Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner (Schweizer Version) - Kein Zugriff mehr auf den Computer (https://www.trojaner-board.de/127256-gvu-trojaner-schweizer-version-kein-zugriff-mehr-computer.html)

0belix 19.11.2012 21:40
GVU Trojaner (Schweizer Version) - Kein Zugriff mehr auf den Computer
 
Guten Abend euch allen.

Das ist mein erster Post auf diesem Forum und auch sonst in irgendeinem Forum. Ich hab die Regeln gelesen und auch verstanden (Hoffe ich). Für den Fall das ich einen Fehler mache oder durch mein Handeln euch gefährden könnte, weist mich bitte sofort darauf hin

Wie der Titel schon aussagt wurde mein System von einem so genannten GVU- Virus befallen. Bei mir trägt er die überschrift:

Bundesamt für Polizei

Diesen Post erstelle ich von einem externen Notebook aus, da ich kein Zugriff auf meinen Computer mehr habe. Deshalb hab ich noch keine Logfiles oder sonst irgendwelche Scan ergebnisse ausser Avira. Ich werde nun einige Informationen aufzählen die vielleicht für den Anfang hilfreich sein könnten. Diese Informationen konnte ich nur auslesen weil ich den Computer vom Netzwerk getrennt habe.

System: Windows Vista 32bit Home Premium (6.0, Build 6000)

HDD'S: 2 interne Festplatten + 1 externe Festplatte

Antivirus: Avira Internet Security (Lizenz gekauft)
Funde in Quarantäne:
-JS/Expack.VN
-EXP/0507.DF
-EXP/JAVA.Ternub.Gen

Ich bedanke mich schon im voraus für eure hilfe!

Gruss Nullbelix

PS: Da zwischen 08:00 - 19:00 Arbeite kann ich nur Abends die benötigten Schritte ausführen. Wäre vielleicht TeamViewer eine gescheite Idee?

Swisstreasure 19.11.2012 23:56
:hallo:

Ich neme a Du besch Schwizer :)

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
    Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

0belix 20.11.2012 20:43
Hallo Swisstreasure!

Jop, Ich bi Schwiizer! :-)

Danke das Du dich meines Problems angenommen hast. Entschuldigung das ich so spät Antworte...Überstunden ^^. Der OTL Scan hat nicht ganz geklappt ich habe nur die OTL.txt erhalten. Extras.txt fehlt... Ich denke es könnte daran liegen das die Version veraltet ist (3.1.48.09). Das war auf dem Reatogo-X-PE Desktop der einzige. Ich konnte es auch nicht als Admin ausführen da so eine Option nicht zur verfügung stand. Auch musste ich angeben in welchem Ordner sich das Betriebssystem befindet...



Code:
OTL logfile created on: 11/20/2012 8:35:21 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium  (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303.35 Gb Total Space | 225.05 Gb Free Space | 74.19% Space Free | Partition Type: NTFS
Drive D: | 238.32 Gb Total Space | 190.46 Gb Free Space | 79.91% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 776.11 Gb Free Space | 83.32% Space Free | Partition Type: NTFS
Drive K: | 150.69 Gb Total Space | 34.78 Gb Free Space | 23.08% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/11/16 14:13:01 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/16 11:25:21 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/11/16 11:24:57 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/11/16 11:24:52 | 000,379,168 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/11/16 11:24:51 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/16 11:24:50 | 000,633,632 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012/10/24 12:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 17:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 07:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/24 17:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/05/24 10:03:26 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2007/08/03 03:40:08 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/08 12:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/11/16 11:25:37 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/11/16 11:25:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/11/16 11:25:36 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/11/16 11:25:36 | 000,112,224 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012/11/16 11:25:36 | 000,091,648 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012/11/16 11:25:36 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/10/02 17:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/24 11:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/05/24 09:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/30 01:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/02/18 03:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2007/06/12 04:22:32 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/04/03 09:53:12 | 000,047,872 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/11/22 11:53:02 | 001,121,536 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/11/02 03:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/10/30 04:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/07/14 07:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
 
IE - HKU\Emre_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Emre_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/16 13:55:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/11/16 13:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emre\AppData\Roaming\Mozilla\Extensions
[2012/11/16 13:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/10/24 12:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 17:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/10/24 17:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 17:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/24 17:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/10/24 17:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/24 17:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O7 - HKU\Emre_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/08 08:12:35 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 07:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/24 05:41:25 | 000,389,912 | ---- | M] (AnalogX, LLC) - K:\autoi.exe -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1224234d-303e-11e2-9f22-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1224234d-303e-11e2-9f22-806e6f6e6963}\Shell\AutoRun\command - "" = G:\CheckID.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/17 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\UpdatusUser
[2012/11/17 14:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/17 14:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/11/17 13:59:31 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/11/17 13:59:31 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/11/17 13:59:31 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/11/17 13:59:30 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/11/17 13:59:30 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/11/17 13:59:23 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/11/17 13:59:23 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/11/17 13:59:22 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/11/17 13:59:22 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/11/17 13:59:21 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/11/17 13:58:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/11/17 12:46:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/11/17 11:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/17 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/17 11:03:24 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 11:03:24 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/17 11:03:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 11:03:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 11:03:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 11:03:13 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 11:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/17 09:36:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/11/17 09:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/11/17 08:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/11/17 08:34:02 | 000,592,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2012/11/17 08:33:35 | 000,592,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2012/11/17 07:42:28 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\ElevatedDiagnostics
[2012/11/17 07:24:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2012/11/17 07:24:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/11/17 03:35:42 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Macromedia
[2012/11/17 03:34:20 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/17 03:34:19 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/16 17:40:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/16 17:36:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/11/16 14:16:53 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/16 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/11/16 14:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/16 14:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/11/16 13:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/16 13:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/11/16 13:58:01 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\WinRAR
[2012/11/16 13:58:01 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/16 13:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/16 13:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/11/16 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Mozilla
[2012/11/16 13:55:25 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Mozilla
[2012/11/16 13:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/16 13:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/16 13:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/16 12:16:27 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/16 12:16:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/11/16 12:16:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/16 12:16:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/16 12:16:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/11/16 12:14:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/16 12:14:59 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/16 12:14:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/16 12:14:58 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/16 12:14:58 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/16 12:14:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/16 12:14:58 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/16 12:14:57 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/16 12:14:57 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/16 12:14:56 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/16 12:14:56 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/16 12:14:55 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/16 12:14:54 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/16 12:14:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2012/11/16 12:14:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/16 12:14:53 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/11/16 12:14:52 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/16 12:14:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/16 12:14:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/16 12:14:49 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/16 12:14:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/16 12:14:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/16 12:13:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2012/11/16 12:13:08 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2012/11/16 12:13:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2012/11/16 12:12:05 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2012/11/16 12:12:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2012/11/16 12:12:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012/11/16 12:12:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2012/11/16 12:12:04 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2012/11/16 12:12:04 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2012/11/16 12:12:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2012/11/16 12:12:04 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2012/11/16 12:12:03 | 000,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/11/16 12:12:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2012/11/16 12:12:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2012/11/16 12:12:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2012/11/16 12:12:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2012/11/16 12:12:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2012/11/16 12:12:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/11/16 12:10:01 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/11/16 12:10:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/11/16 12:10:01 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/11/16 12:08:34 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/11/16 12:08:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/11/16 12:08:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/11/16 12:08:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/11/16 12:08:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/16 12:08:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/11/16 12:08:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/11/16 12:08:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/11/16 12:06:54 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/11/16 12:06:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2012/11/16 12:05:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2012/11/16 12:04:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/11/16 12:04:52 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/11/16 12:04:52 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/11/16 12:04:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2012/11/16 12:04:52 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/11/16 12:03:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2012/11/16 12:03:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/11/16 12:02:39 | 001,235,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2012/11/16 12:00:34 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/11/16 12:00:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/11/16 12:00:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2012/11/16 12:00:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2012/11/16 12:00:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2012/11/16 12:00:33 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/11/16 11:59:28 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/16 11:59:28 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/16 11:56:14 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/11/16 11:52:25 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012/11/16 11:52:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2012/11/16 11:50:27 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/11/16 11:50:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/11/16 11:49:25 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/11/16 11:46:35 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/11/16 11:45:35 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/11/16 11:41:31 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/11/16 11:41:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/11/16 11:41:31 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/16 11:41:31 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/16 11:41:31 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/11/16 11:41:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/11/16 11:41:30 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/16 11:41:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/11/16 11:38:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/16 11:37:14 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012/11/16 11:36:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/16 11:35:21 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/11/16 11:35:21 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2012/11/16 11:34:29 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/16 11:33:38 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/11/16 11:33:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2012/11/16 11:33:38 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/11/16 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/16 11:33:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/16 11:30:57 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Avira
[2012/11/16 11:30:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012/11/16 11:29:22 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2012/11/16 11:29:22 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2012/11/16 11:29:22 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2012/11/16 11:29:22 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2012/11/16 11:29:22 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2012/11/16 11:29:22 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2012/11/16 11:29:21 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2012/11/16 11:29:21 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2012/11/16 11:29:21 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2012/11/16 11:29:20 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2012/11/16 11:29:20 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2012/11/16 11:29:20 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2012/11/16 11:29:20 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2012/11/16 11:29:19 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2012/11/16 11:29:19 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2012/11/16 11:29:19 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2012/11/16 11:29:18 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/11/16 11:29:18 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2012/11/16 11:29:18 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2012/11/16 11:29:18 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2012/11/16 11:29:17 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2012/11/16 11:29:17 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2012/11/16 11:29:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/11/16 11:29:17 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2012/11/16 11:29:17 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2012/11/16 11:29:16 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2012/11/16 11:29:16 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2012/11/16 11:29:16 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2012/11/16 11:29:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2012/11/16 11:29:15 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2012/11/16 11:29:15 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2012/11/16 11:29:15 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2012/11/16 11:29:15 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2012/11/16 11:29:14 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2012/11/16 11:29:14 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2012/11/16 11:29:14 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2012/11/16 11:29:14 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2012/11/16 11:29:13 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2012/11/16 11:29:13 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2012/11/16 11:29:13 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2012/11/16 11:29:13 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2012/11/16 11:29:12 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2012/11/16 11:29:12 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2012/11/16 11:29:11 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2012/11/16 11:29:11 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2012/11/16 11:29:11 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2012/11/16 11:29:11 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2012/11/16 11:29:11 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2012/11/16 11:29:10 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2012/11/16 11:29:10 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2012/11/16 11:29:10 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2012/11/16 11:29:10 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2012/11/16 11:29:09 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2012/11/16 11:29:09 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2012/11/16 11:29:08 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2012/11/16 11:29:08 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2012/11/16 11:29:08 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2012/11/16 11:29:08 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2012/11/16 11:29:07 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2012/11/16 11:29:07 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2012/11/16 11:29:06 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2012/11/16 11:29:06 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2012/11/16 11:29:06 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2012/11/16 11:29:06 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2012/11/16 11:29:06 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2012/11/16 11:29:05 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2012/11/16 11:29:05 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2012/11/16 11:29:05 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2012/11/16 11:29:05 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/11/16 11:29:04 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2012/11/16 11:29:04 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2012/11/16 11:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/16 11:28:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/11/16 11:28:03 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/16 11:28:03 | 000,112,224 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/11/16 11:28:03 | 000,091,648 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/11/16 11:28:03 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/16 11:28:03 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/16 11:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/11/16 11:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/11/16 11:24:48 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/16 11:24:48 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/11/16 11:24:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2012/11/16 11:24:47 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/11/16 11:24:47 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/11/16 11:24:47 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/11/16 11:24:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/11/16 11:24:47 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2012/11/16 11:24:46 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012/11/16 11:24:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2012/11/16 11:24:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2012/11/16 11:24:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2012/11/16 11:24:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2012/11/16 11:24:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012/11/16 11:24:45 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2012/11/16 11:24:44 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/16 11:24:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2012/11/16 11:24:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2012/11/16 11:24:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2012/11/16 11:23:09 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/11/16 11:23:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/11/16 11:23:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/11/16 11:23:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012/11/16 11:23:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012/11/16 11:23:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/11/16 11:22:09 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/11/16 11:22:09 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/11/16 11:21:17 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/11/16 11:20:23 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/11/16 11:20:23 | 000,213,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/16 11:20:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/11/16 11:20:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/16 11:20:23 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012/11/16 11:18:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2012/11/16 11:18:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2012/11/16 11:18:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2012/11/16 11:17:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/11/16 11:17:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2012/11/16 11:17:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2012/11/16 11:16:13 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/11/16 11:16:12 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/11/16 11:14:11 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/11/16 11:14:11 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/11/16 11:14:11 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/16 11:14:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2012/11/16 11:14:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2012/11/16 11:14:09 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2012/11/16 11:12:39 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2012/11/16 11:12:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2012/11/16 11:11:55 | 002,032,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/16 11:11:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/11/16 11:11:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2012/11/16 11:10:46 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/11/16 11:10:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2012/11/16 11:10:14 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2012/11/16 11:09:19 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/11/16 11:09:19 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/11/16 11:09:19 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/11/16 11:09:19 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/11/16 11:09:19 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/11/16 11:09:19 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/11/16 11:09:19 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/11/16 11:09:19 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/11/16 11:09:18 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/11/16 11:08:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2012/11/16 11:07:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/16 10:52:55 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/11/16 10:52:55 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/11/16 10:52:55 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2012/11/16 10:52:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2012/11/16 10:52:53 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/11/16 10:52:52 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/11/16 10:52:52 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/11/16 10:52:52 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/11/16 10:45:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/11/16 10:45:06 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/11/16 10:45:06 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/11/16 10:33:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/11/16 10:33:28 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/11/16 10:33:28 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/11/16 10:33:02 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/11/16 10:33:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/11/16 10:31:56 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2012/11/16 10:31:27 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2012/11/16 10:30:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2012/11/16 10:30:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/11/16 10:29:14 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2012/11/16 10:29:14 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2012/11/16 10:28:59 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/11/16 10:28:03 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/11/16 10:28:03 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2012/11/16 10:28:03 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2012/11/16 10:28:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/11/16 10:28:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2012/11/16 10:27:40 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/11/16 10:27:12 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/11/16 10:27:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/11/16 10:27:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/11/16 10:27:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/11/16 10:27:09 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/11/16 09:33:59 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\AMD
[2012/11/16 09:33:53 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\ATI
[2012/11/16 09:33:53 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\ATI
[2012/11/16 09:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/16 09:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2012/11/16 09:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2012/11/16 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/11/16 09:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/11/16 09:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/11/16 09:17:55 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2012/11/16 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/11/16 09:17:47 | 000,097,808 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\AtihdLH3.sys
[2012/11/16 09:17:15 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2012/11/16 09:16:42 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Difxapi.dll
[2012/11/16 09:16:42 | 000,052,736 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2012/11/16 09:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/16 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/16 09:02:33 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Macromedia
[2012/11/16 08:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/11/16 08:57:36 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Adobe
[2012/11/16 08:57:26 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\VirtualStore
[2012/11/16 08:55:32 | 000,000,000 | R--D | C] -- C:\MANUAL
[2012/11/16 08:55:08 | 000,000,000 | R--D | C] -- C:\DRIVER
[2012/11/16 08:53:30 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Ahead
[2012/11/16 08:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials
[2012/11/16 08:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\MB application
[2012/11/16 08:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/11/16 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/11/16 08:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012/11/16 08:52:22 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Adobe
[2012/11/16 08:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/16 08:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/11/16 08:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/11/16 08:50:20 | 000,000,000 | R--D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/16 08:50:20 | 000,000,000 | R--D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/16 08:50:20 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\LocalLow
[2012/11/16 08:50:13 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Identities
[2012/11/16 08:50:07 | 000,000,000 | --SD | C] -- C:\Users\Emre\AppData\Roaming\Microsoft
[2012/11/16 08:50:07 | 000,000,000 | R--D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/16 08:50:07 | 000,000,000 | R--D | C] -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\AppData\Local\Verlauf
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\AppData\Local\Temporary Internet Files
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\Documents\Eigene Videos
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\Documents\Eigene Musik
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\Documents\Eigene Bilder
[2012/11/16 08:50:07 | 000,000,000 | -HSD | C] -- C:\Users\Emre\AppData\Local\Anwendungsdaten
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Temp
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local\Microsoft
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Roaming\Media Center Programs
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre\AppData\Local
[2012/11/16 08:50:07 | 000,000,000 | ---D | C] -- C:\Users\Emre
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/20 14:10:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 14:09:50 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 14:07:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 14:07:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 14:02:26 | 000,641,032 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/20 14:02:26 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/20 14:02:26 | 000,116,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/20 14:02:26 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/19 15:21:34 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012/11/17 14:03:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/17 13:52:50 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/11/17 13:52:49 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/11/17 12:46:37 | 000,000,760 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 12:46:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/11/17 11:09:52 | 000,000,104 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Computer - Verknüpfung.lnk
[2012/11/17 11:09:46 | 000,000,792 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2012/11/17 11:02:53 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/17 11:02:45 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/17 11:02:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/17 11:02:44 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/17 11:02:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/17 11:02:43 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/17 08:34:24 | 000,001,356 | ---- | M] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat
[2012/11/17 07:24:26 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2012/11/17 07:22:27 | 002,621,440 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/11/17 07:22:27 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/11/17 07:22:27 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/11/17 03:34:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/17 03:34:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/16 18:35:44 | 000,000,009 | ---- | M] () -- C:\DVD.TAG
[2012/11/16 14:16:53 | 000,000,213 | ---- | M] () -- C:\Users\Emre\Desktop\Team Fortress 2.url
[2012/11/16 14:01:51 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/16 14:01:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/11/16 13:58:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/11/16 13:58:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/11/16 13:55:19 | 000,000,876 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/16 13:55:19 | 000,000,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/16 13:55:19 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/16 13:28:31 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2012/11/16 12:34:42 | 000,001,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/11/16 12:34:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/16 12:34:40 | 000,001,768 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/11/16 12:34:38 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/11/16 12:34:37 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
[2012/11/16 12:30:17 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/16 12:16:27 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/16 12:16:27 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/11/16 12:16:27 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/16 12:16:27 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/16 12:16:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/11/16 12:14:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/16 12:14:59 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/16 12:14:59 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/16 12:14:58 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/16 12:14:58 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/16 12:14:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/16 12:14:58 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/16 12:14:57 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/16 12:14:57 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/16 12:14:56 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/16 12:14:56 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/16 12:14:55 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/16 12:14:54 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/16 12:14:54 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2012/11/16 12:14:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/16 12:14:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/11/16 12:14:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/16 12:14:51 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/16 12:14:49 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/16 12:14:49 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/16 12:14:49 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/16 12:14:49 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/16 12:13:09 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2012/11/16 12:13:08 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2012/11/16 12:13:08 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2012/11/16 12:12:05 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2012/11/16 12:12:05 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2012/11/16 12:12:05 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2012/11/16 12:12:04 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2012/11/16 12:12:04 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2012/11/16 12:12:04 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2012/11/16 12:12:04 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2012/11/16 12:12:04 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2012/11/16 12:12:04 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012/11/16 12:12:03 | 000,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/11/16 12:12:03 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2012/11/16 12:12:02 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2012/11/16 12:12:02 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2012/11/16 12:12:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2012/11/16 12:12:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2012/11/16 12:12:01 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/11/16 12:10:01 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/11/16 12:10:01 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/11/16 12:10:01 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/11/16 12:08:34 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/11/16 12:08:34 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/11/16 12:08:34 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/11/16 12:08:34 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/11/16 12:08:34 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/16 12:08:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/11/16 12:08:34 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/11/16 12:08:34 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/11/16 12:06:54 | 000,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/11/16 12:06:53 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2012/11/16 12:05:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2012/11/16 12:04:54 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/11/16 12:04:53 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012/11/16 12:04:52 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/11/16 12:04:52 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/11/16 12:04:52 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2012/11/16 12:04:52 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/11/16 12:03:46 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2012/11/16 12:03:46 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/11/16 12:02:39 | 001,235,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2012/11/16 12:00:34 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/11/16 12:00:34 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/11/16 12:00:34 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2012/11/16 12:00:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2012/11/16 12:00:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2012/11/16 12:00:33 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/11/16 11:59:28 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/16 11:59:28 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/16 11:56:14 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/11/16 11:52:25 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012/11/16 11:52:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2012/11/16 11:50:27 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/11/16 11:50:27 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/11/16 11:49:25 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/11/16 11:46:35 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/11/16 11:45:35 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/11/16 11:41:31 | 001,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2012/11/16 11:41:31 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/16 11:41:31 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/16 11:41:31 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/11/16 11:41:31 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/11/16 11:41:30 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/16 11:41:30 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/11/16 11:38:25 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/16 11:37:14 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2012/11/16 11:36:13 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/16 11:35:21 | 000,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/11/16 11:35:21 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2012/11/16 11:34:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/16 11:33:38 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/11/16 11:33:38 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2012/11/16 11:33:38 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2012/11/16 11:33:38 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/11/16 11:33:24 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/16 11:33:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/16 11:30:45 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2012/11/16 11:29:22 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2012/11/16 11:29:22 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2012/11/16 11:29:22 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2012/11/16 11:29:22 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2012/11/16 11:29:22 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2012/11/16 11:29:22 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2012/11/16 11:29:22 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2012/11/16 11:29:21 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2012/11/16 11:29:21 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2012/11/16 11:29:21 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2012/11/16 11:29:20 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2012/11/16 11:29:20 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2012/11/16 11:29:20 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2012/11/16 11:29:19 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2012/11/16 11:29:19 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2012/11/16 11:29:19 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2012/11/16 11:29:19 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2012/11/16 11:29:18 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/11/16 11:29:18 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2012/11/16 11:29:18 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2012/11/16 11:29:17 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2012/11/16 11:29:17 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2012/11/16 11:29:17 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/11/16 11:29:17 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2012/11/16 11:29:17 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2012/11/16 11:29:16 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2012/11/16 11:29:16 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2012/11/16 11:29:16 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2012/11/16 11:29:16 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2012/11/16 11:29:16 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2012/11/16 11:29:15 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2012/11/16 11:29:15 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2012/11/16 11:29:15 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2012/11/16 11:29:14 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2012/11/16 11:29:14 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2012/11/16 11:29:14 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2012/11/16 11:29:14 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2012/11/16 11:29:13 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2012/11/16 11:29:13 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2012/11/16 11:29:13 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2012/11/16 11:29:13 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2012/11/16 11:29:13 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2012/11/16 11:29:12 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2012/11/16 11:29:12 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2012/11/16 11:29:12 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2012/11/16 11:29:11 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2012/11/16 11:29:11 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2012/11/16 11:29:11 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2012/11/16 11:29:11 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2012/11/16 11:29:11 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2012/11/16 11:29:11 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2012/11/16 11:29:10 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2012/11/16 11:29:10 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2012/11/16 11:29:10 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2012/11/16 11:29:10 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2012/11/16 11:29:09 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2012/11/16 11:29:09 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2012/11/16 11:29:09 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2012/11/16 11:29:08 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2012/11/16 11:29:08 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2012/11/16 11:29:08 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2012/11/16 11:29:08 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2012/11/16 11:29:08 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2012/11/16 11:29:07 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2012/11/16 11:29:07 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2012/11/16 11:29:06 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2012/11/16 11:29:06 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2012/11/16 11:29:06 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2012/11/16 11:29:06 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2012/11/16 11:29:06 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2012/11/16 11:29:05 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2012/11/16 11:29:05 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2012/11/16 11:29:05 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2012/11/16 11:29:05 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/11/16 11:29:04 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2012/11/16 11:28:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/11/16 11:25:37 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/11/16 11:25:37 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/11/16 11:25:36 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012/11/16 11:25:36 | 000,112,224 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/11/16 11:25:36 | 000,091,648 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/11/16 11:25:36 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/11/16 11:25:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\i8042prt.sys.mui
[2012/11/16 11:25:04 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\kbdclass.sys.mui
[2012/11/16 11:25:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\kbdhid.sys.mui
[2012/11/16 11:25:03 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\sermouse.sys.mui
[2012/11/16 11:25:03 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\mouclass.sys.mui
[2012/11/16 11:25:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\mouhid.sys.mui
[2012/11/16 11:24:59 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\i8042prt.sys.mui
[2012/11/16 11:24:59 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\sermouse.sys.mui
[2012/11/16 11:24:59 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mouclass.sys.mui
[2012/11/16 11:24:59 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\kbdclass.sys.mui
[2012/11/16 11:24:59 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\mouhid.sys.mui
[2012/11/16 11:24:59 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\kbdhid.sys.mui
[2012/11/16 11:24:57 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\i8042prt.sys.mui
[2012/11/16 11:24:57 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mouclass.sys.mui
[2012/11/16 11:24:57 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\mouhid.sys.mui
[2012/11/16 11:24:56 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\sermouse.sys.mui
[2012/11/16 11:24:56 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\kbdclass.sys.mui
[2012/11/16 11:24:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\kbdhid.sys.mui
[2012/11/16 11:24:52 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2012/11/16 11:24:52 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2012/11/16 11:24:52 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2012/11/16 11:24:52 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2012/11/16 11:24:52 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2012/11/16 11:24:52 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2012/11/16 11:24:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2012/11/16 11:24:50 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2012/11/16 11:24:50 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2012/11/16 11:24:50 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2012/11/16 11:24:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2012/11/16 11:24:50 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2012/11/16 11:24:48 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/16 11:24:48 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012/11/16 11:24:48 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2012/11/16 11:24:47 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/11/16 11:24:47 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/11/16 11:24:47 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/11/16 11:24:47 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/11/16 11:24:47 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2012/11/16 11:24:46 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2012/11/16 11:24:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2012/11/16 11:24:46 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2012/11/16 11:24:45 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2012/11/16 11:24:45 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2012/11/16 11:24:45 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2012/11/16 11:24:45 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2012/11/16 11:24:44 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/16 11:24:43 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2012/11/16 11:24:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2012/11/16 11:24:43 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2012/11/16 11:23:09 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/11/16 11:23:09 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/11/16 11:23:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/11/16 11:23:08 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012/11/16 11:23:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012/11/16 11:23:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/11/16 11:22:09 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/11/16 11:22:09 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/11/16 11:21:17 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/11/16 11:20:23 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/11/16 11:20:23 | 000,213,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/16 11:20:23 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/11/16 11:20:23 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/16 11:20:23 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2012/11/16 11:18:43 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2012/11/16 11:18:43 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2012/11/16 11:18:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2012/11/16 11:17:59 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/11/16 11:17:03 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2012/11/16 11:17:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2012/11/16 11:16:13 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/11/16 11:16:12 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/11/16 11:14:11 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/11/16 11:14:11 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/11/16 11:14:11 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/16 11:14:11 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2012/11/16 11:14:11 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2012/11/16 11:14:09 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2012/11/16 11:12:39 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2012/11/16 11:12:39 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2012/11/16 11:11:55 | 002,032,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/16 11:11:10 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/11/16 11:11:10 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2012/11/16 11:10:14 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2012/11/16 11:10:14 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2012/11/16 11:09:19 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/11/16 11:09:19 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/11/16 11:09:19 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/11/16 11:09:19 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/11/16 11:09:19 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/11/16 11:09:19 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/11/16 11:09:19 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/11/16 11:09:19 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/11/16 11:09:19 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/11/16 11:08:28 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2012/11/16 11:07:10 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/16 10:52:55 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/11/16 10:52:55 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/11/16 10:52:55 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2012/11/16 10:52:55 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2012/11/16 10:52:53 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/11/16 10:52:52 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/11/16 10:52:52 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/11/16 10:52:52 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/11/16 10:45:07 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/11/16 10:45:06 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/11/16 10:45:06 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/11/16 10:33:30 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/11/16 10:33:28 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/11/16 10:33:28 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/11/16 10:33:02 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/11/16 10:33:02 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/11/16 10:31:56 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2012/11/16 10:31:27 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2012/11/16 10:30:42 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2012/11/16 10:30:42 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/11/16 10:29:14 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2012/11/16 10:29:14 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2012/11/16 10:28:59 | 000,323,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/11/16 10:28:03 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2012/11/16 10:28:03 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2012/11/16 10:28:03 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/11/16 10:28:03 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2012/11/16 10:27:40 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/11/16 10:27:12 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/11/16 10:27:11 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/11/16 10:27:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/11/16 10:27:09 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/11/16 09:28:09 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/11/16 09:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/11/16 08:53:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials
[2012/11/16 08:52:13 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
 
========== Files Created - No Company Name ==========
 
[2012/11/17 13:59:22 | 000,012,865 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/11/17 12:46:37 | 000,000,760 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 12:46:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/11/17 11:09:52 | 000,000,104 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Computer - Verknüpfung.lnk
[2012/11/17 11:09:46 | 000,000,792 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2012/11/17 08:50:07 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/11/17 08:50:06 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/11/17 08:48:03 | 3219,709,952 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/17 08:33:59 | 000,010,060 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2012/11/17 07:21:59 | 002,621,440 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/11/17 07:21:59 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2012/11/17 07:21:59 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2012/11/16 18:35:44 | 000,000,009 | ---- | C] () -- C:\DVD.TAG
[2012/11/16 14:16:53 | 000,000,213 | ---- | C] () -- C:\Users\Emre\Desktop\Team Fortress 2.url
[2012/11/16 14:01:51 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/11/16 13:55:19 | 000,000,876 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/16 13:55:19 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/16 13:55:19 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/16 12:12:04 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012/11/16 12:04:53 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/11/16 11:33:24 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/16 09:28:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/16 09:17:15 | 000,166,624 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2012/11/16 09:17:15 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/11/16 09:17:14 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/11/16 08:52:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/11/16 08:50:21 | 000,000,955 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/16 08:50:20 | 000,000,950 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/16 08:50:11 | 000,000,921 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/11/16 08:50:09 | 000,001,356 | ---- | C] () -- C:\Users\Emre\AppData\Local\d3d9caps.dat
[2012/11/16 08:50:07 | 000,000,258 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/16 08:50:07 | 000,000,240 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/24 17:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/24 09:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/19 23:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/02 12:05:47 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/08/02 11:55:01 | 000,641,032 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007/08/02 11:55:01 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007/08/02 11:55:01 | 000,116,682 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007/08/02 11:55:01 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/11 11:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003/02/27 12:07:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
 
========== LOP Check ==========
 
[2012/11/16 09:17:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2007/08/03 05:20:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/11/20 14:07:16 | 000,008,920 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Swisstreasure 23.11.2012 12:28
Schritt 1

Fixen mit OTLpe
  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.
  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
    Code:
    :OTL
    O4 - Startup: C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
    [2012/11/17 12:46:37 | 000,000,760 | ---- | M] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012/11/17 12:46:33 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
    [2012/11/17 12:46:37 | 000,000,760 | ---- | C] () -- C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012/11/17 12:46:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
    [2012/11/17 12:46:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
    :Commands
    [purity]
    [emptytemp]
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
  • Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

0belix 23.11.2012 23:51
-OTL FIX wurde durchgeführt
Code:
========== OTL ==========
C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\lsass.exe moved successfully.
File C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File C:\ProgramData\lsass.exe not found.
File C:\Users\Emre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
C:\ProgramData\0tbpw.pad moved successfully.
File C:\ProgramData\lsass.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Emre
->Temp folder emptied: 44681498 bytes
->Temporary Internet Files folder emptied: 3268232 bytes
->Java cache emptied: 406699 bytes
->FireFox cache emptied: 74290712 bytes
->Flash cache emptied: 706 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3127806 bytes
 
Total Files Cleaned = 120.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11232012_231959
- Computer kann wieder Booten
- Internet zugang möglich ohne das GVU den Computer wieder sperrt
- Malewarebytes heruntergeladen, installiert und ausgeführt

Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.23.09

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Emre :: EMRE-PC [Administrator]

Schutz: Aktiviert

23.11.2012 23:40:57
mbam-log-2012-11-23 (23-40-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203897
Laufzeit: 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

0belix 25.11.2012 00:46
Hallo Swisstreasure!

Ich hab heute zusätzlich nochmal alle Festplatten gescannt, doch diesmal hat er auf der externen Festplatte doch was gefunden. Hier das ergebniss:
Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.24.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Emre :: EMRE-PC [Administrator]

Schutz: Aktiviert

24.11.2012 13:15:51
mbam-log-2012-11-24 (13-15-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 567627
Laufzeit: 2 Stunde(n), 25 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
E:\SoftonicDownloader_fuer_windows-live-messenger.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\DSK\Emre\{374DE290-123F-4565-9164-39C4925E467B}\SoftonicDownloader_fuer_windows-live-messenger.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

0belix 26.11.2012 17:48
System ist ganz abgestürtzt -.-. Blue Screen mit 1 * Lang 2* Kurz Warnsingnale... Ist ein Hardwarefehler. Damit ist die Sache abgeschlossen.

Danke für die Hilfe :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:46 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129