|
Plagegeister aller Art und deren Bekämpfung: TR\crypt\ULPM.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.10.2011, 18:49 | #16 |
/// Malware-holic | TR\crypt\ULPM.gen ok, ist es dir möglich dein wichtiges zeug wie bilder, dokumente vidios, musik, auf deinen pc zu kopieren, dann über rechtsklick, laufwerk f: zu formatieren? dann ist der ganze nutzlose müll wo zb der trojaner drinnen ist weg, und du kannst die platte wieder nutzen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.10.2011, 19:14 | #17 |
| TR\crypt\ULPM.gen uff, wie bereits oben in meinem anfangsstatement geschrieben,
__________________habe ich genau das bereits getan. meine frage ist und bleibt. wie sicher ist mein pc? |
19.10.2011, 19:22 | #18 |
/// Malware-holic | TR\crypt\ULPM.gen also, da nur auf f: was gefunden wurde, kannst davon ausgehen dass alles io ist.
__________________ich werd mir den pc ansehen, aber wie gesagt solltest du trotzdem f: formatieren denn du hast da noch malware drauf. danach: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
19.10.2011, 19:49 | #19 |
| TR\crypt\ULPM.gen DANKE!! übrigens ist hier die festplatte F eine Partitionierung und nicht die verseuchte externe Platte!OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2011 20:37:10 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,30% Memory free 6,19 Gb Paging File | 4,88 Gb Available in Paging File | 78,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,36 Gb Total Space | 123,75 Gb Free Space | 82,30% Space Free | Partition Type: NTFS Drive E: | 106,77 Gb Total Space | 64,28 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Drive F: | 37,91 Gb Total Space | 37,63 Gb Free Space | 99,25% Space Free | Partition Type: NTFS Computer Name: INSPIRE | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3C42954B-45F8-4BB0-A1E6-D9C07073A247}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3CE690EB-13B4-456B-9FCD-2FC40D5C4B96}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{98E9B76D-91B1-4F7F-9AF0-797F7888E93B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9FFEE59E-B7DE-45AB-9795-72F3BD991C67}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{B445D872-C166-4F40-8FD2-92A89199A110}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E77D02CF-72C6-4A41-8C1E-93F1AD9D649C}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | "{F04967B9-E2AA-4052-AEC5-F00E76CC15E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F759CF89-407B-4029-8645-B759215BD912}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{FE58825C-3CBD-4FCB-B3FB-D9895E0794A7}" = dir=in | app=c:\program files\itunes\itunes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "avast" = avast! Free Antivirus "Avira AntiVir Desktop" = Avira Free Antivirus "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "jZip" = jZip "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.51.1087" = Opera 11.51 "SearchCore for Browsers" = SearchCore for Browsers "Searchqu 102 MediaBar" = Windows Searchqu Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.10.2011 21:27:59 | Computer Name = Inspire | Source = WinMgmt | ID = 10 Description = Error - 15.10.2011 22:28:06 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 17.10.2011 11:10:29 | Computer Name = Inspire | Source = WinMgmt | ID = 10 Description = Error - 17.10.2011 11:13:58 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 17.10.2011 13:45:09 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 17.10.2011 13:45:13 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 18.10.2011 10:49:44 | Computer Name = Inspire | Source = WinMgmt | ID = 10 Description = Error - 18.10.2011 10:53:06 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 18.10.2011 10:55:34 | Computer Name = Inspire | Source = System Restore | ID = 8193 Description = Error - 19.10.2011 13:42:06 | Computer Name = Inspire | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 17.10.2011 11:11:15 | Computer Name = Inspire | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 17.10.2011 13:45:18 | Computer Name = Inspire | Source = DCOM | ID = 10005 Description = Error - 17.10.2011 13:45:18 | Computer Name = Inspire | Source = Service Control Manager | ID = 7009 Description = Error - 17.10.2011 13:45:18 | Computer Name = Inspire | Source = Service Control Manager | ID = 7000 Description = Error - 18.10.2011 10:49:18 | Computer Name = Inspire | Source = HTTP | ID = 15016 Description = Error - 18.10.2011 10:49:44 | Computer Name = Inspire | Source = Service Control Manager | ID = 7000 Description = Error - 18.10.2011 10:50:51 | Computer Name = Inspire | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 19.10.2011 13:41:50 | Computer Name = Inspire | Source = HTTP | ID = 15016 Description = Error - 19.10.2011 13:42:06 | Computer Name = Inspire | Source = Service Control Manager | ID = 7000 Description = Error - 19.10.2011 13:43:41 | Computer Name = Inspire | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > |
19.10.2011, 19:51 | #20 |
| TR\crypt\ULPM.gen OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.10.2011 20:37:10 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxx\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,30% Memory free 6,19 Gb Paging File | 4,88 Gb Available in Paging File | 78,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,36 Gb Total Space | 123,75 Gb Free Space | 82,30% Space Free | Partition Type: NTFS Drive E: | 106,77 Gb Total Space | 64,28 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Drive F: | 37,91 Gb Total Space | 37,63 Gb Free Space | 99,25% Space Free | Partition Type: NTFS Computer Name: INSPIRE | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Annalina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libtidy.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/102" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.selectedEngine: "Searchqu Web Search" FF - prefs.js..browser.search.defaultenginename: "Searchqu Web Search" FF - prefs.js..browser.search.order.1: "Searchqu Web Search" FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=102&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.10.15 19:19:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.09 23:01:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.18 17:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annalina\AppData\Roaming\mozilla\Extensions [2011.10.18 17:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annalina\AppData\Roaming\mozilla\Firefox\Profiles\1sormckh.default\extensions [2011.10.18 17:42:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Annalina\AppData\Roaming\mozilla\Firefox\Profiles\1sormckh.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.10.09 22:47:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Annalina\AppData\Roaming\mozilla\Firefox\Profiles\1sormckh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.10.18 17:42:54 | 000,002,520 | ---- | M] () -- C:\Users\Annalina\AppData\Roaming\Mozilla\Firefox\Profiles\1sormckh.default\searchplugins\SearchResults.xml [2011.10.18 17:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.15 19:19:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011.10.17 17:14:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 17:42:54 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{109FBC07-61CF-4BFD-97D7-F356A073F72D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1DC542A-EF15-484A-8E13-1648611CA992}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.19 20:35:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Annalina\Desktop\OTL.exe [2011.10.18 17:43:20 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\jZip [2011.10.18 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2011.10.18 17:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.10.18 17:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\SearchCore for Browsers [2011.10.18 17:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip [2011.10.18 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\jZip [2011.10.17 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Adobe [2011.10.17 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.10.17 19:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.10.17 19:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.10.17 19:42:49 | 000,742,216 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Annalina\Documents\install_reader10_de_chrd_aih.exe [2011.10.17 19:28:36 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Opera [2011.10.17 19:28:36 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Opera [2011.10.17 19:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011.10.16 03:02:04 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.10.16 03:02:04 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.10.16 03:02:04 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.10.16 03:00:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.10.15 23:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition [2011.10.15 23:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS [2011.10.15 19:53:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.10.15 19:39:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.10.15 19:39:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.10.15 19:39:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.10.15 19:39:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.10.15 19:39:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.10.15 19:39:26 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.10.15 19:39:16 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.15 19:39:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.10.15 19:39:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.10.15 19:39:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.10.15 19:39:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.10.15 19:39:03 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.10.15 19:39:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.10.15 19:39:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.15 19:39:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.15 19:38:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.10.15 19:38:53 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.10.15 19:37:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui [2011.10.15 19:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.10.15 19:20:57 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.10.15 19:20:57 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.10.15 19:20:54 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.10.15 19:20:54 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.10.15 19:20:53 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.10.15 19:20:52 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.10.15 19:19:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.10.15 19:19:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.10.15 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.10.15 19:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.10.12 00:13:24 | 000,000,000 | ---D | C] -- C:\!KillBox [2011.10.11 22:31:34 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.10.11 22:31:34 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.10.11 22:31:34 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.10.11 22:31:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.10.11 22:31:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.10.11 22:31:34 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.10.11 22:31:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2011.10.11 22:31:33 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.10.11 22:31:33 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.10.11 22:31:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.10.11 22:31:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.10.11 22:31:32 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2011.10.11 22:31:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.10.11 22:31:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.10.11 22:31:32 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.10.11 22:31:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.10.11 22:31:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.11 22:31:30 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.10.11 22:31:30 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.10.11 22:31:30 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2011.10.11 22:31:30 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.10.11 22:31:30 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.10.11 22:31:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2011.10.11 18:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.11 18:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.10.11 18:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.10.11 18:20:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.10.11 18:20:49 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.10.11 18:04:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.10.11 16:46:58 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2011.10.11 16:46:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2011.10.11 16:46:58 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2011.10.11 16:46:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2011.10.11 16:46:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2011.10.11 16:46:57 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2011.10.11 16:46:57 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2011.10.11 16:46:57 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011.10.11 16:46:57 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2011.10.11 16:46:57 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2011.10.11 16:46:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2011.10.11 16:46:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.10.11 16:46:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2011.10.11 16:46:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011.10.11 16:46:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2011.10.11 16:46:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2011.10.11 16:46:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2011.10.11 16:46:56 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2011.10.11 16:46:56 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.10.11 16:46:56 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.10.11 16:46:56 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.10.11 16:46:56 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.10.11 16:46:56 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.10.11 16:42:12 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.10.11 16:42:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.10.11 16:42:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.11 16:42:08 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.11 16:31:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.10.11 16:09:41 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.10.11 16:09:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.10.11 16:09:39 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.10.11 16:09:39 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.10.11 16:09:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.10.11 16:09:37 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.10.11 16:04:31 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.10.11 16:04:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.10.11 16:02:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.10.11 16:00:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.10.11 16:00:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.10.11 16:00:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.10.11 16:00:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.10.11 16:00:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.10.11 16:00:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.10.11 16:00:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.10.11 16:00:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.10.11 16:00:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.10.11 16:00:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.10.11 16:00:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.10.11 16:00:05 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.10.11 16:00:05 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.10.11 16:00:05 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.10.11 16:00:05 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.10.11 16:00:05 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.10.10 15:12:35 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011.10.10 15:12:33 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011.10.10 15:12:21 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.10.10 14:39:28 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.10.10 14:39:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.10.10 14:39:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.10.10 14:39:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.10.10 14:39:00 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.10.10 14:38:45 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.10.10 14:38:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.10.10 14:38:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.10.10 14:38:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2011.10.10 14:38:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011.10.10 14:38:31 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.10.10 14:38:30 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2011.10.10 14:38:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2011.10.10 14:38:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2011.10.10 14:38:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2011.10.10 14:38:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2011.10.10 14:38:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2011.10.10 14:37:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2011.10.10 14:37:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2011.10.10 14:37:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2011.10.10 14:37:23 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.10.10 14:37:23 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.10.10 14:36:52 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.10.10 14:36:51 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.10.10 14:36:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.10.10 14:36:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.10.10 14:36:43 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.10.10 14:36:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.10.10 14:36:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.10.10 14:36:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.10.10 14:36:21 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2011.10.10 14:36:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2011.10.10 14:36:15 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.10.10 14:36:14 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.10 14:35:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.10.10 14:35:49 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2011.10.10 14:35:41 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011.10.10 14:35:36 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.10.10 14:35:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.10.10 14:34:53 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.10.10 14:34:53 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.10.10 14:34:46 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.10.10 14:34:32 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.10.10 14:34:32 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011.10.10 14:34:32 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2011.10.10 14:34:31 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.10.10 14:34:30 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2011.10.10 14:34:30 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2011.10.10 14:34:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2011.10.10 14:34:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2011.10.10 14:34:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2011.10.10 14:34:19 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.10.10 14:34:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.10.10 14:34:13 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2011.10.10 14:34:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011.10.10 14:34:13 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2011.10.10 14:34:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2011.10.10 14:34:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.10.10 14:34:13 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2011.10.10 14:34:08 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.10.10 14:34:08 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.10.10 14:34:08 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.10.10 14:34:08 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.10.10 14:34:06 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2011.10.10 14:34:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.10.10 14:33:52 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2011.10.10 14:33:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2011.10.10 14:33:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.10.10 14:33:47 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.10.10 14:33:47 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.10.10 14:33:44 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.10.10 14:33:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.10.10 14:33:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.10.10 14:33:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.10.10 14:33:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.10.10 14:33:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.10.10 14:33:31 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011.10.10 14:33:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.10.10 14:32:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.10.10 14:32:59 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.10.10 14:32:55 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.10.10 14:32:55 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.10.10 14:32:55 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.10.10 14:32:55 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.10.10 14:32:55 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.10.10 14:32:55 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.10.10 14:32:54 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.10.10 14:32:54 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.10.10 14:32:54 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.10.10 14:32:38 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.10.10 14:32:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.10.10 14:32:36 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.10.10 14:32:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.10.10 14:32:33 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.10.10 14:32:33 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.10.10 14:32:30 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2011.10.10 14:32:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.10.10 14:32:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.10.10 14:32:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.10.10 14:32:10 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.10.10 14:24:29 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.10.10 04:51:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.10.10 04:51:36 | 000,000,000 | -HSD | C] -- C:\Boot [2011.10.10 04:51:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM [2011.10.10 04:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE [2011.10.10 04:50:31 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2011.10.10 04:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407 [2011.10.10 04:50:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\de [2011.10.10 04:49:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui [2011.10.10 04:49:55 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui [2011.10.10 04:49:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui [2011.10.10 04:49:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui [2011.10.10 04:49:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui [2011.10.10 04:49:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui [2011.10.10 04:49:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui [2011.10.10 04:49:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui [2011.10.10 04:49:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui [2011.10.10 04:49:49 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\crusoe.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk7.sys.mui [2011.10.10 04:49:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui [2011.10.10 04:49:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui [2011.10.10 04:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui [2011.10.10 04:49:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui [2011.10.10 04:49:49 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui [2011.10.10 04:49:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui [2011.10.10 04:49:48 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui [2011.10.10 04:49:48 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui [2011.10.10 04:49:48 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui [2011.10.10 04:49:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui [2011.10.10 04:49:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui [2011.10.10 04:49:28 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2011.10.10 04:49:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui [2011.10.10 04:49:28 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\ati2mtag.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | C] (SCM Microsystems) -- C:\Windows\System32\drivers\de-DE\SCR111.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\de-DE\grserial.sys.mui [2011.10.10 04:49:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scmstcs.sys.mui [2011.10.10 04:49:27 | 000,004,096 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\de-DE\gpr400.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\stcusb.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | C] (OMNIKEY) -- C:\Windows\System32\drivers\de-DE\cxbp0wdm.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui [2011.10.10 04:49:27 | 000,003,072 | ---- | C] (OMNIKEY AG) -- C:\Windows\System32\drivers\de-DE\cmbp0wdm.sys.mui [2011.10.10 04:49:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui [2011.10.10 04:49:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui [2011.10.10 04:49:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui [2011.10.10 04:49:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui [2011.10.10 04:49:24 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui [2011.10.10 04:49:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui [2011.10.10 04:49:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui [2011.10.10 04:49:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui [2011.10.10 04:49:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui [2011.10.10 04:49:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui [2011.10.10 04:49:17 | 000,006,656 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk60x86.sys.mui [2011.10.10 04:49:17 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui [2011.10.10 04:49:16 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2011.10.10 04:49:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui [2011.10.10 04:49:15 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui [2011.10.10 04:49:15 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\ati2mpad.sys.mui [2011.10.10 04:49:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui [2011.10.10 04:48:57 | 000,005,120 | ---- | C] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\de-DE\ntrigdigi.sys.mui [2011.10.10 04:48:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui [2011.10.10 04:48:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui [2011.10.10 04:48:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui [2011.10.10 04:48:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui [2011.10.10 04:48:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui [2011.10.10 04:48:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2011.10.10 04:48:54 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui [2011.10.10 04:48:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui [2011.10.10 04:48:54 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2011.10.10 04:48:53 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui [2011.10.10 04:48:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui [2011.10.10 04:48:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui [2011.10.10 04:48:52 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui [2011.10.10 04:48:50 | 000,005,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\de-DE\nv4_mini.sys.mui [2011.10.10 04:48:50 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui [2011.10.09 23:03:31 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Apple Computer [2011.10.09 23:03:27 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Apple Computer [2011.10.09 23:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.09 23:03:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2011.10.09 23:03:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.10.09 23:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.09 23:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.09 23:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.10.09 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.10.09 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.10.09 23:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.10.09 23:01:02 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Apple [2011.10.09 23:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.10.09 22:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.09 22:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.10.09 22:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011.10.09 22:47:39 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Macromedia [2011.10.09 22:47:39 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Adobe [2011.10.09 22:47:29 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.10.09 22:46:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.10.09 22:02:14 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Mozilla [2011.10.09 22:02:14 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Mozilla [2011.10.09 22:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011.10.09 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Avira [2011.10.09 20:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.09 20:54:16 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.09 20:54:16 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.09 20:54:16 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.09 20:54:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.10.09 20:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.09 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.09 20:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.10.09 20:16:57 | 000,457,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe [2011.10.09 19:55:07 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.10.09 19:55:06 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.10.09 19:54:55 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.10.09 19:54:55 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.10.09 19:54:55 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.10.09 19:54:48 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.10.09 19:54:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.10.09 19:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.10.09 19:38:23 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2011.10.09 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2011.10.09 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011.10.09 19:37:43 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.10.09 19:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011.10.09 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Microsoft Help [2011.10.09 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.10.09 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.10.09 19:34:11 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.10.09 19:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2011.10.09 19:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared [2011.10.09 19:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2011.10.09 19:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator DE [2011.10.09 19:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared [2011.10.09 19:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011.10.09 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared [2011.10.09 19:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.10.09 19:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio [2011.10.09 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion [2011.10.09 19:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion [2011.10.09 19:19:47 | 005,627,904 | ---- | C] (Reallusion Inc.) -- C:\Windows\System32\LiveCamVirtual.ocx [2011.10.09 19:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2011.10.09 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\InstallShield [2011.10.09 19:19:18 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DLL [2011.10.09 19:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam [2011.10.09 19:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam [2011.10.09 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2011.10.09 19:17:45 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011.10.09 19:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011.10.09 19:15:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32 [2011.10.09 19:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dell [2011.10.09 19:15:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.10.09 19:11:56 | 000,000,000 | R--D | C] -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.10.09 19:11:56 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Searches [2011.10.09 19:11:56 | 000,000,000 | R--D | C] -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.10.09 19:11:47 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Identities [2011.10.09 19:11:46 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Contacts [2011.10.09 19:11:45 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\VirtualStore [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Vorlagen [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\AppData\Local\Verlauf [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\AppData\Local\Temporary Internet Files [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Startmenü [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\SendTo [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Recent [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Netzwerkumgebung [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Lokale Einstellungen [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Documents\Eigene Videos [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Documents\Eigene Musik [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Eigene Dateien [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Documents\Eigene Bilder [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Druckumgebung [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Cookies [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\AppData\Local\Anwendungsdaten [2011.10.09 19:11:40 | 000,000,000 | -HSD | C] -- C:\Users\Annalina\Anwendungsdaten [2011.10.09 19:11:39 | 000,000,000 | --SD | C] -- C:\Users\Annalina\AppData\Roaming\Microsoft [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Videos [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Saved Games [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Pictures [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Links [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Favorites [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Downloads [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Documents [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\Desktop [2011.10.09 19:11:39 | 000,000,000 | R--D | C] -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.10.09 19:11:39 | 000,000,000 | -H-D | C] -- C:\Users\Annalina\AppData [2011.10.09 19:11:39 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Temp [2011.10.09 19:11:39 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Local\Microsoft [2011.10.09 19:11:39 | 000,000,000 | ---D | C] -- C:\Users\Annalina\AppData\Roaming\Media Center Programs [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\Programme [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.10.09 19:09:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.10.09 19:09:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.10.09 19:09:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.10.09 19:09:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.10.09 19:09:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.10.09 19:09:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.10.09 19:09:08 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2011.10.09 18:56:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.10.09 18:52:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.10.09 18:52:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2011.10.19 20:35:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Annalina\Desktop\OTL.exe [2011.10.19 20:12:13 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.19 20:12:13 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.19 20:12:13 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.19 20:12:13 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.19 19:41:57 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.19 19:41:57 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.10.19 19:41:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 19:41:49 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.19 19:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.19 19:41:37 | 3217,100,800 | -HS- | M] () -- C:\hiberfil.sys [2011.10.18 17:39:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.10.17 19:42:50 | 000,742,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Annalina\Documents\install_reader10_de_chrd_aih.exe [2011.10.15 23:28:14 | 000,001,259 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2011.10.15 19:20:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.10.11 19:19:12 | 000,003,584 | ---- | M] () -- C:\Users\Annalina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.11 18:11:47 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.10 04:51:38 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2011.10.10 04:50:19 | 000,290,748 | ---- | M] () -- C:\Windows\System32\perfi007.dat [2011.10.10 04:50:19 | 000,036,916 | ---- | M] () -- C:\Windows\System32\perfd007.dat [2011.10.10 04:49:55 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui [2011.10.10 04:49:55 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui [2011.10.10 04:49:55 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui [2011.10.10 04:49:55 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui [2011.10.10 04:49:55 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui [2011.10.10 04:49:55 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui [2011.10.10 04:49:54 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui [2011.10.10 04:49:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui [2011.10.10 04:49:54 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui [2011.10.10 04:49:54 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui [2011.10.10 04:49:49 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\crusoe.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui [2011.10.10 04:49:49 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk7.sys.mui [2011.10.10 04:49:49 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui [2011.10.10 04:49:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui [2011.10.10 04:49:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui [2011.10.10 04:49:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui [2011.10.10 04:49:49 | 000,005,120 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui [2011.10.10 04:49:49 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui [2011.10.10 04:49:48 | 000,022,016 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui [2011.10.10 04:49:48 | 000,006,144 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui [2011.10.10 04:49:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui [2011.10.10 04:49:47 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui [2011.10.10 04:49:29 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui [2011.10.10 04:49:28 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2011.10.10 04:49:28 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui [2011.10.10 04:49:28 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\ati2mtag.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | M] (SCM Microsystems) -- C:\Windows\System32\drivers\de-DE\SCR111.sys.mui [2011.10.10 04:49:27 | 000,004,608 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\de-DE\grserial.sys.mui [2011.10.10 04:49:27 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scmstcs.sys.mui [2011.10.10 04:49:27 | 000,004,096 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\de-DE\gpr400.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\stcusb.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | M] (OMNIKEY) -- C:\Windows\System32\drivers\de-DE\cxbp0wdm.sys.mui [2011.10.10 04:49:27 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui [2011.10.10 04:49:27 | 000,003,072 | ---- | M] (OMNIKEY AG) -- C:\Windows\System32\drivers\de-DE\cmbp0wdm.sys.mui [2011.10.10 04:49:26 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui [2011.10.10 04:49:26 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui [2011.10.10 04:49:24 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui [2011.10.10 04:49:24 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui [2011.10.10 04:49:24 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui [2011.10.10 04:49:22 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui [2011.10.10 04:49:18 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui [2011.10.10 04:49:18 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui [2011.10.10 04:49:17 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui [2011.10.10 04:49:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui [2011.10.10 04:49:17 | 000,006,656 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk60x86.sys.mui [2011.10.10 04:49:17 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui [2011.10.10 04:49:16 | 000,010,752 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2011.10.10 04:49:16 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui [2011.10.10 04:49:15 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui [2011.10.10 04:49:15 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\ati2mpad.sys.mui [2011.10.10 04:49:15 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui [2011.10.10 04:48:57 | 000,005,120 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\de-DE\ntrigdigi.sys.mui [2011.10.10 04:48:56 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui [2011.10.10 04:48:56 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UMDF\de-DE\WpdMtpDr.dll.mui [2011.10.10 04:48:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui [2011.10.10 04:48:56 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui [2011.10.10 04:48:55 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui [2011.10.10 04:48:55 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui [2011.10.10 04:48:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2011.10.10 04:48:54 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui [2011.10.10 04:48:54 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui [2011.10.10 04:48:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui [2011.10.10 04:48:54 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2011.10.10 04:48:53 | 000,006,144 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui [2011.10.10 04:48:53 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui [2011.10.10 04:48:52 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui [2011.10.10 04:48:52 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui [2011.10.10 04:48:50 | 000,005,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\de-DE\nv4_mini.sys.mui [2011.10.10 04:48:50 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui [2011.10.09 22:47:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.10.09 19:45:28 | 000,000,680 | ---- | M] () -- C:\Users\Annalina\AppData\Local\d3d9caps.dat [2011.10.09 19:20:45 | 000,000,074 | RHS- | M] () -- C:\Windows\CT4CET.bin [2011.10.09 18:56:53 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011.10.18 17:39:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.10.17 19:45:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.10.17 19:28:35 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.10.16 00:16:28 | 3217,100,800 | -HS- | C] () -- C:\hiberfil.sys [2011.10.15 23:27:20 | 000,001,259 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2011.10.15 23:14:41 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.10.15 23:14:41 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.10.15 23:14:41 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.10.15 23:14:41 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.10.15 23:14:41 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.10.11 22:34:04 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.10.11 19:19:11 | 000,003,584 | ---- | C] () -- C:\Users\Annalina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.11 16:46:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.10.11 16:46:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.10.11 16:46:57 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011.10.11 16:00:07 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.10.11 16:00:06 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.10.11 16:00:06 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.10.10 14:37:32 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2011.10.10 04:51:38 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2011.10.10 04:51:36 | 000,333,203 | RHS- | C] () -- C:\bootmgr [2011.10.10 04:51:21 | 000,000,024 | RH-- | C] () -- C:\Windows\dell_version [2011.10.10 04:50:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.10.10 04:50:46 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.10.10 04:50:46 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.10.10 04:50:46 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.10.09 23:01:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.10.09 22:02:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.10.09 20:22:26 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.10.09 20:22:24 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.10.09 19:20:45 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2011.10.09 19:11:57 | 000,000,949 | ---- | C] () -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.10.09 19:11:55 | 000,000,944 | ---- | C] () -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.10.09 19:11:46 | 000,000,915 | ---- | C] () -- C:\Users\Annalina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.10.09 19:11:43 | 000,000,680 | ---- | C] () -- C:\Users\Annalina\AppData\Local\d3d9caps.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,270,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll < End of report > |
19.10.2011, 19:53 | #21 |
/// Malware-holic | TR\crypt\ULPM.gen aber ich hatte dich doch gefragt ob f: die externe platte ist und du sagtest ja. egal, kannst du f: formatieren, vorher wichtige daten kopieren von dort. hier haben wir noch n bissel zu tun mit updates, aber erst mal kümmern wir uns um f:
__________________ --> TR\crypt\ULPM.gen |
19.10.2011, 19:59 | #22 |
| TR\crypt\ULPM.gen ist ja eigentlich egal wie die platte heißt. damals hieß sie halt F. jetzt hab ich ne Festplattenpartionierung mit F und die externe heißt jetzt halt G. Trojaner war auf EXTERN. |
19.10.2011, 20:07 | #23 |
/// Malware-holic | TR\crypt\ULPM.gen ok. da jetzt ja nichts mehr gefunden werden dürften, sichern wir den pc ab. start suchen tippe: windows update enter einstellung, updates automatisch instalieren, täglich, passende uhrzeit wählen, dann alles anhaken außer detailierte infos anzeigen. ok updates suchen. klicke wichtige updates, instaliere so lange bis es nichts mehr gibt. wird evtl. neustarts geben, dann wieder suchen, instalieren. das selbe mit optionalen. nachdem die optionalen instaliert sind, noch mal updates suchen, es könnten noch mal wichtige nachgekommen sein. instalieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.10.2011, 20:11 | #24 |
| TR\crypt\ULPM.gen ist gut. danke |
19.10.2011, 22:23 | #25 |
| TR\crypt\ULPM.gen habe jetzt alles installiert. |
20.10.2011, 09:49 | #26 |
| TR\crypt\ULPM.gen und schon wieder ne meldung. wie sicher ist eigentlich die Quarantäne? und wie kann man die gefundene Malware endgültig entfernen? Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 20. Oktober 2011 10:43 Es wird nach 3414164 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : INSPIRE Versionsinformationen: BUILD.DAT : 12.0.0.855 41827 Bytes 12.10.2011 16:36:00 AVSCAN.EXE : 12.1.0.17 490448 Bytes 05.10.2011 08:17:52 AVSCAN.DLL : 12.1.0.17 65744 Bytes 05.10.2011 08:18:04 LUKE.DLL : 12.1.0.17 68304 Bytes 05.10.2011 08:17:59 AVSCPLR.DLL : 12.1.0.19 99536 Bytes 05.10.2011 08:17:52 AVREG.DLL : 12.1.0.20 227024 Bytes 05.10.2011 08:17:51 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 15:08:51 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:00:55 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 12:12:53 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 07:26:09 VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 09:44:27 VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 09:44:27 VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 09:44:27 VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 09:44:27 VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 09:44:27 VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 09:44:27 VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 18:54:54 VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 21:59:34 VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 21:59:35 VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 17:07:37 VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 15:15:58 VBASE018.VDF : 7.11.16.35 2048 Bytes 18.10.2011 15:15:58 VBASE019.VDF : 7.11.16.36 2048 Bytes 18.10.2011 15:15:58 VBASE020.VDF : 7.11.16.37 2048 Bytes 18.10.2011 15:15:58 VBASE021.VDF : 7.11.16.38 2048 Bytes 18.10.2011 15:15:58 VBASE022.VDF : 7.11.16.39 2048 Bytes 18.10.2011 15:15:58 VBASE023.VDF : 7.11.16.40 2048 Bytes 18.10.2011 15:15:58 VBASE024.VDF : 7.11.16.41 2048 Bytes 18.10.2011 15:15:58 VBASE025.VDF : 7.11.16.42 2048 Bytes 18.10.2011 15:15:58 VBASE026.VDF : 7.11.16.43 2048 Bytes 18.10.2011 15:15:58 VBASE027.VDF : 7.11.16.44 2048 Bytes 18.10.2011 15:15:58 VBASE028.VDF : 7.11.16.45 2048 Bytes 18.10.2011 15:15:58 VBASE029.VDF : 7.11.16.46 2048 Bytes 18.10.2011 15:15:58 VBASE030.VDF : 7.11.16.47 2048 Bytes 18.10.2011 15:15:59 VBASE031.VDF : 7.11.16.66 100864 Bytes 19.10.2011 17:47:21 Engineversion : 8.2.6.84 AEVDF.DLL : 8.1.2.1 106868 Bytes 01.09.2011 21:46:02 AESCRIPT.DLL : 8.1.3.81 467322 Bytes 04.10.2011 17:01:31 AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02 AESBX.DLL : 8.2.1.34 323957 Bytes 01.09.2011 21:46:02 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.10.11 684408 Bytes 22.09.2011 14:18:45 AEOFFICE.DLL : 8.1.2.15 201083 Bytes 15.09.2011 23:17:25 AEHEUR.DLL : 8.1.2.180 3748217 Bytes 12.10.2011 15:36:14 AEHELP.DLL : 8.1.17.7 254327 Bytes 01.09.2011 21:46:01 AEGEN.DLL : 8.1.5.9 401780 Bytes 01.09.2011 21:46:01 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.23.0 196983 Bytes 01.09.2011 21:46:01 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 05.10.2011 08:17:53 AVPREF.DLL : 12.1.0.17 51920 Bytes 05.10.2011 08:17:51 AVREP.DLL : 12.1.0.17 179408 Bytes 05.10.2011 08:17:51 AVARKT.DLL : 12.1.0.17 223184 Bytes 05.10.2011 08:17:48 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 05.10.2011 08:17:50 SQLITE3.DLL : 3.7.0.0 398288 Bytes 05.10.2011 08:18:02 AVSMTP.DLL : 12.1.0.17 62928 Bytes 05.10.2011 08:17:52 NETNT.DLL : 12.1.0.17 17104 Bytes 05.10.2011 08:17:59 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 05.10.2011 08:18:06 RCTEXT.DLL : 12.1.0.16 98512 Bytes 05.10.2011 08:18:06 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e9fde05\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Donnerstag, 20. Oktober 2011 10:43 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WMIADAP.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Opera.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'datamngrUI.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastUI.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'OEM02Mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DellWMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\xxx\AppData\Local\Opera\Opera\cache\g_0022\opr003F7.tmp' C:\Users\xxx\AppData\Local\Opera\Opera\cache\g_0022\opr003F7.tmp [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b2c769c.qua' verschoben! Ende des Suchlaufs: Donnerstag, 20. Oktober 2011 10:43 Benötigte Zeit: 00:06 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 62 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 61 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
20.10.2011, 12:45 | #27 |
/// Malware-holic | TR\crypt\ULPM.gen hi, hast du evtl. nen programm geladen vor kurzem, sieht nach chache, des operas aus. die quarantäne ist sicher. entfernen kannst du die über avira, quarantäne.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.10.2011, 13:29 | #28 |
| TR\crypt\ULPM.gen vielen dank für die hilfe. dann hoffe ich jetzt mal sehr, dass alles gut geht. DANKE! |
Themen zu TR\crypt\ULPM.gen |
antivir, avast, besser, crypt, datei, daten, e-banking, einzeln, externe festplatte, fehlermeldung, festplatte, gelöscht, laptop, löschen, merkt, neu, nichts, online-banking, pc sicher?, platte, quarantäne, recht, rojaner gefunden, scan, spybot, system, system neu, tool, trojaner gefunden, trojaner-board |