012.09.01 17:43:52 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012.09.01 17:43:52 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2012.09.01 17:43:52 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012.09.01 17:43:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012.09.01 17:43:52 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2012.09.01 17:43:52 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012.09.01 17:43:52 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2012.09.01 17:43:52 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2012.09.01 17:43:52 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012.09.01 17:43:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2012.09.01 17:43:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2012.09.01 17:43:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2012.09.01 17:43:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2012.09.01 17:43:51 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012.09.01 17:43:51 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2012.09.01 17:43:51 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012.09.01 17:43:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2012.09.01 17:43:51 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2012.09.01 17:43:51 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012.09.01 17:43:51 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2012.09.01 17:43:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012.09.01 17:43:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012.09.01 17:43:51 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2012.09.01 17:43:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2012.09.01 17:43:51 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2012.09.01 17:43:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.09.01 17:43:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.09.01 17:43:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2012.09.01 17:43:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2012.09.01 17:43:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.09.01 17:43:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.09.01 17:43:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012.09.01 17:43:50 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012.09.01 17:43:50 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012.09.01 17:43:50 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012.09.01 17:43:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012.09.01 17:43:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2012.09.01 17:43:49 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012.09.01 17:43:49 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.09.01 17:43:49 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012.09.01 17:43:49 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012.09.01 17:43:49 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012.09.01 17:43:49 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2012.09.01 17:43:49 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2012.09.01 17:43:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2012.09.01 17:43:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2012.09.01 17:43:49 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012.09.01 17:43:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012.09.01 17:43:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2012.09.01 17:43:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2012.09.01 17:43:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012.09.01 17:43:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2012.09.01 17:43:48 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2012.09.01 17:43:47 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012.09.01 17:43:47 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012.09.01 17:43:47 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2012.09.01 17:43:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.09.01 17:43:47 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2012.09.01 17:43:47 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2012.09.01 17:43:47 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012.09.01 17:43:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012.09.01 17:43:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012.09.01 17:43:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2012.09.01 17:43:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2012.09.01 17:43:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2012.09.01 17:43:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2012.09.01 17:43:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2012.09.01 17:43:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2012.09.01 17:43:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012.09.01 17:43:46 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012.09.01 17:43:46 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2012.09.01 17:43:46 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2012.09.01 17:43:46 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012.09.01 17:43:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012.09.01 17:43:46 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012.09.01 17:43:46 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012.09.01 17:43:46 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012.09.01 17:43:46 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012.09.01 17:43:46 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2012.09.01 17:43:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012.09.01 17:43:46 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2012.09.01 17:43:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2012.09.01 17:43:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012.09.01 17:43:45 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012.09.01 17:43:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.09.01 17:43:45 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2012.09.01 17:43:45 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012.09.01 17:43:45 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012.09.01 17:43:45 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012.09.01 17:43:45 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012.09.01 17:43:45 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2012.09.01 17:43:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012.09.01 17:43:45 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2012.09.01 17:43:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2012.09.01 17:43:45 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2012.09.01 17:43:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2012.09.01 17:43:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2012.09.01 17:43:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.09.01 17:43:45 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2012.09.01 17:43:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012.09.01 17:43:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.09.01 17:43:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2012.09.01 17:43:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012.09.01 17:43:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2012.09.01 17:43:43 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012.09.01 17:43:43 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2012.09.01 17:43:43 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012.09.01 17:43:43 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012.09.01 17:43:43 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012.09.01 17:43:43 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012.09.01 17:43:43 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2012.09.01 17:43:43 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012.09.01 17:43:43 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2012.09.01 17:43:43 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012.09.01 17:43:43 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2012.09.01 17:43:43 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012.09.01 17:43:43 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012.09.01 17:43:43 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2012.09.01 17:43:43 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012.09.01 17:43:43 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2012.09.01 17:43:43 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2012.09.01 17:43:43 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2012.09.01 17:43:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2012.09.01 17:43:43 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2012.09.01 17:43:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2012.09.01 17:43:43 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2012.09.01 17:43:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2012.09.01 17:43:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2012.09.01 17:43:43 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2012.09.01 17:43:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2012.09.01 17:43:43 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012.09.01 17:43:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012.09.01 17:43:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2012.09.01 17:43:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2012.09.01 17:43:42 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2012.09.01 17:43:42 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012.09.01 17:43:42 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2012.09.01 17:43:42 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2012.09.01 17:43:42 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2012.09.01 17:43:42 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012.09.01 17:43:42 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012.09.01 17:43:42 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012.09.01 17:43:42 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2012.09.01 17:43:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012.09.01 17:43:42 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2012.09.01 17:43:42 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2012.09.01 17:43:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2012.09.01 17:43:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2012.09.01 17:43:41 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2012.09.01 17:43:41 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2012.09.01 17:43:41 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012.09.01 17:43:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012.09.01 17:43:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012.09.01 17:43:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012.09.01 17:43:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2012.09.01 17:43:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012.09.01 17:43:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2012.09.01 17:43:40 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012.09.01 17:43:40 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012.09.01 17:43:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012.09.01 17:43:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2012.09.01 17:43:40 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012.09.01 17:43:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2012.09.01 17:43:39 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.09.01 17:43:39 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2012.09.01 17:43:39 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012.09.01 17:43:39 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2012.09.01 17:43:39 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2012.09.01 17:43:39 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2012.09.01 17:43:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2012.09.01 17:43:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2012.09.01 17:43:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2012.09.01 17:43:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2012.09.01 17:43:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2012.09.01 17:43:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2012.09.01 17:43:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2012.09.01 17:43:38 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2012.09.01 17:43:38 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012.09.01 17:43:38 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012.09.01 17:43:38 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012.09.01 17:43:38 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2012.09.01 17:43:38 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2012.09.01 17:43:38 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012.09.01 17:43:38 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2012.09.01 17:43:38 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2012.09.01 17:43:38 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2012.09.01 17:43:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2012.09.01 17:43:38 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2012.09.01 17:43:38 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012.09.01 17:43:38 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012.09.01 17:43:38 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012.09.01 17:43:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2012.09.01 17:43:38 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012.09.01 17:43:38 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012.09.01 17:43:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2012.09.01 17:43:38 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012.09.01 17:43:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012.09.01 17:43:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2012.09.01 17:43:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2012.09.01 17:43:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2012.09.01 17:43:38 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2012.09.01 17:43:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2012.09.01 17:43:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2012.09.01 17:43:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2012.09.01 17:43:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2012.09.01 17:43:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2012.09.01 17:43:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2012.09.01 17:43:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2012.09.01 17:43:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2012.09.01 17:43:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2012.09.01 17:43:37 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012.09.01 17:43:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2012.09.01 17:41:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.09.01 17:33:35 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.09.01 17:33:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.09.01 17:33:22 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.09.01 17:33:22 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.09.01 17:33:22 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.09.01 17:33:15 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.09.01 17:33:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.09.01 17:32:41 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.09.01 17:32:41 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.09.01 17:32:41 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.09.01 17:32:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.09.01 17:32:30 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.09.01 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.09.01 17:32:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.09.01 17:32:20 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.09.01 17:32:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.09.01 17:32:20 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.09.01 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.09.01 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.09.01 17:32:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.09.01 17:32:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.09.01 17:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.09.01 17:20:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.09.01 17:19:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

maurizio 10.09.2012 21:25
das hier gehört noch zu otl.txt, ich musste es aber abtrennen, da sonst der beitrag zu lang geworden wäre. du wolltest die logs ja nicht als anhang haben.

-------------------------------

========== Files - Modified Within 30 Days ==========

[2012.09.10 17:08:12 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.10 16:43:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 15:21:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 15:20:11 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.10 12:32:59 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.10 12:32:59 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.10 12:32:59 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.10 12:32:59 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.10 12:07:36 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 12:07:36 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 12:06:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.09.10 11:57:49 | 2414,215,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 20:02:53 | 082,828,528 | ---- | M] () -- C:\Users\***\Desktop\Nero_BackItUp-4.2.16.0d_update.exe
[2012.09.05 18:23:50 | 000,405,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.05 18:03:23 | 001,804,899 | ---- | M] () -- C:\Users\***\Desktop\NeroBackItUp_Deu.pdf
[2012.09.05 15:29:49 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.05 15:29:49 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.04 18:24:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.09.04 17:56:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.09.04 17:56:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.04 17:56:42 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.04 17:56:42 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.04 17:56:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.04 17:56:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.09.04 17:56:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.09.04 17:56:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.09.04 17:56:42 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.09.04 17:56:42 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.04 17:56:42 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.09.04 17:56:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.09.04 17:56:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.04 17:56:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.09.04 17:56:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.09.04 17:56:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.09.04 17:56:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.09.04 17:56:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.09.04 17:56:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.04 17:56:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.09.04 17:56:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.09.04 17:56:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.09.04 17:56:42 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.09.04 17:56:42 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.09.04 17:56:42 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.09.04 17:56:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.09.04 17:56:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.09.04 17:56:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.09.04 17:56:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.09.04 17:56:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.09.04 17:56:42 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.04 17:56:42 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.09.04 17:56:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.09.04 17:56:42 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.09.04 17:56:42 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.09.04 17:56:42 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.09.04 17:56:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.09.04 17:56:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.09.02 03:18:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.09.01 22:41:37 | 000,002,481 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 4 Essentials.lnk
[2012.09.01 22:25:00 | 000,003,029 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word 2010.lnk
[2012.09.01 22:24:55 | 000,003,095 | ---- | M] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2010.lnk
[2012.09.01 22:24:51 | 000,003,231 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Outlook 2010.lnk
[2012.09.01 22:24:43 | 000,003,047 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Excel 2010.lnk
[2012.09.01 21:47:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.01 18:55:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.09.01 18:20:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012.09.01 17:24:11 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.09.01 17:22:56 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.10 15:21:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 12:06:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.09.05 19:51:51 | 082,828,528 | ---- | C] () -- C:\Users\***\Desktop\Nero_BackItUp-4.2.16.0d_update.exe
[2012.09.05 18:18:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.09.05 18:03:08 | 001,804,899 | ---- | C] () -- C:\Users\***\Desktop\NeroBackItUp_Deu.pdf
[2012.09.04 18:24:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.09.04 17:56:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.09.02 03:18:20 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.09.02 03:18:17 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.09.01 22:41:37 | 000,002,481 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 4 Essentials.lnk
[2012.09.01 22:31:13 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.09.01 22:25:00 | 000,003,029 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Word 2010.lnk
[2012.09.01 22:24:55 | 000,003,095 | ---- | C] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2010.lnk
[2012.09.01 22:24:51 | 000,003,231 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Outlook 2010.lnk
[2012.09.01 22:24:43 | 000,003,047 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Excel 2010.lnk
[2012.09.01 22:18:46 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.01 18:55:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2012.09.01 18:48:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012.09.01 17:43:59 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.09.01 17:43:46 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2012.09.01 17:43:46 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2012.09.01 17:32:43 | 000,001,413 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.01 17:23:59 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.09.01 17:23:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.09.01 17:22:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.01 17:19:32 | 2414,215,168 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

< End of report >


----------------------------------

so und hier noch die extras.txt

----------------------------------OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 10.09.2012 17:19:18 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,27% Memory free
5,99 Gb Paging File | 4,75 Gb Available in Paging File | 79,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,45 Gb Total Space | 255,70 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Drive D: | 10,64 Gb Total Space | 1,30 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive F: | 983,72 Mb Total Space | 62,56 Mb Free Space | 6,36% Space Free | Partition Type: FAT
Drive G: | 931,51 Gb Total Space | 128,03 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3688508481-3698709217-2400867380-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E8BEC8DC-C267-4B93-838F-95CE8008BDA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A0EDC2C-E4DF-43B0-8E8E-80AEF40A1982}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C1594E68-844A-48D5-9DE7-2D7D53CB181F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
"{50A8D956-ABD1-9DF1-5243-45E10ACA3334}" = ccc-utility
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75BF5A99-74C9-FF8E-77B0-1DBA17A109BA}" = ATI Catalyst Install Manager
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{83ec0a22-2ff9-4d1a-a1a6-81c8a5b2d047}" = Nero BackItUp 4 Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.27022)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2012 12:45:58 | Computer Name = ***-Notebook | Source = VSS | ID = 8194
Description =
 
Error - 01.09.2012 16:40:30 | Computer Name = ***-Notebook | Source = VSS | ID = 8194
Description =
 
Error - 05.09.2012 11:25:37 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BackItUp.exe, Version: 4.2.3.100,
 Zeitstempel: 0x49391d1b  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
 Zeitstempel: 0x4ca2b271  Ausnahmecode: 0x40000015  Fehleroffset: 0x000046b4  ID des fehlerhaften
 Prozesses: 0xf10  Startzeit der fehlerhaften Anwendung: 0x01cd8b7aacce9d7f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Nero\Nero BackItUp 4\BackItUp.exe  Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
 f10d881a-f76d-11e1-a072-00238bc67dde
 
Error - 05.09.2012 11:28:55 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BackItUp.exe, Version: 4.2.3.100,
 Zeitstempel: 0x49391d1b  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
 Zeitstempel: 0x4ca2b271  Ausnahmecode: 0x40000015  Fehleroffset: 0x000046b4  ID des fehlerhaften
 Prozesses: 0x6b4  Startzeit der fehlerhaften Anwendung: 0x01cd8b7b22beb2f5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Nero\Nero BackItUp 4\BackItUp.exe  Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
 66d0b199-f76e-11e1-a072-00238bc67dde
 
Error - 05.09.2012 13:33:20 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BackItUp.exe, Version: 4.2.3.100,
 Zeitstempel: 0x49391d1b  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
 Zeitstempel: 0x4ca2b271  Ausnahmecode: 0x40000015  Fehleroffset: 0x000046b4  ID des fehlerhaften
 Prozesses: 0xcc0  Startzeit der fehlerhaften Anwendung: 0x01cd8b8c6f218e2c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Nero\Nero BackItUp 4\BackItUp.exe  Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
 c863965f-f77f-11e1-a28a-00238bc67dde
 
Error - 05.09.2012 14:12:48 | Computer Name = ***-Notebook | Source = VSS | ID = 8194
Description =
 
Error - 05.09.2012 14:48:44 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BackItUp.exe, Version: 4.2.3.100,
 Zeitstempel: 0x49391d1b  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4940,
 Zeitstempel: 0x4ca2b271  Ausnahmecode: 0x40000015  Fehleroffset: 0x000046b4  ID des fehlerhaften
 Prozesses: 0x16fc  Startzeit der fehlerhaften Anwendung: 0x01cd8b970c27118d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Nero\Nero BackItUp 4\BackItUp.exe  Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
Berichtskennung:
 50f1368d-f78a-11e1-be01-00238bc67dde
 
[ System Events ]
Error - 07.09.2012 10:37:49 | Computer Name = ***-Notebook | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 07.09.2012 15:31:20 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 07.09.2012 16:29:57 | Computer Name = ***-Notebook | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR3 ist für den Zugriff noch nicht bereit.
 
Error - 07.09.2012 16:29:57 | Computer Name = ***-Notebook | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR3 ist für den Zugriff noch nicht bereit.
 
Error - 08.09.2012 03:34:44 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 08.09.2012 19:10:04 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Modules Installer konnte nach dem Empfang eines
 Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 08.09.2012 19:11:51 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet:  %%6701
 
Error - 10.09.2012 06:00:03 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 10.09.2012 06:02:31 | Computer Name = ***-Notebook | Source = DCOM | ID = 10010
Description =
 
Error - 10.09.2012 06:02:31 | Computer Name = ***-Notebook | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
 
 
< End of report >
--- --- ---
--------------------------

t'john 11.09.2012 00:56
Dein Rechner ist sauber.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

maurizio 11.09.2012 09:46
hallo t'john,

hier der inhalt der logdatei von adwcleaner:

-------------------------

# AdwCleaner v2.001 - Datei am 09/11/2012 um 10:44:01 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ez0lutys.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [756 octets] - [11/09/2012 10:44:01]

########## EOF - C:\AdwCleaner[R1].txt - [815 octets] ##########

das tool hat jetzt nochmal überprüft, ob irgendein schädling was in der registry verändert hat, oder?

mfg

maurizio

t'john 12.09.2012 12:12
Das Tool prueft ob sich Ad&SpyWare eingeschlichen hat.


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

maurizio 12.09.2012 20:37
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=932453d849a8024881c9b8c5c6461ef1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-12 05:51:05
# local_time=2012-09-12 07:51:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 103850 99087096 0 0
# compatibility_mode=8192 67108863 100 0 626 626 0 0
# scanned=122733
# found=2
# cleaned=2
# scan_time=16380
C:\Users\Moritz\AppData\Local\Temp\NERO1005266\unit_app_75\Toolbar.exe        Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Moritz\Desktop\Nero_BackItUp-4.2.16.0d_update.exe        Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

t'john 14.09.2012 15:52
Alles gut, lade Software beim Hersteller und nicht beim Betrueger! ;)


Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?

maurizio 16.09.2012 13:44
Hallo t'john,

habe alles enerfolgreich entfernt.

Ein riesengroßes Dankeschön für die schnelle und ausführliche Hilfe.
Ich habe großen Respekt vor der Arbeit, die ihr hier leistet. Ohne euch wären Leute mit Schädlingsproblemen echt aufgeschmissen. :daumenhoc

Vielen Dank nochmal

maurizio

t'john 16.09.2012 17:10
:)

wir wuenschen eine virenfreie Zeit :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131