Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojanerwarnung nach XP Neuinstallation (https://www.trojaner-board.de/90247-trojanerwarnung-xp-neuinstallation.html)

pondex 31.08.2010 06:07
Trojanerwarnung nach XP Neuinstallation
 
Guten Morgen!
Nach einer Neuinstallation von Win XP machte ich routinemäßig einen Malwarescan. Dieser zeigte mir infizierte Dateien an. Wenn dem so ist, muß dies entweder von einer der Websides,die ich regelmäßig besuche oder wohl durch eine der alten Dateien, die ich übernommen habe entstanden sein(andere Möglickeiten gibt es wohl auch nicht). Mein XP verfügt über die letzten Servicepakete 2 und 3. Ich weiß nicht recht, was ich tun soll und habe die Malware hier mal angehängt
Danke schon mal:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.08.2010 22:30:41
mbam-log-2010-08-30 (22-30-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 187817
Laufzeit: 2 Stunde(n), 20 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 31.08.2010 09:03
Glückwunsch, Du hast Dir nach der Neuinstallation wieder Malware ins Boot geholt :D
Hast Du denn formatiert und nur Windows einmal drüberinstalliert? Und wann genau war das?

pondex 31.08.2010 09:26
Hi,
Am 20.08 habe ich formatiert und danach XP von der CD neuinstalliert und dann Servicepack 2 und 3 installiert.

cosinus 31.08.2010 11:45
Ja, wenn du formatiert hast, hast Du Dir mit dem frischen System wieder neue Malware heruntergeladen und ausgeführt. Von allein kommt die nicht ins System.
Hast Du alte Programmsetups behalten und auf dem frischen Windows wieder ausgeführt?

pondex 31.08.2010 11:56
Zitat:
Hast Du alte Programmsetups behalten und auf dem frischen Windows wieder ausgeführt?
Ich habe einige Setups gesichert aber nur sehr wenige ausgeführt, somit kann ich das nicht ganz ausschließen, allerdings vermute ich, daß ich übers web irgendetwas geladen habe.

cosinus 31.08.2010 12:46
Willst Du jetzt wieder formatieren oder bereinigen?

pondex 31.08.2010 12:49
Am Liebsten bereinigen,wenn möglich!

cosinus 31.08.2010 12:53
Zitat:
Datenbank Version: 4052
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

pondex 31.08.2010 15:04
Hallo Arne,
der Malscan ist fertig, ich wußte nicht ob ich die gefundenen Daten entfernen sollte, also habe ich dies noch nicht getan.
Hier die log.:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4513

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.08.2010 15:57:55
mbam-log-2010-08-31 (15-57-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 204328
Laufzeit: 1 Stunde(n), 54 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvo.exe (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.

cosinus 31.08.2010 19:48
Dann brauch ich jetzt ein frisches OTL-Log (OTL.txt) stell aber mal das Dateialter auf min. 90 tage.

pondex 01.09.2010 07:24
Guten Morgen,
ich bekomme das OTL log hier nicht hinein, stattdessen die Fehlermeldung, daß es zu viele Zeichen hat.Wenn ich es versuche aufzuteilen und in Teilen hier posten möchte, bekomme ich die Meldung:
Code:
Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838

pondex 01.09.2010 08:47
Code:
OTL logfile created on: 01.09.2010 07:04:57 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\Ralf Sievert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
512,00 Mb Total Physical Memory | 181,00 Mb Available Physical Memory | 35,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 50,97 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RALF-SIEVERT
Current User Name: Ralf Sievert
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.01 07:01:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.06.09 10:06:38 | 000,976,832 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.22 17:19:11 | 001,540,096 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.18 15:31:22 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.12.28 02:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2003.06.10 19:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.01 07:01:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe
MOD - [2008.04.14 07:51:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.12.28 02:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.10.04 18:14:00 | 006,854,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.12.28 02:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 02:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003.12.31 12:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.10.30 23:37:00 | 000,076,117 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003.10.30 23:37:00 | 000,032,631 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003.10.30 23:37:00 | 000,010,005 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003.06.19 15:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002.06.21 14:39:28 | 000,469,935 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
DRV - [2001.08.17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.29 20:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.29 09:54:17 | 000,000,000 | ---D | M]
 
[2010.08.28 15:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Extensions
[2010.08.31 10:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions
[2010.08.31 10:23:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.30 19:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.29 09:54:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.29 09:53:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz]  File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKCU..\Run: [DriverMax]  File not found
O4 - HKCU..\Run: [DriverMax_RESTART]  File not found
O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe (OpenSC Project)
O4 - Startup: C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.25 15:09:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.01 07:02:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe
[2010.08.31 15:58:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Malwarelog
[2010.08.31 14:00:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.31 14:00:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.31 14:00:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.31 13:51:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Macromedia
[2010.08.31 07:53:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.30 20:36:00 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\PrivacIE
[2010.08.30 19:43:39 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Gpiria.exe
[2010.08.30 18:31:25 | 000,557,568 | ---- | C] (Ikysasoft s.r.l. uninominale) -- C:\WINDOWS\System32\B4FM.dll
[2010.08.30 18:31:18 | 000,000,000 | ---D | C] -- C:\Programme\Burn4Free
[2010.08.30 16:48:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\IETldCache
[2010.08.30 16:28:27 | 000,000,000 | ---D | C] -- C:\2163129675308c8e2756
[2010.08.30 16:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010.08.30 16:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.08.30 16:09:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.08.30 16:09:04 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.08.30 16:09:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.08.30 16:09:03 | 011,077,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.08.30 16:09:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.08.30 16:08:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.08.30 16:06:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.08.29 20:08:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Setups Zusatzpr
[2010.08.29 20:07:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\WXPupdates
[2010.08.29 19:35:41 | 000,000,000 | ---D | C] -- C:\Programme\Netzmanager
[2010.08.29 19:35:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2010.08.29 19:35:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2010.08.29 18:13:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\itunes kopie
[2010.08.29 09:55:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.08.29 09:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.08.29 09:54:17 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.08.29 09:54:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.29 09:54:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.29 09:54:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.29 09:54:17 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.08.29 09:40:12 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.08.29 09:40:02 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.08.29 09:39:59 | 000,000,000 | ---D | C] -- C:\Programme\Stellwerk Hannover
[2010.08.29 09:39:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.08.29 09:39:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010.08.29 09:39:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010.08.29 09:37:47 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.08.29 09:37:47 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.08.29 09:37:46 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010.08.29 09:37:45 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.08.29 09:36:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010.08.29 09:36:25 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010.08.29 09:34:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.08.29 09:34:09 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.08.29 09:33:57 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010.08.29 09:31:52 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.08.29 09:30:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010.08.29 09:30:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010.08.28 18:13:57 | 000,000,000 | ---D | C] -- C:\Programme\Virtual Sailor
[2010.08.28 18:05:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Apple Computer
[2010.08.28 18:04:54 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.08.28 18:04:00 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.08.28 18:03:49 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.08.28 18:03:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.28 18:02:22 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.08.28 18:02:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.08.28 18:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.08.28 18:01:48 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.08.28 18:01:35 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.08.28 18:00:58 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.08.28 18:00:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.08.28 18:00:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.08.28 17:59:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.08.28 17:29:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Adobe
[2010.08.28 17:01:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2010.08.28 16:56:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\T-Online
[2010.08.28 16:54:04 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010.08.28 16:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010.08.28 16:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010.08.28 16:46:50 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010.08.28 16:46:18 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010.08.28 16:39:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.08.28 16:39:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared
[2010.08.28 16:38:46 | 000,000,000 | ---D | C] -- C:\Programme\T-Online
[2010.08.28 16:05:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Recent
[2010.08.28 15:55:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.08.28 15:55:43 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.08.28 15:55:43 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.08.28 15:55:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.08.28 15:55:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.08.28 15:55:42 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.08.28 15:55:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.08.28 15:49:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Eigene Videos
[2010.08.28 15:49:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2010.08.28 15:48:43 | 000,018,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.08.28 15:48:21 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2010.08.28 15:46:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010.08.28 15:46:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010.08.28 15:44:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2010.08.28 15:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.08.28 15:43:33 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.08.28 15:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.08.28 15:38:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2010.08.28 15:32:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Downloads
[2010.08.28 15:29:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2010.08.28 15:29:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla
[2010.08.28 15:29:37 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.08.28 15:27:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.08.28 15:22:03 | 001,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010.08.28 15:22:03 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010.08.28 15:22:03 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010.08.28 15:22:01 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMSPDMOE.dll
[2010.08.28 15:22:01 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2010.08.28 15:22:01 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2010.08.28 15:22:01 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010.08.28 15:22:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010.08.28 15:22:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2010.08.28 15:22:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2010.08.28 15:22:00 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2010.08.28 15:21:59 | 010,841,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010.08.28 15:21:59 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2010.08.28 15:21:59 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2010.08.28 15:21:58 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010.08.28 15:21:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2010.08.28 15:21:57 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010.08.28 15:21:57 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010.08.28 15:21:57 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010.08.28 15:21:57 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010.08.28 15:21:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010.08.28 15:21:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP4SDMOD.dll
[2010.08.28 15:21:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP43DMOD.dll
[2010.08.28 15:21:48 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010.08.28 15:21:47 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010.08.28 15:21:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010.08.28 15:21:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010.08.28 15:21:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010.08.28 15:21:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010.08.28 15:21:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010.08.28 15:21:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010.08.28 15:21:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010.08.28 15:21:46 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010.08.28 15:21:46 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010.08.28 15:21:46 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010.08.28 15:21:46 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010.08.28 15:21:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010.08.28 15:21:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010.08.28 15:21:46 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010.08.28 15:21:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010.08.28 15:21:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010.08.28 15:21:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010.08.28 15:21:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010.08.28 15:21:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010.08.28 15:21:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010.08.28 15:21:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010.08.28 15:21:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010.08.28 15:21:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010.08.28 15:21:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010.08.28 15:21:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010.08.28 15:21:43 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010.08.28 15:21:43 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010.08.28 15:21:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010.08.28 15:21:43 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010.08.28 15:21:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010.08.28 15:21:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010.08.28 15:21:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010.08.28 15:21:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010.08.28 15:21:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010.08.28 15:21:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010.08.28 15:21:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010.08.28 15:21:42 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010.08.28 15:21:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010.08.28 15:21:41 | 000,779,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010.08.28 15:21:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010.08.28 15:21:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010.08.28 15:21:40 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010.08.28 15:21:40 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010.08.28 15:21:40 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010.08.28 15:21:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010.08.28 15:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2010.08.28 15:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.08.28 15:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.08.28 15:18:51 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2010.08.28 15:18:51 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2010.08.28 15:18:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2010.08.28 15:18:50 | 000,991,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2010.08.28 15:18:50 | 000,500,278 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010.08.28 15:18:50 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2010.08.28 15:18:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2010.08.28 15:18:50 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2010.08.28 15:18:47 | 000,847,898 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010.08.28 15:18:47 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2010.08.28 15:18:47 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010.08.28 15:18:47 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2010.08.28 15:18:47 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2010.08.28 15:18:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010.08.28 15:18:47 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2010.08.28 15:18:47 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2010.08.28 15:18:47 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2010.08.28 15:18:47 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010.08.28 15:18:47 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2010.08.28 15:18:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2010.08.28 15:18:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\LAPRXY.dll
[2010.08.28 15:18:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010.08.28 15:18:47 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010.08.28 15:18:47 | 000,004,126 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010.08.28 15:18:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MPG4DMOD.dll
[2010.08.28 15:18:46 | 001,679,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010.08.28 15:18:46 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2010.08.28 15:18:46 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2010.08.28 15:18:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2010.08.28 15:18:44 | 008,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2010.08.28 15:18:44 | 001,117,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOE.dll
[2010.08.28 15:18:44 | 000,938,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetMgr.dll
[2010.08.28 15:18:44 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOD.dll
[2010.08.28 15:18:44 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2010.08.28 15:18:44 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2010.08.28 15:18:44 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2010.08.28 15:18:44 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMASF.dll
[2010.08.28 15:18:44 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2010.08.28 15:18:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2010.08.28 15:18:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010.08.28 15:18:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2010.08.28 15:18:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2010.08.28 15:18:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2010.08.28 15:18:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2010.08.28 15:18:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2010.08.28 15:18:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2010.08.28 15:18:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2010.08.28 15:18:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2010.08.28 15:17:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.08.28 15:17:05 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010.08.28 14:40:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2010.08.28 14:40:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2010.08.28 14:40:23 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010.08.28 14:40:23 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010.08.28 14:40:23 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010.08.28 14:40:23 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010.08.28 14:40:23 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010.08.28 14:40:23 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010.08.28 14:40:22 | 000,701,952 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010.08.28 14:40:22 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010.08.28 14:40:22 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010.08.28 14:40:22 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010.08.28 14:40:22 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010.08.28 14:40:22 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010.08.28 14:40:22 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010.08.28 14:40:22 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010.08.28 14:40:22 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010.08.28 14:40:22 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010.08.28 14:40:22 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010.08.28 14:40:22 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010.08.28 14:40:22 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010.08.28 14:40:22 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010.08.28 14:40:22 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010.08.28 14:40:22 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010.08.28 14:40:22 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010.08.28 14:40:22 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010.08.28 14:40:22 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010.08.28 14:40:21 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010.08.28 14:40:21 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010.08.28 14:40:21 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010.08.28 14:40:21 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010.08.28 14:40:21 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010.08.28 14:40:21 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010.08.28 14:40:21 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010.08.28 14:40:21 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010.08.28 14:40:21 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010.08.28 14:40:21 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010.08.28 14:40:21 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010.08.28 14:40:21 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010.08.28 14:40:20 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010.08.28 14:40:20 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010.08.28 14:40:20 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010.08.28 14:40:20 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010.08.28 14:40:20 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010.08.28 14:40:20 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010.08.28 14:40:20 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.08.28 14:40:20 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010.08.28 14:40:20 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010.08.28 14:40:20 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010.08.28 14:40:19 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010.08.28 14:40:19 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010.08.28 14:40:19 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010.08.28 14:40:19 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010.08.28 14:40:19 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010.08.28 14:40:19 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010.08.28 14:40:19 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010.08.28 14:40:19 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010.08.28 14:40:19 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010.08.28 14:40:19 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010.08.28 14:40:19 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010.08.28 14:40:19 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010.08.28 14:40:19 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010.08.28 14:40:19 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010.08.28 14:40:19 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010.08.28 14:40:19 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010.08.28 14:40:18 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010.08.28 14:40:18 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010.08.28 14:40:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2010.08.28 14:40:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2010.08.28 14:40:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2010.08.28 14:40:18 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010.08.28 14:40:18 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010.08.28 14:40:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2010.08.28 14:40:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2010.08.28 14:40:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2010.08.28 14:40:18 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010.08.28 14:40:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010.08.28 14:40:17 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2010.08.28 14:40:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2010.08.28 14:40:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2010.08.28 14:40:17 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010.08.28 14:40:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2010.08.28 14:40:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2010.08.28 14:40:15 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2010.08.28 14:40:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2010.08.28 14:40:15 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010.08.28 14:40:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2010.08.28 14:40:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2010.08.28 14:40:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2010.08.28 14:40:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2010.08.28 14:40:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2010.08.28 14:40:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2010.08.28 14:40:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2010.08.28 14:40:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2010.08.28 14:40:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2010.08.28 14:40:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2010.08.28 14:40:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2010.08.28 14:40:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP4SDMOD.dll
[2010.08.28 14:40:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MP43DMOD.dll
[2010.08.28 14:40:14 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010.08.28 14:40:14 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2010.08.28 14:40:14 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2010.08.28 14:40:14 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2010.08.28 14:40:14 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2010.08.28 14:40:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2010.08.28 14:40:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2010.08.28 14:40:13 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010.08.28 14:40:13 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010.08.28 14:40:13 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010.08.28 14:40:13 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010.08.28 14:40:13 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010.08.28 14:40:13 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010.08.28 14:40:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2010.08.28 14:40:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2010.08.28 14:40:12 | 002,981,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2010.08.28 14:40:12 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
[2010.08.28 14:40:12 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
[2010.08.28 14:40:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2010.08.28 14:40:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010.08.28 14:40:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2010.08.28 14:40:11 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WMSPDMOE.dll
[2010.08.28 14:40:11 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
[2010.08.28 14:40:11 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
[2010.08.28 14:40:11 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2010.08.28 14:40:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
[2010.08.28 14:40:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
[2010.08.28 14:40:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2010.08.28 14:40:10 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010.08.28 14:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet

pondex 01.09.2010 08:50
Code:
[2010.08.28 14:40:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010.08.28 14:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010.08.28 14:31:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.08.28 14:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010.08.28 13:33:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.08.28 13:33:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.08.28 13:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010.08.28 13:32:23 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010.08.28 13:32:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.08.28 13:31:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010.08.28 13:31:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010.08.28 13:31:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010.08.28 13:28:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.08.28 13:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.08.28 13:27:10 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010.08.28 13:27:10 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010.08.28 13:27:10 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010.08.28 13:27:10 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010.08.28 13:27:10 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010.08.28 13:27:10 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010.08.28 13:20:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\UserData
[2010.08.27 13:01:29 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.08.27 13:01:29 | 000,000,000 | ---D | C] -- C:\Programme\VID_0E8F&PID_0012
[2010.08.27 13:01:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2010.08.27 12:34:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Malwarebytes
[2010.08.27 12:33:54 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.26 21:45:45 | 000,143,360 | ---- | C] (MicroDexterity, Inc.) -- C:\WINDOWS\System32\Stamin32.Dll
[2010.08.26 21:45:45 | 000,096,256 | ---- | C] (ITB CompuPhase) -- C:\WINDOWS\System32\Eplay32.dll
[2010.08.26 21:45:44 | 000,667,136 | ---- | C] (OLYMPUS Software Europe GmbH) -- C:\WINDOWS\System32\oik32.ocx
[2010.08.26 21:45:44 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\vsflex7L.ocx
[2010.08.26 21:45:44 | 000,302,088 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\Strip.ocx
[2010.08.26 21:45:44 | 000,187,392 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\Slider.ocx
[2010.08.26 21:45:44 | 000,119,288 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\LED.ocx
[2010.08.26 21:45:44 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx
[2010.08.26 21:45:44 | 000,112,776 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\WINDOWS\System32\mcast50.ocx
[2010.08.26 21:45:44 | 000,110,096 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\Toggle.ocx
[2010.08.26 21:45:44 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mswinsck.ocx
[2010.08.26 21:45:44 | 000,108,560 | ---- | C] (Global Majic Software, Inc.) -- C:\WINDOWS\System32\NumLED.ocx
[2010.08.26 21:45:01 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010.08.26 21:45:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010.08.26 21:45:01 | 000,000,000 | ---D | C] -- C:\Programme\poc
[2010.08.26 21:45:00 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010.08.26 20:11:53 | 000,000,000 | ---D | C] -- C:\Programme\PANZERS - Phase1
[2010.08.26 17:19:25 | 000,000,000 | ---D | C] -- C:\Programme\EA SPORTS
[2010.08.26 10:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\FIFA 2005
[2010.08.26 09:08:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\WinRAR
[2010.08.26 09:08:35 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.08.26 08:44:15 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.08.26 08:44:13 | 000,000,000 | ---D | C] -- C:\Programme\CreationCentre 2005
[2010.08.26 08:40:39 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2010.08.26 08:40:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Fifa
[2010.08.25 18:24:53 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys
[2010.08.25 18:24:49 | 000,265,088 | R--- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb.sys
[2010.08.25 18:24:46 | 000,074,240 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlanci.org
[2010.08.25 18:11:14 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick
[2010.08.25 18:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AVM_Driver
[2010.08.25 18:11:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\AVM_Driver
[2010.08.25 17:40:40 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys
[2010.08.25 17:40:40 | 000,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2010.08.25 17:40:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010.08.25 17:40:33 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010.08.25 17:34:54 | 000,126,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftdisk.sys
[2010.08.25 16:58:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010.08.25 16:58:34 | 000,074,240 | R--- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlanci.dll
[2010.08.25 16:57:36 | 000,069,504 | ---- | C] (Realtek Semiconductor Corporation                          ) -- C:\WINDOWS\System32\drivers\Rtlnic51.sys
[2010.08.25 16:54:28 | 015,820,588 | ---- | C] (Quality Simulations                                        ) -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\vs_update.exe
[2010.08.25 16:51:05 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys
[2010.08.25 16:51:05 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2010.08.25 16:50:58 | 000,469,935 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelH51.sys
[2010.08.25 16:49:15 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010.08.25 16:49:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.08.25 16:49:12 | 000,010,005 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\wf2kXbar.sys
[2010.08.25 16:48:47 | 000,032,631 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\wf2ktunr.sys
[2010.08.25 16:48:03 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010.08.25 16:48:01 | 008,605,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010.08.25 16:48:01 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2010.08.25 16:48:01 | 000,752,764 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2010.08.25 16:48:01 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3D.dll
[2010.08.25 16:48:01 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2010.08.25 16:48:01 | 000,055,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010.08.25 16:45:43 | 000,076,117 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\wf2kvcap.sys
[2010.08.25 16:45:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\audstub.sys
[2010.08.25 16:44:07 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010.08.25 16:44:07 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010.08.25 16:44:07 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010.08.25 16:44:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010.08.25 16:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010.08.25 16:42:16 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010.08.25 16:42:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010.08.25 16:41:21 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2010.08.25 16:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010.08.25 16:40:02 | 008,491,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010.08.25 16:40:02 | 002,371,584 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2010.08.25 16:40:01 | 005,783,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010.08.25 16:40:01 | 005,783,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010.08.25 16:40:01 | 005,509,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispsr.dll
[2010.08.25 16:40:01 | 003,629,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvsr.dll
[2010.08.25 16:40:01 | 003,166,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgamesr.dll
[2010.08.25 16:40:01 | 002,854,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmoblsr.dll
[2010.08.25 16:40:01 | 002,441,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwssr.dll
[2010.08.25 16:40:01 | 000,458,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccssr.dll
[2010.08.25 16:40:01 | 000,364,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010.08.25 16:40:00 | 006,854,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010.08.25 16:40:00 | 006,854,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010.08.25 16:39:59 | 006,750,208 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010.08.25 16:39:59 | 006,344,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2010.08.25 16:39:59 | 003,551,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2010.08.25 16:39:59 | 003,334,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2010.08.25 16:39:59 | 001,150,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2010.08.25 16:39:59 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010.08.25 16:39:59 | 000,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2010.08.25 16:39:59 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010.08.25 16:39:59 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010.08.25 16:39:59 | 000,036,864 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010.08.25 16:39:59 | 000,036,864 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010.08.25 16:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.08.25 16:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.08.25 16:37:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Innovative Solutions
[2010.08.25 16:37:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2010.08.25 16:37:16 | 000,000,000 | ---D | C] -- C:\Programme\Innovative Solutions
[2010.08.25 16:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.25 16:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\My Drivers
[2010.08.25 16:14:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\ShipSim2008 UserData
[2010.08.25 16:03:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\SS
[2010.08.25 15:57:46 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010.08.25 15:57:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010.08.25 15:57:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010.08.25 15:57:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010.08.25 15:57:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010.08.25 15:57:44 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010.08.25 15:57:44 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010.08.25 15:57:44 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010.08.25 15:57:43 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010.08.25 15:57:43 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010.08.25 15:57:43 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010.08.25 15:57:43 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010.08.25 15:57:43 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010.08.25 15:57:42 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010.08.25 15:57:42 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010.08.25 15:57:42 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010.08.25 15:57:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010.08.25 15:57:38 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010.08.25 15:57:38 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010.08.25 15:57:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010.08.25 15:57:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010.08.25 15:57:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010.08.25 15:57:37 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010.08.25 15:57:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010.08.25 15:57:36 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010.08.25 15:57:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010.08.25 15:57:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010.08.25 15:56:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wstdecod.dll
[2010.08.25 15:56:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010.08.25 15:56:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbisurf.ax
[2010.08.25 15:56:55 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010.08.25 15:56:54 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010.08.25 15:56:54 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010.08.25 15:56:54 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.08.25 15:56:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.08.25 15:56:54 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010.08.25 15:56:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.08.25 15:56:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010.08.25 15:56:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.08.25 15:56:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010.08.25 15:56:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010.08.25 15:56:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010.08.25 15:56:53 | 001,297,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll
[2010.08.25 15:56:53 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qedit.dll
[2010.08.25 15:56:53 | 000,387,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qdvd.dll
[2010.08.25 15:56:53 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qdv.dll
[2010.08.25 15:56:53 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qasf.dll
[2010.08.25 15:56:53 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2010.08.25 15:56:52 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2010.08.25 15:56:52 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2010.08.25 15:56:52 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2010.08.25 15:56:52 | 001,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8.dll
[2010.08.25 15:56:52 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcap.dll
[2010.08.25 15:56:52 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmo.dll
[2010.08.25 15:56:52 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmime.dll
[2010.08.25 15:56:52 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvvox.dll
[2010.08.25 15:56:52 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyle.dll
[2010.08.25 15:56:52 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusic.dll
[2010.08.25 15:56:52 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynth.dll
[2010.08.25 15:56:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2010.08.25 15:56:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscript.dll
[2010.08.25 15:56:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmoprp.dll
[2010.08.25 15:56:52 | 000,066,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010.08.25 15:56:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompos.dll
[2010.08.25 15:56:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devenum.dll
[2010.08.25 15:56:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloader.dll
[2010.08.25 15:56:52 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz32.dll
[2010.08.25 15:56:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmband.dll
[2010.08.25 15:56:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2010.08.25 15:56:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswave.dll
[2010.08.25 15:56:51 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvoice.dll
[2010.08.25 15:56:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvacm.dll
[2010.08.25 15:56:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2010.08.25 15:56:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2010.08.25 15:56:50 | 001,293,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound3d.dll
[2010.08.25 15:56:50 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx8vb.dll
[2010.08.25 15:56:50 | 000,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim700.dll
[2010.08.25 15:56:50 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx7vb.dll
[2010.08.25 15:56:50 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2010.08.25 15:56:50 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound.dll
[2010.08.25 15:56:50 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2010.08.25 15:56:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplayx.dll
[2010.08.25 15:56:50 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2010.08.25 15:56:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsockx.dll
[2010.08.25 15:56:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2010.08.25 15:56:50 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2010.08.25 15:56:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2010.08.25 15:56:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpmodemx.dll
[2010.08.25 15:56:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8thk.dll
[2010.08.25 15:56:50 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2010.08.25 15:51:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\rtl8139.sys
[2010.08.25 15:50:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC
[2010.08.25 15:50:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010.08.25 15:50:22 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010.08.25 15:50:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010.08.25 15:50:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010.08.25 15:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines
[2010.08.25 15:50:20 | 000,000,000 | R--D | C] -- C:\Programme

pondex 01.09.2010 08:52
Code:
[2010.08.25 15:50:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared
[2010.08.25 15:50:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.25 15:50:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010.08.25 15:50:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010.08.25 15:50:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010.08.25 15:50:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010.08.25 15:50:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010.08.25 15:50:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010.08.25 15:50:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010.08.25 15:50:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010.08.25 15:50:15 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010.08.25 15:50:15 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010.08.25 15:50:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010.08.25 15:50:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010.08.25 15:50:14 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010.08.25 15:50:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010.08.25 15:50:14 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010.08.25 15:50:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010.08.25 15:50:14 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010.08.25 15:50:14 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010.08.25 15:50:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010.08.25 15:50:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010.08.25 15:50:14 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010.08.25 15:50:14 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010.08.25 15:50:14 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010.08.25 15:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010.08.25 15:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010.08.25 15:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010.08.25 15:50:13 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010.08.25 15:50:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010.08.25 15:50:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010.08.25 15:50:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010.08.25 15:50:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010.08.25 15:50:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010.08.25 15:50:12 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010.08.25 15:50:12 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010.08.25 15:50:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010.08.25 15:50:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010.08.25 15:50:11 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010.08.25 15:50:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010.08.25 15:50:11 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010.08.25 15:50:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010.08.25 15:50:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010.08.25 15:50:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010.08.25 15:50:11 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010.08.25 15:50:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010.08.25 15:50:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010.08.25 15:50:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010.08.25 15:50:10 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010.08.25 15:50:10 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010.08.25 15:50:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010.08.25 15:50:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010.08.25 15:50:08 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010.08.25 15:50:08 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010.08.25 15:50:08 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010.08.25 15:50:08 | 000,103,936 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010.08.25 15:50:08 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010.08.25 15:50:08 | 000,086,556 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010.08.25 15:50:08 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010.08.25 15:50:08 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010.08.25 15:50:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010.08.25 15:50:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010.08.25 15:50:08 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2010.08.25 15:50:08 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010.08.25 15:50:08 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2010.08.25 15:50:08 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010.08.25 15:50:07 | 000,127,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2010.08.25 15:50:07 | 000,127,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010.08.25 15:50:07 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2010.08.25 15:50:07 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010.08.25 15:50:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2010.08.25 15:50:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2010.08.25 15:50:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010.08.25 15:50:07 | 000,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2010.08.25 15:50:07 | 000,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010.08.25 15:50:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2010.08.25 15:50:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010.08.25 15:50:07 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2010.08.25 15:50:07 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010.08.25 15:50:07 | 000,009,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2010.08.25 15:50:07 | 000,009,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010.08.25 15:50:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2010.08.25 15:50:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010.08.25 15:50:07 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2010.08.25 15:50:07 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010.08.25 15:50:07 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2010.08.25 15:50:07 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010.08.25 15:50:07 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2010.08.25 15:50:07 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010.08.25 15:50:07 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2010.08.25 15:50:07 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010.08.25 15:50:07 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2010.08.25 15:50:07 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010.08.25 15:50:06 | 000,109,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2010.08.25 15:50:06 | 000,109,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010.08.25 15:50:06 | 000,073,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2010.08.25 15:50:06 | 000,073,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010.08.25 15:50:06 | 000,070,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2010.08.25 15:50:06 | 000,070,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010.08.25 15:50:06 | 000,033,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2010.08.25 15:50:06 | 000,033,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010.08.25 15:50:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010.08.25 15:50:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010.08.25 15:50:06 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2010.08.25 15:50:06 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010.08.25 15:50:06 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2010.08.25 15:50:06 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010.08.25 15:50:05 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2010.08.25 15:50:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010.08.25 15:49:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü
[2010.08.25 15:49:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente
[2010.08.25 15:49:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen
[2010.08.25 15:49:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten
[2010.08.25 15:49:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2010.08.25 15:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010.08.25 15:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010.08.25 15:49:40 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
[2010.08.25 15:49:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2010.08.25 15:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2010.08.25 15:48:46 | 000,000,000 | ---D | C] -- C:\Programme\Vstep
[2010.08.25 15:39:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.25 15:38:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\VS
[2010.08.25 15:33:59 | 000,000,000 | ---D | C] -- C:\Programme\directx
[2010.08.25 15:32:55 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\WINDOWS\System32\dxtmeta2.dll
[2010.08.25 15:27:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2010.08.25 15:22:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Identities
[2010.08.25 15:21:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Eigene Musik
[2010.08.25 15:21:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.08.25 15:21:53 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft
[2010.08.25 15:21:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\SendTo
[2010.08.25 15:21:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten
[2010.08.25 15:21:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Favoriten
[2010.08.25 15:21:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien
[2010.08.25 15:21:53 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\Eigene Bilder
[2010.08.25 15:21:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Cookies
[2010.08.25 15:21:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Netzwerkumgebung
[2010.08.25 15:21:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen
[2010.08.25 15:21:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Druckumgebung
[2010.08.25 15:21:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Anwendungsdaten\Sun
[2010.08.25 15:21:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop
[2010.08.25 15:21:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010.08.25 15:21:52 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü
[2010.08.25 15:21:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Ralf Sievert\Vorlagen
[2010.08.25 15:20:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.08.25 15:20:23 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2010.08.25 15:20:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.08.25 15:20:22 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.08.25 15:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.08.25 15:15:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010.08.25 15:15:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010.08.25 15:15:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010.08.25 15:15:55 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010.08.25 15:15:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010.08.25 15:15:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010.08.25 15:15:54 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010.08.25 15:15:54 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010.08.25 15:15:52 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010.08.25 15:15:52 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010.08.25 15:15:51 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010.08.25 15:15:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010.08.25 15:15:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010.08.25 15:15:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010.08.25 15:15:47 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010.08.25 15:15:47 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010.08.25 15:15:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010.08.25 15:15:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010.08.25 15:15:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010.08.25 15:15:46 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010.08.25 15:15:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010.08.25 15:15:46 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010.08.25 15:15:43 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010.08.25 15:15:42 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010.08.25 15:15:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010.08.25 15:15:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010.08.25 15:15:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010.08.25 15:15:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2010.08.25 15:15:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010.08.25 15:15:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010.08.25 15:15:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010.08.25 15:15:39 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010.08.25 15:15:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010.08.25 15:15:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010.08.25 15:15:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010.08.25 15:15:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010.08.25 15:15:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010.08.25 15:15:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010.08.25 15:15:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010.08.25 15:15:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010.08.25 15:15:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010.08.25 15:15:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010.08.25 15:15:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010.08.25 15:15:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010.08.25 15:15:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010.08.25 15:15:34 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2010.08.25 15:15:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010.08.25 15:15:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010.08.25 15:15:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2010.08.25 15:15:32 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.08.25 15:15:32 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.08.25 15:15:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010.08.25 15:15:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010.08.25 15:15:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010.08.25 15:15:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010.08.25 15:15:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010.08.25 15:15:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010.08.25 15:15:27 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010.08.25 15:15:27 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010.08.25 15:15:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010.08.25 15:15:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010.08.25 15:15:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010.08.25 15:15:26 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010.08.25 15:15:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010.08.25 15:15:25 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010.08.25 15:15:25 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010.08.25 15:15:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010.08.25 15:15:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010.08.25 15:15:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010.08.25 15:15:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010.08.25 15:15:20 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010.08.25 15:15:15 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010.08.25 15:15:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010.08.25 15:15:08 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010.08.25 15:15:08 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010.08.25 15:15:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010.08.25 15:15:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010.08.25 15:15:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010.08.25 15:15:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010.08.25 15:15:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010.08.25 15:15:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010.08.25 15:15:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010.08.25 15:15:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010.08.25 15:15:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010.08.25 15:15:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010.08.25 15:15:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010.08.25 15:15:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010.08.25 15:15:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010.08.25 15:15:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010.08.25 15:15:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010.08.25 15:15:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010.08.25 15:15:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010.08.25 15:15:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010.08.25 15:15:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010.08.25 15:15:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010.08.25 15:15:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010.08.25 15:15:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010.08.25 15:15:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010.08.25 15:15:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010.08.25 15:15:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010.08.25 15:15:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010.08.25 15:15:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010.08.25 15:15:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010.08.25 15:15:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010.08.25 15:15:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010.08.25 15:15:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010.08.25 15:14:59 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010.08.25 15:14:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010.08.25 15:14:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010.08.25 15:14:57 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010.08.25 15:14:57 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010.08.25 15:14:57 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010.08.25 15:14:56 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010.08.25 15:14:56 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010.08.25 15:14:56 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010.08.25 15:14:56 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010.08.25 15:14:56 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010.08.25 15:14:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010.08.25 15:14:56 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010.08.25 15:14:55 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010.08.25 15:14:55 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010.08.25 15:14:55 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010.08.25 15:14:55 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010.08.25 15:14:55 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010.08.25 15:14:54 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010.08.25 15:14:54 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010.08.25 15:14:54 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010.08.25 15:14:54 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010.08.25 15:14:54 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010.08.25 15:14:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010.08.25 15:14:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010.08.25 15:14:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010.08.25 15:14:48 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010.08.25 15:14:38 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010.08.25 15:14:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010.08.25 15:14:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010.08.25 15:14:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010.08.25 15:14:34 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010.08.25 15:14:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010.08.25 15:14:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010.08.25 15:14:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010.08.25 15:14:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010.08.25 15:14:31 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.08.25 15:14:31 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.08.25 15:14:31 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.08.25 15:14:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010.08.25 15:14:30 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010.08.25 15:14:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010.08.25 15:14:24 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010.08.25 15:14:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

pondex 01.09.2010 08:58
Code:
[2010.08.25 15:14:22 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010.08.25 15:14:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010.08.25 15:14:21 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010.08.25 15:14:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010.08.25 15:14:21 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010.08.25 15:14:20 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010.08.25 15:14:20 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010.08.25 15:14:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010.08.25 15:14:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010.08.25 15:14:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010.08.25 15:14:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010.08.25 15:14:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010.08.25 15:14:18 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.08.25 15:14:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010.08.25 15:14:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010.08.25 15:14:15 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2010.08.25 15:14:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010.08.25 15:14:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010.08.25 15:14:09 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2010.08.25 15:14:08 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2010.08.25 15:13:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010.08.25 15:13:58 | 000,000,000 | ---D | C] -- C:\Programme\xerox
[2010.08.25 15:13:58 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage
[2010.08.25 15:12:29 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010.08.25 15:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010.08.25 15:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010.08.25 15:11:35 | 000,000,000 | ---D | C] -- C:\AddOn
[2010.08.25 15:11:18 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.08.25 15:11:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.08.25 15:11:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010.08.25 15:11:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\fsc
[2010.08.25 15:10:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files
[2010.08.25 15:10:35 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhctrl.ocx
[2010.08.25 15:10:35 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010.08.25 15:10:35 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010.08.25 15:10:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2010.08.25 15:10:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2010.08.25 15:10:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2010.08.25 15:10:32 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\newdev.dll
[2010.08.25 15:10:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhsetup.dll
[2010.08.25 15:09:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1hfm.exe
[2010.08.25 15:09:41 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information
[2010.08.25 15:09:16 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010.08.25 15:08:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM
[2010.08.25 15:08:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010.08.25 15:08:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010.08.25 15:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste
[2010.08.25 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010.08.25 15:07:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010.08.25 15:07:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010.08.25 15:07:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010.08.25 15:07:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010.08.25 15:07:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010.08.25 15:07:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010.08.25 15:07:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010.08.25 15:07:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010.08.25 15:07:31 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010.08.25 15:07:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010.08.25 15:07:24 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010.08.25 15:07:23 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010.08.25 15:07:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010.08.25 15:07:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010.08.25 15:07:22 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010.08.25 15:07:22 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010.08.25 15:07:22 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010.08.25 15:07:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010.08.25 15:07:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010.08.25 15:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste
[2010.08.25 15:07:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010.08.25 15:07:17 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010.08.25 15:07:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010.08.25 15:07:17 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010.08.25 15:07:17 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010.08.25 15:07:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010.08.25 15:07:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010.08.25 15:07:16 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010.08.25 15:07:16 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010.08.25 15:07:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010.08.25 15:07:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010.08.25 15:07:15 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010.08.25 15:07:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010.08.25 15:07:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010.08.25 15:07:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap
[2010.08.25 15:07:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010.08.25 15:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010.08.25 15:07:10 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2010.08.25 15:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010.08.25 15:07:09 | 000,331,839 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2010.08.25 15:07:09 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2010.08.25 15:07:09 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2010.08.25 15:07:09 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker
[2010.08.25 15:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010.08.25 15:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010.08.25 15:07:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010.08.25 15:07:04 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010.08.25 15:07:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010.08.25 15:07:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010.08.25 15:07:01 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting
[2010.08.25 15:07:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010.08.25 15:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express
[2010.08.25 15:06:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System
[2010.08.25 15:06:56 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer
[2010.08.25 15:06:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2010.08.25 15:06:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
[2010.08.25 15:06:43 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications
[2010.08.25 15:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010.08.25 15:06:01 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate
[2010.08.25 15:06:01 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player
[2010.08.25 15:06:01 | 000,000,000 | ---D | C] -- C:\Programme\Online Services
[2010.08.25 15:05:55 | 000,000,000 | ---D | C] -- C:\Programme\Messenger
[2010.08.25 15:05:54 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010.08.25 15:05:53 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010.08.25 15:05:53 | 000,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010.08.25 15:05:53 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010.08.25 15:05:53 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010.08.25 15:05:53 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010.08.25 15:05:53 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010.08.25 15:05:53 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010.08.25 15:05:53 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010.08.25 15:05:53 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010.08.25 15:05:52 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010.08.25 15:05:52 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010.08.25 15:05:52 | 001,042,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010.08.25 15:05:52 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010.08.25 15:05:52 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010.08.25 15:05:52 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010.08.25 15:05:52 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010.08.25 15:05:52 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010.08.25 15:05:52 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010.08.25 15:05:52 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010.08.25 15:05:51 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010.08.25 15:05:51 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010.08.25 15:05:51 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010.08.25 15:05:51 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010.08.25 15:05:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010.08.25 15:05:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010.08.25 15:05:51 | 000,000,000 | ---D | C] -- C:\Programme\MSN Gaming Zone
[2010.08.25 15:05:43 | 000,356,352 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010.08.25 15:05:43 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010.08.25 15:05:43 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010.08.25 15:05:43 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010.08.25 15:05:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010.08.25 15:05:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010.08.25 15:05:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010.08.25 15:05:43 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010.08.25 15:05:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010.08.25 15:05:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010.08.25 15:05:43 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010.08.25 15:05:42 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010.08.25 15:05:42 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010.08.25 15:05:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010.08.25 15:05:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010.08.25 15:05:36 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010.08.25 15:05:36 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010.08.25 15:05:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010.08.25 15:05:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010.08.25 15:05:35 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010.08.25 15:05:35 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010.08.25 15:05:35 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010.08.25 15:05:35 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010.08.25 15:05:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010.08.25 15:05:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010.08.25 15:05:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010.08.25 15:05:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010.08.25 15:05:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010.08.25 15:05:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010.08.25 15:05:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010.08.25 15:05:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010.08.25 15:05:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010.08.25 15:05:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010.08.25 15:05:34 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010.08.25 15:05:34 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010.08.25 15:05:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010.08.25 15:05:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010.08.25 15:05:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010.08.25 15:05:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010.08.25 15:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010.08.25 15:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010.08.25 15:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010.08.25 15:05:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010.08.25 15:05:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010.08.25 15:05:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010.08.25 15:05:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010.08.25 15:05:34 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010.08.25 15:05:34 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010.08.25 15:05:33 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010.08.25 15:05:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010.08.25 15:05:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010.08.25 15:05:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010.08.25 15:05:33 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010.08.25 15:05:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010.08.25 15:05:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010.08.25 15:05:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010.08.25 15:05:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010.08.25 15:05:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010.08.25 15:05:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010.08.25 15:05:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010.08.25 15:05:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010.08.25 15:05:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010.08.25 15:05:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010.08.25 15:05:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010.08.25 15:05:31 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010.08.25 15:05:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010.08.25 15:05:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010.08.25 15:05:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010.08.25 15:05:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010.08.25 15:05:30 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010.08.25 15:05:30 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010.08.25 15:05:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010.08.25 15:05:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010.08.25 15:05:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010.08.25 15:05:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010.08.25 15:05:27 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010.08.25 15:05:26 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010.08.25 15:05:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010.08.25 15:05:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010.08.25 15:05:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010.08.25 15:05:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010.08.25 15:05:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010.08.25 15:05:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010.08.25 15:05:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010.08.25 15:05:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010.08.25 15:05:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010.08.25 15:05:25 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010.08.25 15:05:25 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010.08.25 15:05:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010.08.25 15:05:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010.08.25 15:05:24 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010.08.25 15:05:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010.08.25 15:05:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010.08.25 15:05:20 | 000,000,000 | ---D | C] -- C:\Programme\MSN
[2010.08.25 15:05:19 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010.08.25 15:05:19 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010.08.25 15:05:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010.08.25 15:05:19 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010.08.25 15:05:19 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010.08.25 15:05:19 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT
[2010.08.25 15:05:18 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010.08.25 15:05:18 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010.08.25 15:05:17 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010.08.25 15:05:17 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010.08.25 15:05:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010.08.25 15:05:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010.08.25 15:05:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010.08.25 15:05:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010.08.25 15:05:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010.08.25 15:05:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010.08.25 15:05:16 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010.08.25 15:05:16 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010.08.25 15:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010.08.25 15:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010.08.25 15:05:15 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010.08.25 15:05:13 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010.07.27 08:29:42 | 008,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.06.24 14:10:51 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.06.24 14:10:50 | 005,951,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.06.24 14:10:50 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010.06.24 14:10:50 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.06.24 14:10:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010.06.24 14:10:49 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010.06.24 14:10:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.06.24 11:02:00 | 001,852,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.06.14 09:41:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.01 07:01:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\OTL.exe
[2010.09.01 06:56:04 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.01 06:55:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.01 06:55:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.31 22:41:04 | 001,835,008 | -H-- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\NTUSER.DAT
[2010.08.31 22:39:56 | 005,856,122 | -H-- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.31 19:56:40 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.08.31 08:03:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.31 08:01:06 | 001,025,112 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.31 08:01:06 | 000,459,152 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.31 08:01:06 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.31 08:01:06 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.31 08:01:06 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.31 07:13:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.30 22:53:01 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.08.30 22:37:20 | 000,000,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20100830_223714.reg
[2010.08.30 22:36:58 | 000,051,098 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20100830_223621.reg
[2010.08.30 19:43:26 | 000,187,392 | ---- | M] (OpenSC Project) -- C:\WINDOWS\Gpiria.exe
[2010.08.30 18:26:55 | 000,026,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.30 18:01:09 | 000,001,653 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FIFA 2005.lnk
[2010.08.30 17:24:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.30 16:48:11 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.30 16:13:58 | 000,000,145 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.29 19:36:34 | 000,000,724 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.29 09:53:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.29 09:53:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.29 09:53:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.29 09:53:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.08.29 09:53:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.08.28 18:16:51 | 000,003,005 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\Virtual Sailor 6.8.lnk
[2010.08.28 16:55:59 | 000,011,642 | ---- | M] () -- C:\WINDOWS\System32\NULL
[2010.08.28 16:39:44 | 000,001,882 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\T-Online 6.0.lnk
[2010.08.28 15:48:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.08.28 15:48:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.08.28 15:48:28 | 000,000,799 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.28 15:47:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.08.28 15:46:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.08.28 15:45:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.28 15:30:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010.08.28 15:29:41 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.08.28 15:16:45 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.08.28 14:41:44 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.08.28 14:35:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010.08.26 08:44:01 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010.08.25 18:00:16 | 000,004,214 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.08.25 16:55:58 | 000,001,378 | ---- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\Recovery-Info.lnk
[2010.08.25 16:25:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.08.25 16:21:16 | 015,820,588 | ---- | M] (Quality Simulations                                        ) -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\vs_update.exe
[2010.08.25 15:50:19 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.25 15:22:05 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010.08.25 15:21:54 | 000,000,020 | -HS- | M] () -- C:\Dokumente und Einstellungen\Ralf Sievert\ntuser.ini
[2010.08.25 15:17:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010.08.25 15:16:17 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.08.25 15:09:28 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.08.25 15:09:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.25 15:09:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.08.25 15:09:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010.08.25 15:09:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.08.25 15:09:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.08.25 15:09:24 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010.08.25 15:09:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.08.25 15:08:25 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.08.25 15:08:25 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.08.25 15:06:52 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.08.25 15:06:41 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010.08.25 15:06:41 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010.06.30 14:28:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010.06.24 17:51:58 | 011,077,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.06.24 14:22:03 | 001,210,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010.06.24 14:22:03 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010.06.24 14:22:02 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010.06.24 14:22:02 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010.06.24 14:22:02 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010.06.24 14:22:01 | 005,951,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010.06.24 14:21:59 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.06.24 14:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010.06.24 14:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010.06.24 14:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010.06.24 14:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.06.24 14:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010.06.24 14:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.06.24 14:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010.06.24 14:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010.06.24 14:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010.06.24 14:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010.06.24 14:21:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.24 14:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010.06.24 14:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010.06.24 14:10:50 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010.06.24 14:10:49 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010.06.24 11:02:00 | 001,852,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010.06.24 11:02:00 | 001,852,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010.06.23 14:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010.06.23 14:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010.06.21 17:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.06.18 15:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.06.17 16:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010.06.15 18:16:28 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010.06.14 16:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.06.14 09:41:35 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.31 08:03:50 | 000,085,520 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.30 22:37:15 | 000,000,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20100830_223714.reg
[2010.08.30 22:36:23 | 000,051,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\cc_20100830_223621.reg
[2010.08.30 19:44:06 | 000,000,302 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.30 18:01:09 | 000,001,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FIFA 2005.lnk
[2010.08.30 16:54:31 | 001,053,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\indicatorstexobj.texobj0386962890625_static.fsh
[2010.08.30 16:54:31 | 000,077,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\ImpBIG.exe
[2010.08.30 16:54:31 | 000,067,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\GenBH.exe
[2010.08.30 16:54:31 | 000,000,352 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Eigene Dateien\SPORTV.bat
[2010.08.30 16:13:58 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.08.29 19:36:34 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.29 19:35:48 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.08.29 10:02:29 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.08.28 18:16:51 | 000,003,005 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\Virtual Sailor 6.8.lnk
[2010.08.28 18:04:58 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.08.28 18:01:55 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.28 16:55:58 | 000,011,642 | ---- | C] () -- C:\WINDOWS\System32\NULL
[2010.08.28 16:39:44 | 000,001,882 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\T-Online 6.0.lnk
[2010.08.28 15:46:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010.08.28 15:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.08.28 15:29:41 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010.08.28 15:22:01 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010.08.28 15:22:01 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010.08.28 15:22:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010.08.28 15:22:01 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010.08.28 15:22:01 | 000,079,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010.08.28 15:22:01 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010.08.28 15:22:01 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010.08.28 15:22:01 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010.08.28 15:22:01 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010.08.28 15:22:01 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010.08.28 15:22:00 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010.08.28 15:22:00 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010.08.28 15:22:00 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010.08.28 15:22:00 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010.08.28 15:22:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010.08.28 15:22:00 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010.08.28 15:22:00 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010.08.28 15:21:59 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010.08.28 15:21:59 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010.08.28 15:21:59 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010.08.28 15:21:59 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010.08.28 15:21:59 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010.08.28 15:21:59 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010.08.28 15:21:59 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010.08.28 15:21:59 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010.08.28 15:21:59 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010.08.28 15:21:59 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010.08.28 15:21:59 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010.08.28 15:21:59 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010.08.28 15:21:59 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010.08.28 15:21:59 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010.08.28 15:21:59 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010.08.28 15:21:59 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010.08.28 15:21:59 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010.08.28 15:21:59 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010.08.28 15:21:59 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010.08.28 15:21:59 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010.08.28 15:21:59 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010.08.28 15:21:59 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010.08.28 15:21:59 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010.08.28 15:21:59 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010.08.28 15:21:58 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010.08.28 15:21:58 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010.08.28 15:21:58 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010.08.28 15:21:58 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010.08.28 15:21:58 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010.08.28 15:21:58 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010.08.28 15:21:58 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010.08.28 15:21:58 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010.08.28 15:21:58 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010.08.28 15:21:58 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010.08.28 15:21:58 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010.08.28 15:21:58 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010.08.28 15:21:58 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010.08.28 15:21:58 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010.08.28 15:21:58 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010.08.28 15:21:58 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010.08.28 15:21:58 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010.08.28 15:21:58 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010.08.28 15:21:58 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010.08.28 15:21:58 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010.08.28 15:21:58 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010.08.28 15:21:58 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010.08.28 15:21:58 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010.08.28 15:21:57 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010.08.28 15:21:57 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010.08.28 15:21:57 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010.08.28 15:21:57 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010.08.28 15:21:57 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010.08.28 15:21:57 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010.08.28 15:21:57 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010.08.28 15:21:57 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010.08.28 15:21:56 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010.08.28 15:21:56 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010.08.28 15:21:56 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010.08.28 15:21:56 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010.08.28 15:21:56 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010.08.28 15:21:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010.08.28 15:21:56 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010.08.28 15:21:56 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010.08.28 15:21:56 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010.08.28 15:21:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010.08.28 14:41:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010.08.28 14:40:21 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.08.28 14:40:21 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.08.28 14:40:20 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.08.25 18:25:00 | 000,007,031 | R--- | C] () -- C:\WINDOWS\instwcli.inf
[2010.08.25 18:24:49 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010.08.25 18:00:16 | 000,004,214 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010.08.25 16:48:32 | 000,000,211 | RHS- | C] () -- C:\boot.ini
[2010.08.25 16:48:30 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.08.25 16:48:01 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2010.08.25 16:39:59 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010.08.25 16:25:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.08.25 16:16:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.25 15:56:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.08.25 15:56:55 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010.08.25 15:56:55 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010.08.25 15:56:55 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010.08.25 15:56:52 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010.08.25 15:50:22 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010.08.25 15:50:22 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010.08.25 15:50:21 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010.08.25 15:50:21 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010.08.25 15:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010.08.25 15:50:17 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010.08.25 15:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010.08.25 15:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010.08.25 15:50:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010.08.25 15:50:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010.08.25 15:50:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010.08.25 15:50:14 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010.08.25 15:50:14 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010.08.25 15:50:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010.08.25 15:50:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010.08.25 15:50:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010.08.25 15:50:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010.08.25 15:50:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010.08.25 15:50:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010.08.25 15:50:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010.08.25 15:50:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010.08.25 15:50:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010.08.25 15:50:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010.08.25 15:50:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010.08.25 15:50:06 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010.08.25 15:49:56 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.08.25 15:49:56 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.08.25 15:49:56 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.08.25 15:49:56 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.08.25 15:49:56 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.08.25 15:49:56 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.08.25 15:49:21 | 000,132,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.25 15:21:57 | 000,001,378 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\Recovery-Info.lnk
[2010.08.25 15:21:54 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\ntuser.dat.LOG
[2010.08.25 15:21:54 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\ntuser.ini
[2010.08.25 15:21:53 | 000,002,185 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\dotNetFx.log
[2010.08.25 15:21:53 | 000,001,082 | ---- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\langpackSetup.log
[2010.08.25 15:21:52 | 001,835,008 | -H-- | C] () -- C:\Dokumente und Einstellungen\Ralf Sievert\NTUSER.DAT
[2010.08.25 15:17:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010.08.25 15:16:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.08.25 15:15:26 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.08.25 15:15:05 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.08.25 15:14:57 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.08.25 15:14:56 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.08.25 15:14:53 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.08.25 15:14:42 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.08.25 15:14:37 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.08.25 15:14:21 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.08.25 15:13:40 | 000,017,638 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2010.08.25 15:13:40 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.08.25 15:09:28 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.08.25 15:09:28 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.08.25 15:09:28 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.08.25 15:09:28 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010.08.25 15:09:28 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010.08.25 15:09:26 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010.08.25 15:09:25 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.08.25 15:09:25 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.08.25 15:09:24 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010.08.25 15:08:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.08.25 15:08:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.08.25 15:08:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.08.25 15:08:04 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010.08.25 15:07:30 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010.08.25 15:07:30 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010.08.25 15:07:24 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010.08.25 15:06:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.08.25 15:05:38 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp
[2010.08.25 15:05:38 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp
[2010.08.25 15:05:37 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp
[2010.08.25 15:05:37 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp
[2010.08.25 15:05:37 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp
[2010.08.25 15:05:37 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp
[2010.08.25 15:05:37 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010.08.25 15:05:37 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp
[2010.08.25 15:05:37 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp
[2010.08.25 15:05:37 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp
[2010.08.25 15:05:37 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp
[2010.08.25 15:05:36 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010.08.25 15:05:36 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010.08.25 15:05:36 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010.08.25 15:05:36 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010.08.25 15:05:36 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010.08.25 15:05:36 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010.08.25 15:05:36 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010.08.25 15:05:36 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010.08.25 15:05:34 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010.08.25 15:05:34 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010.08.25 15:05:32 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010.08.25 15:05:24 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
< End of report >

pondex 01.09.2010 09:00
so,jetzt hab íchs doch geschafft
Extras:
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 01.09.2010 07:04:57 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\Ralf Sievert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
512,00 Mb Total Physical Memory | 181,00 Mb Available Physical Memory | 35,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 50,97 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RALF-SIEVERT
Current User Name: Ralf Sievert
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A381C835-942E-4780-BD70-35411F5E9C00}" = Virtual Sailor 6.8
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4E3E62E-16D7-425E-009C-DCB5E64F5955}" = FIFA 2005
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"CCleaner" = CCleaner
"CreationCentre 20051.3.0.27" = CreationCentre 2005
"DMX5_is1" = DriverMax 5
"ie8" = Windows Internet Explorer 8
"Installation Stellwerk Hannover" = Installation Stellwerk Hannover
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netzmanager" = Netzmanager
"PANZERS - Phase1" = PANZERS - Phase1
"Ports Of Call Classic Edition - astragon 1.2.2" = Ports Of Call Classic Edition - astragon 1.2.2
"Shipsim2008" = Schiff-Simulator 2008
"ShipSim2008Editor" = Ship Simulator 2008 Mission Editor
"Shockwave" = Shockwave
"Virtual Sailor_is1" = Virtual Sailor 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2010 13:57:13 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353  23 Meikes\032Mediathek._home-sharing._tcp.local.
 SRV 0 0 3689 SVFehmarn.local.
 
Error - 31.08.2010 13:57:13 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing:  26 Meikes\032Mediathek._home-sharing._tcp.local.
 SRV 0 0 3689 ralf-sievert.local.
 
Error - 31.08.2010 13:57:14 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353  261 Meikes\032Mediathek._home-sharing._tcp.local.
 TXT txtvers=1¦iTSh Version=196609¦hQ=100¦MID=0x14F5F69FEBF4D41C¦Database ID=E17EE457E5931AFF¦dmv=13107
 
Error - 31.08.2010 13:57:14 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing:  26 Meikes\032Mediathek._home-sharing._tcp.local.
 SRV 0 0 3689 ralf-sievert.local.
 
Error - 31.08.2010 16:39:23 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = send_msg ERROR: failed to write 88 of 88 bytes to fd 240 errno 10054
 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.)
 
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 240: Could not write data to client because of error - aborting connection
 
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 240: DNSServiceBrowse          _00000000-0d75-e70e-adb3-833ca9ab4578._sub._home-sharing._tcp.local.
 
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 29.08.2010 02:55:03 | Computer Name = RALF-SIEVERT | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Netzmanager
 Infrastruktur Informationssystem Dienst.
 
Error - 29.08.2010 12:03:35 | Computer Name = RALF-SIEVERT | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Netzmanager
 Infrastruktur Informationssystem Dienst.
 
Error - 29.08.2010 12:11:25 | Computer Name = RALF-SIEVERT | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP
 
Error - 29.08.2010 15:23:29 | Computer Name = RALF-SIEVERT | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für die Microsoft .NET Framework 3.5 Service
 Pack 1- und .NET Framework 3.5-Produktfamilie für die .NET-Versionen 2.0 bis 3.5
 (KB951847) x86
 
 
< End of report >
--- --- ---

cosinus 01.09.2010 12:15
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe (OpenSC Project)
[2010.08.30 19:43:39 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Gpiria.exe
[2010.08.30 16:28:27 | 000,000,000 | ---D | C] -- C:\2163129675308c8e2756
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

pondex 01.09.2010 15:28
Hallo,
hier die log nach Neustart:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF deleted successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe moved successfully.
C:\WINDOWS\Gpiria.exe moved successfully.
C:\2163129675308c8e2756\i386 folder moved successfully.
C:\2163129675308c8e2756\amd64 folder moved successfully.
C:\2163129675308c8e2756 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Ralf Sievert
->Temp folder emptied: 47757041 bytes
->Temporary Internet Files folder emptied: 25218357 bytes
->Java cache emptied: 938420 bytes
->FireFox cache emptied: 66608368 bytes
->Flash cache emptied: 410 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 3061639 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19600532 bytes
RecycleBin emptied: 1230540921 bytes
 
Total Files Cleaned = 1.330,00 mb
 
 
OTL by OldTimer - Version 3.2.11.0 log created on 09012010_161757

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 01.09.2010 18:33
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

pondex 01.09.2010 20:07
Hallo,
hier kommt das Ergebnis von Combofix:
[code]
Combofix Logfile:
Code:
ComboFix 10-09-01.02 - Ralf Sievert 01.09.2010  20:46:22.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.512.189 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ralf Sievert\Desktop\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-01 bis 2010-09-01  ))))))))))))))))))))))))))))))
.

2010-09-01 14:17 . 2010-09-01 14:17        --------        d-----w-        C:\_OTL
2010-08-31 12:00 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 12:00 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-31 12:00 . 2010-08-31 12:00        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-08-31 06:03 . 2010-09-01 14:20        85520        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-08-30 18:36 . 2010-08-30 18:36        --------        d-sh--w-        c:\dokumente und einstellungen\Ralf Sievert\PrivacIE
2010-08-30 16:31 . 2009-08-21 10:15        557568        ----a-w-        c:\windows\system32\B4FM.dll
2010-08-30 16:31 . 2010-08-30 16:37        --------        d-----w-        c:\programme\Burn4Free
2010-08-30 14:48 . 2010-08-30 14:48        --------        d-sh--w-        c:\dokumente und einstellungen\Ralf Sievert\IETldCache
2010-08-30 14:13 . 2010-08-30 14:13        145        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2010-08-30 14:13 . 2010-08-30 14:17        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
2010-08-30 14:10 . 2010-06-18 11:39        16896        -c----w-        c:\windows\system32\dllcache\iecompat.dll
2010-08-30 14:09 . 2010-08-31 06:03        --------        d-----w-        c:\windows\ie8updates
2010-08-30 14:09 . 2010-06-24 12:22        12800        -c----w-        c:\windows\system32\dllcache\xpshims.dll
2010-08-30 14:09 . 2010-06-24 12:21        55296        -c----w-        c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-30 14:09 . 2010-06-24 12:21        599040        -c----w-        c:\windows\system32\dllcache\msfeeds.dll
2010-08-30 14:09 . 2010-06-24 12:21        1986560        -c----w-        c:\windows\system32\dllcache\iertutil.dll
2010-08-30 14:09 . 2010-06-24 12:21        247808        -c----w-        c:\windows\system32\dllcache\ieproxy.dll
2010-08-30 14:09 . 2010-06-24 15:51        11077120        -c----w-        c:\windows\system32\dllcache\ieframe.dll
2010-08-30 14:09 . 2010-06-24 12:21        743424        -c----w-        c:\windows\system32\dllcache\iedvtool.dll
2010-08-30 14:06 . 2010-08-30 14:08        --------        dc-h--w-        c:\windows\ie8
2010-08-29 17:36 . 2010-03-22 15:38        3586031        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Netzmanager1.045.1230_100322a.exe
2010-08-29 17:34 . 2010-03-22 15:19        10240        -c--a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\70A91E40\86C0540D\DlgMiscLocEn.dll
2010-08-29 07:55 . 2010-08-29 07:55        61440        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36850f2c-n\decora-sse.dll
2010-08-29 07:55 . 2010-08-29 07:55        12800        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36850f2c-n\decora-d3d.dll
2010-08-29 07:55 . 2010-08-29 07:55        --------        d-----w-        c:\windows\Sun
2010-08-29 07:55 . 2010-08-29 07:55        503808        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\msvcp71.dll
2010-08-29 07:55 . 2010-08-29 07:55        499712        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\jmc.dll
2010-08-29 07:55 . 2010-08-29 07:55        348160        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\msvcr71.dll
2010-08-29 07:54 . 2010-08-29 07:53        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-08-29 07:40 . 2010-06-21 15:27        354304        -c----w-        c:\windows\system32\dllcache\srv.sys
2010-08-29 07:40 . 2010-02-24 13:11        455680        -c----w-        c:\windows\system32\dllcache\mrxsmb.sys
2010-08-29 07:39 . 2010-08-29 07:40        --------        d-----w-        c:\programme\Stellwerk Hannover
2010-08-29 07:39 . 2010-06-14 14:31        744448        -c----w-        c:\windows\system32\dllcache\helpsvc.exe
2010-08-29 07:39 . 2009-10-15 16:28        81920        -c----w-        c:\windows\system32\dllcache\fontsub.dll
2010-08-29 07:39 . 2009-10-15 16:28        119808        -c----w-        c:\windows\system32\dllcache\t2embed.dll
2010-08-29 07:38 . 2009-02-06 10:10        227840        -c----w-        c:\windows\system32\dllcache\wmiprvse.exe
2010-08-29 07:38 . 2009-03-06 14:19        286720        -c----w-        c:\windows\system32\dllcache\pdh.dll
2010-08-29 07:38 . 2009-02-09 11:21        111104        -c----w-        c:\windows\system32\dllcache\services.exe
2010-08-29 07:38 . 2009-02-09 10:51        401408        -c----w-        c:\windows\system32\dllcache\rpcss.dll
2010-08-29 07:38 . 2009-02-09 10:51        473600        -c----w-        c:\windows\system32\dllcache\fastprox.dll
2010-08-29 07:38 . 2009-02-09 10:51        678400        -c----w-        c:\windows\system32\dllcache\advapi32.dll
2010-08-29 07:38 . 2009-02-09 10:51        740352        -c----w-        c:\windows\system32\dllcache\ntdll.dll
2010-08-29 07:38 . 2009-02-09 10:51        453120        -c----w-        c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-29 07:37 . 2009-06-21 21:45        153088        -c----w-        c:\windows\system32\dllcache\triedit.dll
2010-08-29 07:37 . 2010-04-28 18:11        2192256        -c----w-        c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-29 07:37 . 2010-04-28 05:41        2148864        -c----w-        c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-29 07:37 . 2010-04-28 05:41        2069120        -c----w-        c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-29 07:37 . 2010-04-28 05:41        2027008        -c----w-        c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-29 07:36 . 2008-05-08 14:02        203136        -c----w-        c:\windows\system32\dllcache\rmcast.sys
2010-08-29 07:36 . 2008-05-01 14:34        331776        -c----w-        c:\windows\system32\dllcache\msadce.dll
2010-08-29 07:34 . 2010-02-12 10:03        293376        ------w-        c:\windows\system32\browserchoice.exe
2010-08-29 07:34 . 2009-11-21 15:54        471552        -c----w-        c:\windows\system32\dllcache\aclayers.dll
2010-08-29 07:33 . 2008-06-14 17:32        273024        -c----w-        c:\windows\system32\dllcache\bthport.sys
2010-08-29 07:31 . 2010-06-18 13:36        3558912        -c----w-        c:\windows\system32\dllcache\moviemk.exe
2010-08-29 07:30 . 2008-10-15 16:35        337408        -c----w-        c:\windows\system32\dllcache\netapi32.dll
2010-08-29 07:30 . 2008-04-21 21:13        217600        -c----w-        c:\windows\system32\dllcache\wordpad.exe
2010-08-29 07:30 . 2009-12-09 05:53        726528        -c--a-w-        c:\windows\system32\dllcache\jscript.dll
2010-08-28 16:13 . 2010-08-28 16:18        --------        d-----w-        c:\programme\Virtual Sailor
2010-08-28 16:05 . 2010-08-29 16:45        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Apple Computer
2010-08-28 16:04 . 2009-05-18 11:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-28 16:04 . 2008-04-17 10:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2010-08-28 16:04 . 2010-08-28 16:04        --------        d-----w-        c:\programme\iPod
2010-08-28 16:03 . 2010-08-28 16:04        --------        d-----w-        c:\programme\iTunes
2010-08-28 16:03 . 2010-08-28 16:04        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-28 16:02 . 2010-08-28 16:03        --------        d-----w-        c:\programme\QuickTime
2010-08-28 16:02 . 2010-08-28 16:03        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-08-28 16:01 . 2010-08-28 16:01        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple
2010-08-28 16:01 . 2010-08-28 16:01        --------        d-----w-        c:\programme\Apple Software Update
2010-08-28 16:01 . 2010-04-19 18:47        3062048        ----a-w-        c:\windows\system32\usbaaplrc.dll
2010-08-28 16:01 . 2010-04-19 18:47        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2010-08-28 16:00 . 2010-08-28 16:01        --------        d-----w-        c:\programme\Bonjour
2010-08-28 16:00 . 2010-08-28 16:03        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2010-08-28 16:00 . 2010-08-28 16:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-08-28 15:59 . 2010-08-28 16:05        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-08-28 15:01 . 2010-08-28 15:01        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\PackageAware
2010-08-28 14:56 . 2010-08-28 14:56        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\T-Online
2010-08-28 14:54 . 2010-08-28 14:54        --------        d-----w-        c:\programme\MSBuild
2010-08-28 14:47 . 2010-08-30 14:29        --------        d-----w-        c:\windows\system32\XPSViewer
2010-08-28 14:46 . 2010-08-28 14:46        --------        d-----w-        c:\programme\Reference Assemblies
2010-08-28 14:46 . 2008-07-06 12:06        89088        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-28 14:46 . 2006-06-29 11:07        14048        ------w-        c:\windows\system32\spmsg2.dll
2010-08-28 14:39 . 2010-08-28 14:39        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\T-Online
2010-08-28 14:39 . 2010-08-28 14:39        --------        d-----w-        c:\programme\Gemeinsame Dateien\Marmiko Shared
2010-08-28 14:38 . 2010-08-28 14:39        --------        d-----w-        c:\programme\T-Online
2010-08-28 13:55 . 2010-03-01 08:05        124784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-08-28 13:55 . 2010-02-16 12:24        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-08-28 13:55 . 2009-05-11 10:49        45416        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2010-08-28 13:55 . 2009-05-11 10:49        22360        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2010-08-28 13:55 . 2010-08-28 13:55        --------        d-----w-        c:\programme\Avira
2010-08-28 13:55 . 2010-08-28 13:55        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-08-28 13:48 . 2008-04-14 05:52        26624        ----a-w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-08-28 13:48 . 2010-08-28 13:48        --------        d-----w-        c:\programme\Windows Media Connect 2
2010-08-28 13:46 . 2010-08-28 13:47        --------        d-----w-        c:\windows\system32\drivers\UMDF
2010-08-28 13:46 . 2010-08-28 13:46        --------        d-----w-        c:\windows\system32\LogFiles
2010-08-28 13:43 . 2010-08-28 13:44        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2010-08-28 13:41 . 2010-08-28 15:29        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-08-28 13:30 . 2010-08-28 13:30        0        ----a-w-        c:\windows\nsreg.dat
2010-08-28 13:29 . 2010-08-28 13:29        --------        d-----w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-08-28 13:22 . 2008-09-10 01:13        1307648        -c----w-        c:\windows\system32\dllcache\msxml6.dll
2010-08-28 13:22 . 2008-09-10 01:13        1307648        ------w-        c:\windows\system32\msxml6.dll
2010-08-28 13:22 . 2008-04-14 05:27        93184        -c----w-        c:\windows\system32\dllcache\msxml6r.dll
2010-08-28 13:22 . 2008-04-14 05:27        93184        ------w-        c:\windows\system32\msxml6r.dll
2010-08-28 13:22 . 2009-07-13 21:43        286208        -c----w-        c:\windows\system32\dllcache\wmpdxm.dll
2010-08-28 13:22 . 2009-04-01 21:02        604160        -c----w-        c:\windows\system32\dllcache\wmspdmod.dll
2010-08-28 13:22 . 2009-02-04 13:12        96256        -c----w-        c:\windows\system32\dllcache\wmpband.dll
2010-08-28 13:22 . 2009-01-30 18:35        4096        -c----w-        c:\windows\system32\dllcache\wmvdmoe2.dll
2010-08-28 13:22 . 2009-01-30 18:34        1329152        -c----w-        c:\windows\system32\dllcache\WMSPDMOE.dll
2010-08-28 13:22 . 2009-01-30 18:34        4096        -c----w-        c:\windows\system32\dllcache\wmsdmoe2.dll
2010-08-28 13:22 . 2008-04-14 05:52        221184        -c----w-        c:\windows\system32\dllcache\wmpns.dll
2010-08-28 13:22 . 2009-01-30 18:34        211456        -c----w-        c:\windows\system32\dllcache\wmpasf.dll
2010-08-28 13:18 . 2009-02-04 13:10        8192        -c----w-        c:\windows\system32\dllcache\asferror.dll
2010-08-28 13:17 . 2008-04-13 22:10        10240        ------w-        c:\windows\system32\drivers\sffp_mmc.sys
2010-08-28 13:17 . 2008-04-13 20:06        144384        ------w-        c:\windows\system32\drivers\hdaudbus.sys
2010-08-28 12:54 . 2010-08-30 16:26        26608        ----a-w-        c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-28 12:54 . 2010-08-28 12:54        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Startmenü
2010-08-28 12:53 . 2010-08-30 14:32        --------        d-----w-        c:\windows\system32\wbem\AutoRecover
2010-08-28 12:41 . 2008-04-14 05:52        221184        ----a-w-        c:\windows\system32\wmpns.dll
2010-08-28 12:38 . 2010-08-28 12:38        --------        d-----w-        c:\windows\ServicePackFiles
2010-08-28 12:31 . 2010-08-28 13:05        --------        d-----w-        c:\windows\EHome
2010-08-28 11:33 . 2010-08-28 13:21        --------        d-----w-        c:\windows\system32\bits
2010-08-28 11:32 . 2009-01-07 16:20        26144        ----a-w-        c:\windows\system32\spupdsvc.exe
2010-08-28 11:32 . 2010-08-31 06:03        --------        d--h--w-        c:\windows\$hf_mig$
2010-08-28 11:31 . 2008-04-14 05:52        18944        ----a-w-        c:\windows\system32\qmgrprxy.dll
2010-08-28 11:31 . 2008-04-14 05:52        8192        ------w-        c:\windows\system32\bitsprx2.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 12:05 . 2010-08-25 14:16        1324        ----a-w-        c:\windows\system32\d3d9caps.dat
2010-08-31 06:01 . 2003-04-02 12:00        84524        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-31 06:01 . 2003-04-02 12:00        459152        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-31 04:44 . 2010-08-29 17:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Netzmanager
2010-08-30 20:53 . 2010-08-29 17:35        --------        d-----w-        c:\programme\Netzmanager
2010-08-29 17:36 . 2010-08-29 17:35        --------        dc-h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
2010-08-29 07:54 . 2010-08-25 13:11        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java
2010-08-29 07:53 . 2010-08-25 13:11        --------        d-----w-        c:\programme\Java
2010-08-28 16:16 . 2010-08-25 13:36        45056        ----a-r-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe1_A381C835942E4780BD7035411F5E9C00.exe
2010-08-28 16:16 . 2010-08-25 13:36        45056        ----a-r-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe_A381C835942E4780BD7035411F5E9C00.exe
2010-08-28 16:16 . 2010-08-25 13:36        10134        ----a-r-        c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\ARPPRODUCTICON.exe
2010-08-28 13:24 . 2010-08-25 13:08        76487        ----a-w-        c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-08-25 14:37 . 2010-08-25 14:37        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Innovative Solutions
2010-08-25 14:37 . 2010-08-25 14:37        --------        d-----w-        c:\programme\Innovative Solutions
2010-08-25 14:35 . 2010-08-25 14:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-25 14:25 . 2010-08-25 14:25        552        ----a-w-        c:\windows\system32\d3d8caps.dat
2010-08-25 13:48 . 2010-08-25 13:48        --------        d-----w-        c:\programme\Vstep
2010-08-25 13:33 . 2010-08-25 13:33        --------        d-----w-        c:\programme\directx
2010-08-25 13:29 . 2010-08-25 13:27        --------        d-----w-        c:\programme\Microsoft Works
2010-08-25 13:13 . 2010-08-25 13:13        --------        d-----w-        c:\programme\microsoft frontpage
2010-08-25 13:10 . 2010-08-25 13:10        --------        d-----w-        c:\programme\Common Files
2010-08-25 13:08 . 2010-08-25 13:08        --------        d-----w-        c:\programme\Online-Dienste
2010-08-25 13:07 . 2010-08-25 13:07        --------        d-----w-        c:\programme\Gemeinsame Dateien\Dienste
2010-08-25 13:06 . 2010-08-25 13:06        21740        ----a-w-        c:\windows\system32\emptyregdb.dat
2010-07-21 14:30 . 2010-07-21 14:30        73000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-06 13:53 . 2010-07-06 13:53        5080112        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-30 12:28 . 2003-04-02 12:00        149504        ----a-w-        c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-01-21 16:24        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2003-04-02 12:00        1852032        ----a-w-        c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-02 12:00        354304        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-04-02 12:00        80384        ----a-w-        c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-08-25 13:07        744448        ----a-w-        c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-04-02 12:00        1172480        ----a-w-        c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-10-04 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-12-28 1454080]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Ralf Sievert\Startmen\Programme\Autostart\
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2010-3-22 1540096]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.08.2010 15:55 135336]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [25.08.2010 16:45 76117]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [28.08.2010 16:39 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [25.08.2010 16:48 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [25.08.2010 16:49 10005]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [25.08.2010 18:24 265088]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [25.08.2010 16:50 469935]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [28.08.2010 16:39 17280]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [25.08.2010 18:24 4352]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [28.08.2010 16:39 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [28.08.2010 16:39 17536]
.
Inhalt des "geplante Tasks" Ordners

2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-01 20:55
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-09-01  20:59:22
ComboFix-quarantined-files.txt  2010-09-01 18:59

Vor Suchlauf: 6 Verzeichnis(se), 55.495.671.808 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 55.522.258.944 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 56D330C550F71007353CA969341DFE93
--- --- ---

cosinus 02.09.2010 09:45
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

pondex 02.09.2010 14:04
Hallo,
hier kommt erst mal die GMER log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-02 14:42:57
Windows 5.1.2600 Service Pack 3
Running: dsmxs0qz.exe; Driver: C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys


---- System - GMER 1.0.15 ----

SSDT            F8BCC466                                  ZwCreateKey
SSDT            F8BCC45C                                  ZwCreateThread
SSDT            F8BCC46B                                  ZwDeleteKey
SSDT            F8BCC475                                  ZwDeleteValueKey
SSDT            F8BCC47A                                  ZwLoadKey
SSDT            F8BCC448                                  ZwOpenProcess
SSDT            F8BCC44D                                  ZwOpenThread
SSDT            F8BCC484                                  ZwReplaceKey
SSDT            F8BCC47F                                  ZwRestoreKey
SSDT            F8BCC470                                  ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\System32\DRIVERS\nv4_mini.sys  section is writeable [0xF7B1C360, 0x307F47, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
und jetzt noch osam:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
<style type="text/css">
body
{
    margin                    : 10px 10px 10px 20px;
    color                    : #000000;
    background-color          : #fffbf0;
    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;
    scrollbar-3dlight-color  : #fffbf0;
    scrollbar-arrow-color    : #000000;
    scrollbar-darkshadow-color: #000000;
    scrollbar-face-color      : #fffbf0;
    scrollbar-highlight-color : #000000;
    scrollbar-shadow-color    : #fffbf0;
    scrollbar-track-color    : #fffbf0;
}
a:link
{
    color: #e15616;
}
a:visited
{
    color: #e15616;
}
a:hover
{
    color: #e4743f;
}
a:active
{
    color: #e4743f;
}
.header1
{
    font-size  : 115%;
    font-weight: bold;
    margin-left: 0px;
}
table
{
    border-collapse: collapse;
    border        : 1px solid #000000;
    cellpadding    : 0;
    cellspacing    : 0;
    width          : 90%;
}
td,th
{
    font-size    : 12px;
    color        : #000000;
    background    : #fffbf0;
    border        : 1px solid #000000;
    text-align    : left;
    vertical-align: top;
    padding      : 2px 4px 2px 4px;
}
.cap
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    border    : 1px solid #000000;
}
.group
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    text-align : center;
}
.reg
{
    font-weight: bold;
    font-size  : 10pt;
    border    : 0px none;
    padding    : 2px 4px 2px 4px;
}
.notfound
{
    background-color: #B3DDFF;
}
.blocked
{
    background-color: #FF96EB;
}
.nodetails
{
    background-color: #FFFF75;
}
.trusted
{
    background-color: #C8FFC8;
}
.rootkit
{
    background-color: #FF8696;
}
td.rs { text-align: center; vertical-align: center; font-family: courier; }
td.rs.rm { background: #F90424; title: "Malware"; }
td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }
td.rs.rw { background: #F90424; title: "Unwanted"; }
td.rs.rs { background: #F90424; title: "Suspicious"; }
td.rs.rt { background: #21F411; title: "Trusted"; }
td.rs.rc { background: #21F411; title: "Checked"; }
td.rs.ry { background: #21F411; title: "Up-to-You"; }
td.rs.rr { background: #F6EB13; title: "Riskware"; }
td.rs.ru { background: #D4D0C8; title: "Unknown"; }
td.rs.rn { background: #FFFFFF; title: "Not checked"; }
</style>
</head>
<body>
<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>
Saved at 14:58:44 on 02.09.2010</p>
<b>OS</b>: Windows XP Home Edition Service Pack 3 (Build 2600)<br>
<b>Default Browser</b>: Mozilla Corporation Firefox 3.6.8<br>
<br><b>Scanner Settings</b><br>
<input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
<input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
<input type="checkbox" disabled checked>Retrieve files information<br>
<input type="checkbox" disabled checked>Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input type="checkbox" disabled>Trusted entries<br>
<input type="checkbox" disabled>Empty entries<br>
<input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
<input type="checkbox" disabled checked>Exclusively opened files<br>
<input type="checkbox" disabled checked>Not found files<br>
<input type="checkbox" disabled checked>Files without detailed information<br>
<input type="checkbox" disabled checked>Existing files<br>
<input type="checkbox" disabled>Non-startable services<br>
<input type="checkbox" disabled>Non-startable drivers<br>
<input type="checkbox" disabled checked>Active entries<br>
<input type="checkbox" disabled checked>Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>
<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"AppleSoftwareUpdate.job"</td>
<td>"Apple Inc."</td>
<td>C:\Programme\Apple Software Update\SoftwareUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Control Panel Objects</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\system32</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"infocardcpl.cpl"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\infocardcpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"javacpl.cpl"</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\WINDOWS\system32\javacpl.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Avira AntiVir Personal"</td>
<td>"Avira GmbH"</td>
<td>C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"QuickTime"</td>
<td>"Apple Inc."</td>
<td>C:\Programme\QuickTime\QTSystem\QuickTime.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgio" (avgio)</td>
<td>"Avira GmbH"</td>
<td>C:\Programme\Avira\AntiVir Desktop\avgio.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgntflt" (avgntflt)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\avgntflt.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avipbb" (avipbb)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\avipbb.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"AVM Eject" (avmeject)</td>
<td>"AVM Berlin"</td>
<td>C:\WINDOWS\System32\drivers\avmeject.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"catchme" (catchme)</td>
<td class="notfound"></td>
<td class="notfound">C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Changer" (Changer)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\Changer.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"i2omgmt" (i2omgmt)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\i2omgmt.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="rootkit"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="rootkit">"kwtyraoc" (kwtyraoc)</td>
<td class="rootkit"></td>
<td class="rootkit">C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys</td>
<td class="rootkit">Hidden registry entry, rootkit activity | File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"lbrtfdc" (lbrtfdc)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\lbrtfdc.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"MACNDIS5 NDIS Protocol Driver" (MACNDIS5)</td>
<td>"Marmiko IT-Solutions GmbH"</td>
<td>C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"MIINPazX NDIS Protocol Driver" (MIINPazX)</td>
<td>"Deutsche Telekom AG, Marmiko IT-Solutions GmbH"</td>
<td>C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX)</td>
<td>"Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH"</td>
<td>C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PCIDump" (PCIDump)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PCIDump.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDCOMP" (PDCOMP)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDCOMP.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDFRAME" (PDFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRELI" (PDRELI)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRELI.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"PDRFRAME" (PDRFRAME)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\PDRFRAME.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ssmdrv" (ssmdrv)</td>
<td>"Avira GmbH"</td>
<td>C:\WINDOWS\System32\DRIVERS\ssmdrv.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"WDICA" (WDICA)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\system32\drivers\WDICA.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu"</td>
<td>"Ikysasoft s.r.l. uninominale"</td>
<td>C:\WINDOWS\system32\B4FM.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung"</td>
<td class="notfound"></td>
<td class="notfound">deskpan.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\mscoree.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes"</td>
<td>"Apple Inc."</td>
<td>C:\Programme\iTunes\iTunesMiniPlayer.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "Media Band"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td>
<td>"Avira GmbH"</td>
<td>C:\Programme\Avira\AntiVir Desktop\shlext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References"</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\system32\dfshim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td>
<td>"Alexander Roshal"</td>
<td>C:\Programme\WinRAR\rarext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{E0D79304-84BE-11CE-9641-444553540000} "WinZip"</td>
<td>"WinZip Computing, Inc."</td>
<td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{E0D79305-84BE-11CE-9641-444553540000} "WinZip"</td>
<td>"WinZip Computing, Inc."</td>
<td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{E0D79306-84BE-11CE-9641-444553540000} "WinZip"</td>
<td>"WinZip Computing, Inc."</td>
<td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">ITBar7Height "ITBar7Height"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "ITBar7Layout"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "ITBarLayout"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "Java Plug-in 1.4.2_03"<br>hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab</td>
<td>"JavaSoft / Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\bin\jp2ssv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class"</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Startmenü\Programme\Autostart</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%UserProfile%\Startmenü\Programme\Autostart</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Netzmanager.lnk"</td>
<td>"Deutsche Telekom AG"</td>
<td>C:\Programme\Netzmanager\netzmanager.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Adobe ARM"</td>
<td>"Adobe Systems Incorporated"</td>
<td>"C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Adobe Reader Speed Launcher"</td>
<td>"Adobe Systems Incorporated"</td>
<td>"C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgnt"</td>
<td>"Avira GmbH"</td>
<td>"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"AVMWlanClient"</td>
<td>"AVM Berlin"</td>
<td>C:\Programme\avmwlanstick\wlangui.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"iTunesHelper"</td>
<td>"Apple Inc."</td>
<td>"C:\Programme\iTunes\iTunesHelper.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"QuickTime Task"</td>
<td>"Apple Inc."</td>
<td>"C:\Programme\QuickTime\QTTask.exe" -atboottime</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"SunJavaUpdateSched"</td>
<td>"Sun Microsystems, Inc."</td>
<td>"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Anwendungsverwaltung" (AppMgmt)</td>
<td class="notfound"></td>
<td class="notfound">C:\WINDOWS\System32\appmgmts.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Apple Mobile Device" (Apple Mobile Device)</td>
<td>"Apple Inc."</td>
<td>C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ASP.NET State Service" (aspnet_state)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Avira AntiVir Guard" (AntiVirService)</td>
<td>"Avira GmbH"</td>
<td>C:\Programme\Avira\AntiVir Desktop\avguard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Avira AntiVir Planer" (AntiVirSchedulerService)</td>
<td>"Avira GmbH"</td>
<td>C:\Programme\Avira\AntiVir Desktop\sched.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"AVM WLAN Connection Service" (AVM WLAN Connection Service)</td>
<td>"AVM Berlin"</td>
<td>C:\Programme\avmwlanstick\WlanNetService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Dienst "Bonjour"" (Bonjour Service)</td>
<td>"Apple Inc."</td>
<td>C:\Programme\Bonjour\mDNSResponder.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"iPod-Dienst" (iPod Service)</td>
<td>"Apple Inc."</td>
<td>C:\Programme\iPod\bin\iPodService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Java Quick Starter" (JavaQuickStarterService)</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Programme\Java\jre6\bin\jqs.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service)</td>
<td>"Deutsche Telekom AG"</td>
<td>C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl)</td>
<td>"Deutsche Telekom AG, Marmiko IT-Solutions GmbH"</td>
<td>C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Windows CardSpace" (idsvc)</td>
<td>"Microsoft Corporation"</td>
<td>C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0)</td>
<td>"Microsoft Corporation"</td>
<td>c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Winlogon</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Control Panel\IOProcs</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"MVB"</td>
<td class="notfound"></td>
<td class="notfound">mvfs32.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation"</td>
<td class="notfound"></td>
<td class="notfound">appmgmts.dll</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="group" colspan="6">Winsock Providers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"mdnsNSP"</td>
<td>"Apple Inc."</td>
<td>C:\Programme\Bonjour\mdnsNSP.dll</td>
<td>File exists</td>
</tr>
</table>
<p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
</body></html>

pondex 02.09.2010 14:10
...und das sollte das bootkit log sein:
Code:
.\debug.cpp(238) : Debug log started at 02.09.2010 - 13:06:03
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00217380 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ef000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf8a35000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf8945000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf84e5000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf8a37000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf84d4000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf8535000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf8afd000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf87b5000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf8a39000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf8545000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf84b5000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf87bd000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf8555000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xf849d000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf8565000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf8575000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf847d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf846b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf8454000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf83c7000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf839a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf8380000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf8585000 0x0000b000 "agp440.sys"
.\debug.cpp(256) : 0xf8725000 0x0000a000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf7b1c000 0x0068a000 "\SystemRoot\System32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf7b08000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf882d000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf7ae4000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf8835000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf7a79000 0x0006b000 "\SystemRoot\System32\DRIVERS\IntelH51.sys"
.\debug.cpp(256) : 0xf883d000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xf7a67000 0x00012000 "\SystemRoot\system32\drivers\wf2kvcap.sys"
.\debug.cpp(256) : 0xf8735000 0x0000d000 "\SystemRoot\system32\drivers\STREAM.SYS"
.\debug.cpp(256) : 0xf7a44000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xf7a33000 0x00011000 "\SystemRoot\System32\DRIVERS\Rtlnic51.sys"
.\debug.cpp(256) : 0xf7a1f000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf8745000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf89e1000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf8755000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf8845000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf884d000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf8765000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf8775000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf8785000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf8855000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xf796c000 0x000b3000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xf7948000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf8795000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf8c33000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf87a5000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf89e9000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf7931000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf85b5000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf85c5000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf885d000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf7920000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf85d5000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf8865000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf886d000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf8605000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf8a57000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf7822000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf89f9000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf8625000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf8635000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf8a59000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf81eb000 0x00004000 "\SystemRoot\system32\drivers\MODEMCSA.sys"
.\debug.cpp(256) : 0xf8885000 0x00008000 "\SystemRoot\system32\drivers\wf2ktunr.sys"
.\debug.cpp(256) : 0xf81e7000 0x00003000 "\SystemRoot\system32\drivers\wf2kxbar.sys"
.\debug.cpp(256) : 0xf8a5b000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf8ba7000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf8a5d000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf88a5000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf8a5f000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf8a61000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf88ad000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf88b5000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf81d7000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf669f000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf6646000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf661e000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf65fc000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf8645000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf88bd000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xf65d1000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf6561000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf8665000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf653b000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf8675000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf64f1000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xf8a67000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xf86c5000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf64b0000 0x00041000 "\SystemRoot\System32\DRIVERS\fwlanusb.sys"
.\debug.cpp(256) : 0xf6498000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf8a79000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf66f6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf88dd000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf8c61000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00584000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xba6d3000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xba44e000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xba349000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xba50b000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xf8a75000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xba01a000 0x00057000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb9310000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf87dd000 0x00005000 "\??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS"
.\debug.cpp(256) : 0xb7ac8000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xb7a86000 0x00017000 "\??\C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys"
.\debug.cpp(256) : 0xb790b000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :  Destination "\Device\Ndis"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :  Destination "\Device\Video0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a3cbbf11-b052-11df-a5b3-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :  Destination "\Device\Video1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000002c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000002e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\0000003d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F5211853-3E59-44C9-9CDC-E19D33122623}"
.\debug.cpp(400) :  Destination "\Device\{F5211853-3E59-44C9-9CDC-E19D33122623}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) :  Destination "\Device\Ip"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :  Destination "\Device\Video2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10#4&3b90381f&0&68F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_2#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :  Destination "\Device\0000003c"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) :  Destination "\Device\IPSEC"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) :  Destination "\Device\avgio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :  Destination "\Device\Video3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&19b0fc9&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&11858842&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000033"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000002d"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CF149422-4C7D-4084-A39A-0834D5F4FAFC}"
.\debug.cpp(400) :  Destination "\Device\{CF149422-4C7D-4084-A39A-0834D5F4FAFC}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35CBA67C-AA5B-4D47-B3BC-515831D796D7}"
.\debug.cpp(400) :  Destination "\Device\{35CBA67C-AA5B-4D47-B3BC-515831D796D7}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) :  Destination "\Device\NDProxy"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :  Destination "\Device\ParallelVdm0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_057c&Pid_6201#001A4F9D0DDE#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&19788b67&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C2AE5707-236A-41FD-9574-FD59A556C6F1}"
.\debug.cpp(400) :  Destination "\Device\{C2AE5707-236A-41FD-9574-FD59A556C6F1}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-24#30534a30324a5830383432353237202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :  Destination "\Device\WMIDataDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) :  Destination "\Device\Serial0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{932919AB-46ED-461C-8829-08F8BA8808D6}"
.\debug.cpp(400) :  Destination "\Device\{932919AB-46ED-461C-8829-08F8BA8808D6}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :  Destination "\Device\NamedPipe"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature63280014Offset2738A00Length12A14C0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C7&SUBSYS_80891043&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :  Destination "\??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{756A8791-09FA-47DD-87E8-75AC054A1A12}"
.\debug.cpp(400) :  Destination "\Device\{756A8791-09FA-47DD-87E8-75AC054A1A12}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :  Destination "\Device\Mup"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) :  Destination "\Device\PSched"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) :  Destination "\Device\IPNAT"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2ae46918&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C2&SUBSYS_80891043&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :  Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :  Destination "\Device\USBFDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :  Destination "\Device\Tcp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) :  Destination "\Device\VideoPdo0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :  Destination "\Device\USBFDO-1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000034"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :  Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kwtyraoc"
.\debug.cpp(400) :  Destination "\Device\kwtyraoc"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_057c&Pid_6201#001A4F9D0DDE#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-4"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :  Destination "\DosDevices\LPT1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :  Destination "\Device\USBFDO-2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000031"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) :  Destination "\Device\sysaudio"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000032"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :  Destination "\Device\FsWrap"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000030"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :  Destination "\Device\USBFDO-3"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :  Destination "\Device\CdRom0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a3cbbf12-b052-11df-a5b3-806d6172696f}"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Stream#ltxbar.boardmux#5&3b3a583f&0&1#{a799a801-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) :  Destination "\Device\00000065"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BC9D6B68-88C9-4C74-AEA2-12FA59D80A34}"
.\debug.cpp(400) :  Destination "\Device\{BC9D6B68-88C9-4C74-AEA2-12FA59D80A34}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9D2720CE-BEC9-4C52-A9B4-80587CCCF184}"
.\debug.cpp(400) :  Destination "\Device\{9D2720CE-BEC9-4C52-A9B4-80587CCCF184}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :  Destination "\Device\00000040"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :  Destination "\GLOBAL??"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :  Destination "\Device\00000053"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3250fa59&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :  Destination "\Device\USBPDO-0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Intel V92 HaM Data Fax Voice"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Stream#lttuner.philips#5&3b3a583f&0&0#{a799a800-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) :  Destination "\Device\00000064"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :  Destination "\Device\00000053"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F485D262-0D08-4DF2-ACC4-ECCDA00C3ADA}"
.\debug.cpp(400) :  Destination "\Device\{F485D262-0D08-4DF2-ACC4-ECCDA00C3ADA}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :  Destination "\Device\MountPointManager"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) :  Destination "\Device\ssmctl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000002b"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :  Destination "\Device\WANARP"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&2a083901&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) :  Destination "\Device\00000052"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TIWLNUSB"
.\debug.cpp(400) :  Destination "\Device\TIWLNUSB"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :  Destination "\Device\NdisWanIp"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MACNDIS5"
.\debug.cpp(400) :  Destination "\Device\MACNDIS5"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) :  Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C4&SUBSYS_80891043&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2a083901&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000055"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :  Destination "\Device\0000002f"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) :  Destination "\Device\ParTechInc0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :  Destination "\Device\NdisWanBh"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) :  Destination "\Device\00000037"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) :  Destination "\Device\NdisTapi"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :  Destination "\Device\NdisWan"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :  Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :  Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) :  Destination "\Device\IPMULTICAST"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) :  Destination "\Device\Parallel0"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) :  Destination "\Device\ParTechInc1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) :  Destination "\Device\LanmanRedirector"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) :  Destination "\Device\ParTechInc2"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :  Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :  Destination "\Device\FtControl"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :  Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :  Destination "\Device\MailSlot"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :  Destination "\DosDevices\COM1"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24CD&SUBSYS_80891043&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A30B8BEC-FC54-44E3-A3B8-820F41D2C929}"
.\debug.cpp(400) :  Destination "\Device\{A30B8BEC-FC54-44E3-A3B8-820F41D2C929}"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :  Destination ""
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2a083901&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000054"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000036"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :  Destination "\Device\Null"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :  Destination "\Device\00000035"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) :  Destination "\Device\avipbb"
.\debug.cpp(409) :  --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0323&SUBSYS_5834107D&REV_A1#4&3839c141&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :  Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) :  --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1062) :  --------------------------------------------
.\boot_cleaner.cpp(1106) :    74 GB  \\.\PhysicalDrive0  Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
Gruß
Ralf

cosinus 02.09.2010 18:34
Einen Gegencheck brauch ich noch:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

pondex 03.09.2010 06:57
Guten Morgen,
hier kommt das MBR check log:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x00000014

Kernel Drivers (total 116):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806EF000 \WINDOWS\system32\hal.dll
  0xF8A35000 \WINDOWS\system32\KDCOM.DLL
  0xF8945000 \WINDOWS\system32\BOOTVID.dll
  0xF84E5000 ACPI.sys
  0xF8A37000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
  0xF84D4000 pci.sys
  0xF8535000 isapnp.sys
  0xF8AFD000 pciide.sys
  0xF87B5000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
  0xF8A39000 intelide.sys
  0xF8545000 MountMgr.sys
  0xF84B5000 ftdisk.sys
  0xF87BD000 PartMgr.sys
  0xF8555000 VolSnap.sys
  0xF849D000 atapi.sys
  0xF8565000 disk.sys
  0xF8575000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
  0xF847D000 fltmgr.sys
  0xF846B000 sr.sys
  0xF8454000 KSecDD.sys
  0xF83C7000 Ntfs.sys
  0xF839A000 NDIS.sys
  0xF8380000 Mup.sys
  0xF8585000 agp440.sys
  0xF86D5000 \SystemRoot\System32\DRIVERS\intelppm.sys
  0xF7786000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
  0xF7751000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
  0xF8835000 \SystemRoot\System32\DRIVERS\usbuhci.sys
  0xF772D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xF883D000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xF76C2000 \SystemRoot\System32\DRIVERS\IntelH51.sys
  0xF8845000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF76B0000 \SystemRoot\system32\drivers\wf2kvcap.sys
  0xF86E5000 \SystemRoot\system32\drivers\STREAM.SYS
  0xF768D000 \SystemRoot\system32\drivers\ks.sys
  0xF767C000 \SystemRoot\System32\DRIVERS\Rtlnic51.sys
  0xF7668000 \SystemRoot\System32\DRIVERS\parport.sys
  0xF86F5000 \SystemRoot\System32\DRIVERS\serial.sys
  0xF89E1000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xF8705000 \SystemRoot\System32\DRIVERS\i8042prt.sys
  0xF884D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xF8855000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xF8715000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xF8725000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xF8735000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xF885D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF75B5000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xF7591000 \SystemRoot\system32\drivers\portcls.sys
  0xF8745000 \SystemRoot\system32\drivers\drmk.sys
  0xF8C3C000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xF8755000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xF89E9000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xF757A000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xF8765000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xF8775000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xF8865000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xF7569000 \SystemRoot\System32\DRIVERS\psched.sys
  0xF8785000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xF886D000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xF8875000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xF85B5000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xF8A5B000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xF746B000 \SystemRoot\System32\DRIVERS\update.sys
  0xF89F9000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xF85D5000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF85E5000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xF8A5D000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xF7E30000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0xF888D000 \SystemRoot\system32\drivers\wf2ktunr.sys
  0xF7E2C000 \SystemRoot\system32\drivers\wf2kxbar.sys
  0xF8A5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8BB5000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8A61000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF88AD000 \SystemRoot\System32\drivers\vga.sys
  0xF8A63000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8A65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF88B5000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF88BD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7E1C000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xF62E8000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xF628F000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xF6267000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xF6245000 \SystemRoot\System32\drivers\afd.sys
  0xF85F5000 \SystemRoot\System32\DRIVERS\netbios.sys
  0xF88C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF621A000 \SystemRoot\System32\DRIVERS\rdbss.sys
  0xF61AA000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
  0xF8615000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF615C000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xF8625000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xF613A000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF8A6B000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF8675000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF60F9000 \SystemRoot\System32\DRIVERS\fwlanusb.sys
  0xF60E1000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8A7D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF633F000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF88ED000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8C43000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xBA6D3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xBA3AE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xBA349000 \SystemRoot\system32\drivers\wdmaud.sys
  0xBA4F3000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF8A8D000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB9F54000 \SystemRoot\System32\DRIVERS\srv.sys
  0xB9157000 \SystemRoot\System32\Drivers\HTTP.sys
  0xF880D000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xBA75C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xF87E5000 \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
  0xB8BA4000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
      0 System Idle Process
      4 System
    492 C:\WINDOWS\system32\smss.exe
    568 csrss.exe
    596 C:\WINDOWS\system32\winlogon.exe
    776 C:\WINDOWS\system32\services.exe
    788 C:\WINDOWS\system32\lsass.exe
    948 C:\WINDOWS\system32\svchost.exe
    1004 svchost.exe
    1044 C:\WINDOWS\system32\svchost.exe
    1100 svchost.exe
    1180 svchost.exe
    1340 C:\WINDOWS\explorer.exe
    1364 C:\WINDOWS\system32\spoolsv.exe
    1452 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1492 svchost.exe
    1676 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    1696 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1704 C:\WINDOWS\system32\rundll32.exe
    1712 C:\WINDOWS\SOUNDMAN.EXE
    1724 C:\Programme\avmwlanstick\WLanGUI.exe
    1744 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1772 C:\Programme\avmwlanstick\WLanNetService.exe
    1796 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1828 C:\Programme\iTunes\iTunesHelper.exe
    1856 C:\Programme\Bonjour\mDNSResponder.exe
    1888 C:\Programme\Netzmanager\netzmanager.exe
    1912 C:\Programme\Java\jre6\bin\jqs.exe
    1924 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1960 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    1980 C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
    272 C:\WINDOWS\system32\nvsvc32.exe
    2052 wmiprvse.exe
    2884 C:\WINDOWS\system32\wscntfy.exe
    3428 C:\Programme\iPod\bin\iPodService.exe
    3624 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    3776 alg.exe
    3168 PresentationFontCache.exe
    3732 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
    676 C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK100-24

      Size  Device Name          MBR Status
  --------------------------------------------
    74 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 03.09.2010 10:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

pondex 03.09.2010 14:38
Hallo,
hier kommen die gewünschten logs:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4534

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.09.2010 13:37:35
mbam-log-2010-09-03 (13-37-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 197467
Laufzeit: 1 Stunde(n), 28 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und spyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/03/2010 at 02:37 PM

Application Version : 4.42.1000

Core Rules Database Version : 5449
Trace Rules Database Version: 3261

Scan type      : Complete Scan
Total Scan Time : 00:57:50

Memory items scanned      : 557
Memory threats detected  : 0
Registry items scanned    : 5701
Registry threats detected : 0
File items scanned        : 26428
File threats detected    : 2

Trojan.Agent/Gen-Deskryp
        C:\_OTL\MOVEDFILES\09012010_161757\C_DOKUMENTE UND EINSTELLUNGEN\RALF SIEVERT\LOKALE EINSTELLUNGEN\TEMP\GVL.EXE
        C:\_OTL\MOVEDFILES\09012010_161757\C_WINDOWS\GPIRIA.EXE

cosinus 03.09.2010 17:13
Kannst alle Funde entfernen

pondex 03.09.2010 19:05
Hallo,
war´s das jetzt? Muß sonst noch etwas gemacht werden und kann ich die Programme(GMER, Cofi usw.) wieder entfernen? Ich weiß, Fragen über Fragen....
Erst mal recht herzlichen Dank!
Gruß
Ralf

cosinus 03.09.2010 19:23
Nein, die Tools kannst Du drauflassen, die stören nicht und belasten auch nicht das System, da sie nur dann gestartet werden, wenn Du es manuell machst.

Noch Probleme oder andere Funde in der Zwischenzeit?

pondex 04.09.2010 13:19
Hallo,
Zitat:
Noch Probleme oder andere Funde in der Zwischenzeit?
Nein, habe noch mal Malware aktualisiert und drüberlaufen lassen aber dort ergab es keine Funde!
Danke!!!

cosinus 04.09.2010 16:08
Wir sind dann durch! :)

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19