| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: malware defense und security alertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2010, 09:51
| #91 |
 |  malware defense und security alert Mach bitte einenn eigenen thread auf... Code:
ATTFilter OTL logfile created on: 17.01.2010 09:45:02 - Run 2 OTL by OldTimer - Version 3.1.22.0 Folder = C:\Programme\Sicherheits-Software Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 507,00 Mb Available Physical Memory | 50,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 156,25 Gb Total Space | 117,10 Gb Free Space | 74,94% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHRIS Current User Name: Christopher Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Sicherheits-Software\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\IObit\Advanced SystemCare 3\AWC.exe (IObit) PRC - C:\WINDOWS\system32\PnkBstrB.exe () PRC - C:\WINDOWS\system32\PnkBstrA.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH ) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.) PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Programme\Sicherheits-Software\OTL.exe (OldTimer Tools) MOD - C:\Programme\Trillian\msvcr71.dll (Microsoft Corporation) MOD - C:\Programme\Trillian\events.dll (Cerulean Studios) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies) SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe () SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.) SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys () DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys (Avira GmbH) DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (Avira GmbH) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0 FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.4 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1 FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: ns-sitemap@example.com:1.0 FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.0 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.3 FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.2 FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8088 FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.06 16:55:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.06 15:33:22 | 00,000,000 | ---D | M] [2008.10.10 12:47:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions [2009.11.10 16:11:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions [2009.11.10 16:01:17 | 00,000,000 | ---D | M] (CS Lite) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (SafeCache) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.11.10 16:01:17 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.11.10 16:01:17 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (Menu Editor) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2009.11.10 16:01:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net [2009.11.10 16:01:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org [2010.01.15 17:26:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions [2009.11.15 15:02:42 | 00,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2009.11.15 14:56:30 | 00,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2009.11.14 11:39:02 | 00,000,000 | ---D | M] (Show MyIP) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{6D1D11DB-3C6C-4db8-96E4-20F4A1088AAC} [2009.11.11 17:12:54 | 00,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f} [2009.11.16 14:54:56 | 00,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2009.11.14 11:39:02 | 00,000,000 | ---D | M] (QuickProxy) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66} [2010.01.12 21:04:42 | 00,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.01.10 18:37:10 | 00,000,000 | ---D | M] (Torbutton) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.01.10 18:37:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\foxyproxy@eric.h.jung [2010.01.06 16:56:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\fsonlinescanner@f-secure.com [2009.11.23 15:43:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\ns-sitemap@example.com [2009.06.14 09:40:42 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\taboo@runningfrombears.com [2009.06.14 09:40:45 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\extensions\zotero@chnm.gmu.edu [2009.12.23 18:58:56 | 00,000,907 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\xsvd9d0y.default\searchplugins\conduit.xml [2010.01.15 17:26:15 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.08.24 16:18:07 | 00,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2007.04.24 12:11:12 | 01,800,704 | ---- | M] (Myriad Software.) -- C:\Programme\Mozilla Firefox\plugins\NPMyrMus.dll [2009.11.03 03:14:39 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.03 03:14:39 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.11.03 03:14:39 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.11.03 03:14:39 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.03 03:14:39 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - No CLSID value found. O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Programme\IObit\Advanced SystemCare 3\AWC.exe (IObit) O4 - HKCU..\Run: [GMX_GMX MultiMessenger] C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MSI US54EX Wireless Client Utility.lnk = C:\Programme\MSI\US54EX\Installer\WINXP\MSI US54EX Wireless Client Utility.exe (MSI Technology GmbH ) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O4 - Startup: C:\Dokumente und Einstellungen\Christopher\Startmenü\Programme\Autostart\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O12 - Plugin for: .mu3 - C:\Programme\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.) O12 - Plugin for: .mus - C:\Programme\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.) O12 - Plugin for: .mut - C:\Programme\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.) O12 - Plugin for: .myr - C:\Programme\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.) O12 - Plugin for: .xmz - C:\Programme\Internet Explorer\PLUGINS\NPMyrMus.dll (Myriad Software.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008.03.31 13:05:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.16 11:14:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.01.16 11:03:23 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2010.01.16 11:03:23 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2010.01.16 11:03:21 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll [2010.01.16 11:03:21 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll [2010.01.16 11:03:21 | 00,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll [2010.01.16 11:03:21 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll [2010.01.16 11:03:20 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll [2010.01.16 11:03:20 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll [2010.01.16 11:03:20 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll [2010.01.16 11:03:19 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll [2010.01.16 11:03:19 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll [2010.01.16 11:03:19 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll [2010.01.16 11:03:19 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll [2010.01.16 11:03:18 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll [2010.01.16 11:03:18 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm [2010.01.16 11:03:18 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm [2010.01.16 11:03:18 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll [2010.01.16 11:03:17 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe [2010.01.16 11:03:17 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll [2010.01.16 11:03:17 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll [2010.01.16 11:03:17 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm [2010.01.16 11:03:14 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll [2010.01.16 11:03:13 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2010.01.16 11:03:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2010.01.16 11:03:10 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2010.01.16 11:03:09 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2010.01.16 11:03:09 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2010.01.16 11:03:08 | 00,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2010.01.16 11:03:08 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2010.01.16 11:03:08 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2010.01.16 11:03:08 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2010.01.16 11:03:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2010.01.16 11:03:08 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2010.01.16 11:03:08 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2010.01.16 11:03:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2010.01.16 11:03:08 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2010.01.16 11:03:07 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2010.01.16 11:03:07 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2010.01.16 11:03:07 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2010.01.16 11:03:07 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2010.01.16 11:03:07 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2010.01.16 11:03:07 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2010.01.16 11:03:05 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl [2010.01.16 11:03:05 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.01.16 11:03:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2010.01.16 11:03:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2010.01.16 11:03:04 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2010.01.16 11:03:04 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2010.01.16 11:03:04 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2010.01.16 11:03:04 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2010.01.16 11:03:04 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2010.01.16 11:03:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2010.01.16 11:03:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2010.01.16 11:03:03 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2010.01.16 11:03:03 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2010.01.16 11:03:03 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2010.01.16 11:03:03 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2010.01.16 11:03:03 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2010.01.16 11:03:02 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2010.01.16 11:03:02 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2010.01.16 11:03:02 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2010.01.16 11:03:02 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2010.01.16 11:03:01 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2010.01.16 11:03:01 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2010.01.16 11:03:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2010.01.16 11:03:00 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2010.01.16 11:02:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.01.16 11:02:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.01.16 11:02:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.01.16 11:00:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll [2010.01.16 10:58:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010.01.16 10:58:24 | 00,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys [2010.01.16 10:54:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.01.15 16:06:54 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\LEd [2010.01.15 16:01:55 | 00,000,000 | ---D | C] -- C:\Programme\LEd [2010.01.14 21:00:04 | 00,000,000 | ---D | C] -- C:\Programme\Texmaker [2010.01.12 20:57:08 | 00,000,000 | ---D | C] -- C:\Programme\IObit [2010.01.12 20:57:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\IObit [2010.01.11 16:51:54 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010.01.11 16:48:19 | 00,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.01.11 16:30:21 | 00,000,000 | ---D | C] -- C:\Lop SD [2010.01.10 15:43:36 | 00,000,000 | ---D | C] -- C:\XPCD [2010.01.10 15:43:25 | 00,000,000 | ---D | C] -- C:\UBCD4Win [2010.01.10 15:06:04 | 00,000,000 | ---D | C] -- C:\Programme\ESET [2010.01.09 17:42:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010.01.09 17:37:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.01.09 17:37:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.01.09 17:37:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.01.09 17:37:00 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.01.09 14:12:16 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Tific [2010.01.09 14:11:51 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Tific [2010.01.09 13:54:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2010.01.09 13:54:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2010.01.09 13:54:42 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2010.01.09 13:54:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2010.01.09 13:54:41 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2010.01.09 13:54:40 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2010.01.09 13:54:39 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2010.01.09 13:54:39 | 00,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2010.01.09 13:54:38 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll [2010.01.09 13:54:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll [2010.01.09 13:54:36 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll [2010.01.09 13:54:36 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2010.01.09 13:54:36 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll [2010.01.09 13:54:35 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2010.01.09 13:54:35 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2010.01.09 13:54:32 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2010.01.09 13:54:32 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2010.01.09 13:54:31 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2010.01.09 13:54:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2010.01.09 13:54:29 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2010.01.09 13:54:29 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2010.01.09 13:54:29 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2010.01.09 13:54:28 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2010.01.09 13:54:28 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2010.01.09 13:54:28 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2010.01.09 13:54:27 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2010.01.09 13:54:25 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll [2010.01.09 13:54:24 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2010.01.09 13:54:22 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.01.09 13:54:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2010.01.09 13:54:21 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2010.01.09 13:54:19 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2010.01.09 13:54:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2010.01.09 13:54:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll [2010.01.09 13:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2010.01.09 13:54:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2010.01.09 13:54:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2010.01.09 13:54:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2010.01.09 13:54:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2010.01.09 13:54:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2010.01.09 13:54:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2010.01.09 13:54:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2010.01.09 13:54:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2010.01.09 13:54:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2010.01.09 13:54:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2010.01.09 13:54:17 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2010.01.09 13:54:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2010.01.09 13:54:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2010.01.09 13:54:17 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2010.01.09 13:54:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2010.01.09 13:54:12 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll [2010.01.09 13:54:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2010.01.09 13:54:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2010.01.09 13:54:10 | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010.01.09 13:54:10 | 00,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010.01.09 13:54:10 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll [2010.01.09 13:54:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2010.01.09 13:54:08 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2010.01.09 13:54:07 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2010.01.09 13:54:06 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2010.01.09 13:54:06 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2010.01.09 13:54:05 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2010.01.09 13:54:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2010.01.09 13:54:03 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2010.01.09 13:54:03 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2010.01.09 13:54:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2010.01.09 13:54:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2010.01.09 13:54:02 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2010.01.09 13:54:02 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2010.01.09 13:54:01 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2010.01.09 13:54:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll [2010.01.09 13:54:00 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll [2010.01.09 13:54:00 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2010.01.09 13:54:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.01.09 13:53:59 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.01.09 13:53:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2010.01.09 13:53:56 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2010.01.09 13:53:54 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll [2010.01.09 13:53:51 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.01.09 13:53:45 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.01.09 13:53:45 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.01.09 13:53:38 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2010.01.09 13:53:38 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2010.01.09 13:53:37 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2010.01.09 13:53:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll [2010.01.09 13:53:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll [2010.01.09 13:53:33 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.01.09 13:53:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2010.01.09 13:53:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2010.01.09 13:53:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2010.01.09 13:53:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2010.01.09 13:53:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2010.01.09 13:53:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2010.01.09 13:53:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2010.01.09 13:53:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.01.09 13:53:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.01.09 13:53:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.01.09 13:53:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2010.01.09 13:53:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2010.01.09 13:53:30 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2010.01.09 13:53:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2010.01.09 13:53:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2010.01.09 13:53:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2010.01.09 13:53:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2010.01.09 13:53:30 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2010.01.09 13:53:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2010.01.09 13:53:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2010.01.09 13:53:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2010.01.09 13:53:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2010.01.09 13:53:29 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2010.01.09 13:53:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2010.01.09 13:53:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2010.01.09 13:53:28 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2010.01.09 13:53:28 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2010.01.09 13:53:27 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2010.01.09 13:53:27 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.01.09 13:53:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2010.01.09 13:53:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2010.01.09 13:53:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2010.01.09 13:53:26 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll [2010.01.09 13:53:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll [2010.01.09 13:53:24 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll [2010.01.09 13:53:23 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2010.01.09 13:53:22 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.01.09 13:53:22 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2010.01.09 13:53:22 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.01.09 13:53:21 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2010.01.09 13:53:21 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2010.01.09 13:53:21 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2010.01.09 13:53:21 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.01.09 13:53:20 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2010.01.09 13:53:20 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2010.01.09 13:53:19 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2010.01.09 13:53:19 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2010.01.09 13:53:19 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2010.01.09 13:53:19 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2010.01.09 13:53:19 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.01.09 13:53:18 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2010.01.09 13:53:18 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2010.01.09 13:53:18 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.01.09 13:53:17 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2010.01.09 13:53:17 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.01.09 13:53:17 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2010.01.09 13:53:17 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2010.01.09 13:53:17 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.01.09 13:53:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll [2010.01.09 13:53:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe [2010.01.09 13:53:08 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.01.09 13:52:51 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.01.09 13:52:49 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.01.09 13:52:46 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2010.01.09 13:52:46 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2010.01.09 13:52:45 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2010.01.09 13:52:45 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2010.01.09 13:52:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll [2010.01.09 13:52:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2010.01.09 13:52:43 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2010.01.09 13:52:42 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2010.01.09 13:52:41 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2010.01.09 13:52:41 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2010.01.09 13:52:41 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2010.01.09 13:52:41 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2010.01.09 13:52:35 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2010.01.09 13:52:33 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2010.01.09 13:52:33 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe [2010.01.09 13:52:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll [2010.01.09 13:52:33 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll [2010.01.09 13:52:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2010.01.09 13:52:31 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2010.01.09 13:52:30 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2010.01.09 13:52:30 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2010.01.09 13:52:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2010.01.09 13:52:30 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2010.01.09 13:52:29 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.01.09 13:52:28 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.01.09 13:52:27 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2010.01.09 13:52:27 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2010.01.09 13:52:27 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2010.01.09 13:52:27 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2010.01.09 13:52:27 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2010.01.09 13:52:26 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010.01.09 13:52:26 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2010.01.09 13:52:26 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.01.09 13:52:25 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll [2010.01.09 13:52:24 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll [2010.01.09 13:52:19 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll [2010.01.09 13:52:18 | 00,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll [2010.01.09 13:52:18 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2010.01.09 13:52:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll [2010.01.09 13:52:15 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll [2010.01.09 13:52:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll [2010.01.09 13:52:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2010.01.09 13:52:09 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll [2010.01.09 13:50:14 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll [2010.01.09 13:50:14 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll [2010.01.09 13:50:14 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll [2010.01.09 13:50:14 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll [2010.01.09 13:50:12 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll [2010.01.09 13:50:10 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll [2010.01.09 13:50:07 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll [2010.01.09 13:50:06 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll [2010.01.09 13:50:06 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2010.01.09 13:50:06 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll [2010.01.09 13:50:04 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll [2010.01.09 13:50:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll [2010.01.09 13:50:03 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe [2010.01.09 13:50:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2010.01.09 13:49:55 | 00,778,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe [2010.01.09 13:49:55 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe [2010.01.09 13:49:54 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe [2010.01.09 13:49:54 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll [2010.01.09 13:49:43 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll [2010.01.09 13:49:42 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll [2010.01.09 13:49:42 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll [2010.01.09 13:49:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll [2010.01.09 13:49:41 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll [2010.01.09 13:49:41 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll [2010.01.09 13:49:41 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe [2010.01.09 13:49:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll [2010.01.09 13:49:40 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll [2010.01.09 13:49:34 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll [2010.01.09 13:49:33 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll [2010.01.09 13:49:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe [2010.01.09 13:48:14 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2010.01.09 13:48:14 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl [2010.01.09 13:48:13 | 00,356,352 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll [2010.01.09 13:48:13 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2010.01.09 13:48:12 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll [2010.01.09 13:48:12 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll [2010.01.09 13:48:12 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe [2010.01.09 13:48:12 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe [2010.01.09 13:48:11 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll [2010.01.09 13:48:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll [2010.01.09 13:48:11 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll [2010.01.09 13:48:09 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll [2010.01.09 13:48:09 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll [2010.01.09 13:48:09 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll [2010.01.09 13:48:09 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll [2010.01.09 13:48:08 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll [2010.01.09 13:48:08 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll [2010.01.09 13:48:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe [2010.01.09 13:48:06 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx [2010.01.09 13:48:06 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe [2010.01.09 13:48:06 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe [2010.01.09 13:48:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll [2010.01.09 13:48:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll [2010.01.09 13:48:05 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll [2010.01.09 13:48:05 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll [2010.01.09 13:48:05 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll [2010.01.09 13:48:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll [2010.01.09 13:48:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll [2010.01.09 13:48:04 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll [2010.01.09 13:48:04 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll [2010.01.09 13:48:04 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll [2010.01.09 13:48:04 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll [2010.01.09 13:48:04 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll [2010.01.09 13:48:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll [2010.01.09 13:48:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll [2010.01.09 13:48:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll [2010.01.09 13:48:04 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll [2010.01.09 13:48:04 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll [2010.01.09 13:48:03 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrtl.dll [2010.01.09 13:47:58 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll [2010.01.09 13:47:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll [2010.01.09 13:47:58 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll [2010.01.09 13:47:48 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe [2010.01.09 13:47:48 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe [2010.01.09 13:47:48 | 00,000,000 | ---D | C] -- C:\Programme\MSN [2010.01.09 13:47:47 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2010.01.09 13:47:46 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe [2010.01.09 13:47:46 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe [2010.01.09 13:47:44 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe [2010.01.09 13:47:44 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2010.01.09 13:47:44 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe [2010.01.09 13:47:44 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll [2010.01.09 13:47:43 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll [2010.01.09 13:47:43 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe [2010.01.09 13:47:43 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe [2010.01.09 13:47:43 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe [2010.01.09 13:47:42 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll [2010.01.09 13:47:42 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe [2010.01.09 13:47:42 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll [2010.01.09 13:47:42 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll [2010.01.09 13:47:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll [2010.01.09 13:47:41 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll [2010.01.09 13:47:40 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll [2010.01.09 13:47:40 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll [2010.01.09 13:47:39 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll [2010.01.09 13:47:34 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll [2010.01.09 13:43:28 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2010.01.09 13:43:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2010.01.09 13:43:27 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys [2010.01.09 13:29:47 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\rtl8139.sys [2010.01.09 13:28:27 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010.01.09 13:28:27 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2010.01.09 13:28:27 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010.01.09 13:28:27 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2010.01.09 13:28:26 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv [2010.01.09 13:28:25 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll [2010.01.07 20:22:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.01.07 20:22:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.01.07 20:22:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.01.07 20:22:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.01.07 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.01.07 20:22:25 | 00,000,000 | --SD | C] -- C:\ComboFix [2010.01.07 20:15:09 | 00,000,000 | ---D | C] -- C:\Qoobox [2010.01.07 19:58:22 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Symantec Shared [2010.01.07 19:56:37 | 00,000,000 | ---D | C] -- C:\Programme\Windows Sidebar [2010.01.07 19:56:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2010.01.07 19:56:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller [2010.01.07 10:59:43 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\QuickScan [2010.01.06 23:31:30 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Christopher\Recent [2010.01.06 22:59:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\tor [2010.01.06 21:34:38 | 00,000,000 | ---D | C] -- C:\Programme\Sicherheits-Software [2010.01.06 21:33:07 | 00,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.01.06 19:43:02 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Runscanner.net [2010.01.06 19:07:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion [2010.01.06 19:07:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Yahoo! [2010.01.06 19:07:29 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.01.06 18:48:11 | 00,000,000 | ---D | C] -- C:\rsit [2010.01.06 17:50:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2010.01.06 17:24:11 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.01.06 16:10:28 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2010.01.06 12:19:40 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Uniblue [2010.01.06 12:17:35 | 00,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.01.05 21:59:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Christopher\Eigene Dateien\Science-Fiction [2009.12.31 17:25:05 | 00,026,088 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe [2009.12.31 17:25:04 | 00,089,360 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL [2009.12.31 17:25:04 | 00,024,576 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2009.12.31 17:24:46 | 00,000,000 | ---D | C] -- C:\BlueByte [2009.10.19 16:01:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware [2008.09.20 21:30:17 | 72,986,158 | ---- | C] (INRIA ) -- C:\Programme\scilab-5.0.1.exe [2008.06.24 20:55:02 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2008.06.15 20:21:29 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe [2008.06.15 20:21:04 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2008.04.01 21:10:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.03.31 13:09:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2008.03.31 13:05:39 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2008.03.31 13:05:39 | 00,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] |
|
17.01.2010, 09:53
| #92 |
| | malware defense und security alertCode:
ATTFilter ========== Files - Modified Within 30 Days ==========
[2010.01.17 09:43:57 | 00,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
[2010.01.17 09:42:45 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010.01.17 09:42:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.17 09:42:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.17 00:17:03 | 08,912,896 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christopher\NTUSER.DAT
[2010.01.17 00:17:03 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Christopher\ntuser.ini
[2010.01.17 00:16:50 | 07,056,538 | -H-- | M] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.01.16 11:18:14 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.01.16 11:16:03 | 01,076,368 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.01.16 11:16:03 | 00,462,306 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.01.16 11:16:03 | 00,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.16 11:16:03 | 00,085,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.01.16 11:16:03 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.16 11:15:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.16 11:14:20 | 00,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.01.16 11:12:49 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.01.16 11:05:26 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2010.01.16 10:58:06 | 00,251,712 | RHS- | M] () -- C:\ntldr
[2010.01.16 10:58:06 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010.01.16 10:02:00 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.01.15 23:14:01 | 00,000,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\ART.tex
[2010.01.15 17:12:12 | 00,022,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\ART.pdf
[2010.01.15 16:20:28 | 00,000,266 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\sdfsd.aux
[2010.01.14 21:00:07 | 00,000,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Texmaker.lnk
[2010.01.12 21:55:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.01.12 21:13:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.12 20:57:13 | 00,000,846 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Advanced SystemCare.lnk
[2010.01.11 19:06:59 | 00,006,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.10 18:27:20 | 00,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.10 15:46:26 | 00,001,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\UBCD4Win.lnk
[2010.01.09 23:47:54 | 40,233,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\zaSetup_91_007_002en.exe
[2010.01.09 17:42:01 | 10,722,54976 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010.01.09 17:33:17 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Christopher.job
[2010.01.09 13:55:57 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.01.09 13:51:47 | 00,000,760 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.01.09 13:51:44 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010.01.09 13:51:43 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.01.09 13:51:43 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.01.09 13:51:42 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010.01.09 13:51:30 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.09 13:50:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.01.09 13:50:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.01.09 13:48:37 | 00,023,836 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.09 13:28:31 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.01.08 21:12:12 | 00,608,776 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.01.07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.01.07 10:59:44 | 00,000,796 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\QuickScan Folder.lnk
[2010.01.07 10:57:35 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010.01.06 13:02:19 | 00,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.16 11:03:20 | 00,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010.01.16 11:03:20 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010.01.16 11:03:20 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010.01.16 11:03:20 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010.01.16 11:03:20 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010.01.16 11:03:20 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010.01.16 11:03:20 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010.01.16 11:03:20 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010.01.16 11:03:20 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010.01.16 11:03:20 | 00,076,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010.01.16 11:03:20 | 00,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010.01.16 11:03:20 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010.01.16 11:03:20 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010.01.16 11:03:20 | 00,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010.01.16 11:03:20 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010.01.16 11:03:19 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010.01.16 11:03:19 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010.01.16 11:03:19 | 00,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010.01.16 11:03:19 | 00,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010.01.16 11:03:19 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010.01.16 11:03:19 | 00,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010.01.16 11:03:19 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010.01.16 11:03:19 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010.01.16 11:03:19 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010.01.16 11:03:19 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010.01.16 11:03:19 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010.01.16 11:03:19 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010.01.16 11:03:19 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010.01.16 11:03:19 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010.01.16 11:03:19 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010.01.16 11:03:19 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010.01.16 11:03:19 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010.01.16 11:03:19 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010.01.16 11:03:19 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010.01.16 11:03:18 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010.01.16 11:03:18 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010.01.16 11:03:18 | 00,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010.01.16 11:03:18 | 00,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010.01.16 11:03:18 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010.01.16 11:03:18 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010.01.16 11:03:18 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010.01.16 11:03:18 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010.01.16 11:03:18 | 00,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010.01.16 11:03:18 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010.01.16 11:03:18 | 00,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010.01.16 11:03:18 | 00,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010.01.16 11:03:18 | 00,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010.01.16 11:03:18 | 00,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010.01.16 11:03:18 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010.01.16 11:03:18 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010.01.16 11:03:18 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010.01.16 11:03:18 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010.01.16 11:03:18 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010.01.16 11:03:18 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010.01.16 11:03:18 | 00,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010.01.16 11:03:18 | 00,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010.01.16 11:03:18 | 00,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010.01.16 11:03:18 | 00,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010.01.16 11:03:18 | 00,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010.01.16 11:03:18 | 00,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010.01.16 11:03:18 | 00,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010.01.16 11:03:18 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010.01.16 11:03:18 | 00,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010.01.16 11:03:18 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010.01.16 11:03:17 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010.01.16 11:03:17 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010.01.16 11:03:17 | 00,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010.01.16 11:03:17 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010.01.16 11:03:17 | 00,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010.01.16 11:03:17 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010.01.16 11:03:17 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010.01.16 11:03:17 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010.01.16 11:03:17 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010.01.16 11:03:17 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010.01.16 11:03:17 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010.01.16 11:03:17 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010.01.16 11:03:17 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010.01.16 11:03:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010.01.16 11:03:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010.01.16 11:03:17 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010.01.16 11:03:17 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010.01.16 11:03:17 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010.01.16 10:56:55 | 00,002,675 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.01.15 16:21:07 | 00,022,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\ART.pdf
[2010.01.15 16:21:05 | 00,000,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\ART.tex
[2010.01.15 16:12:43 | 00,000,266 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\sdfsd.aux
[2010.01.14 21:00:07 | 00,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Texmaker.lnk
[2010.01.12 20:57:13 | 00,000,846 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Advanced SystemCare.lnk
[2010.01.10 18:27:20 | 00,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.01.10 15:46:26 | 00,001,241 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\UBCD4Win.lnk
[2010.01.09 23:44:22 | 40,233,352 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\zaSetup_91_007_002en.exe
[2010.01.09 14:15:21 | 10,722,54976 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010.01.09 13:54:01 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.01.09 13:53:33 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.01.09 13:53:22 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.01.09 13:53:20 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.01.09 13:53:17 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.01.09 13:52:58 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.01.09 13:52:49 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.01.09 13:52:30 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.01.09 13:50:45 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.01.09 13:50:39 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.01.07 20:22:35 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.01.07 20:22:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.01.07 20:22:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.01.07 20:22:35 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.01.07 20:22:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.01.07 16:04:06 | 00,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Christopher.job
[2010.01.07 12:11:35 | 00,608,776 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010.01.07 10:59:44 | 00,000,796 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\QuickScan Folder.lnk
[2010.01.06 13:02:19 | 00,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
[2009.12.31 17:25:05 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.12.31 17:25:05 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.12.31 17:25:05 | 00,035,840 | R--- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2009.12.31 17:25:04 | 00,029,184 | R--- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2009.11.20 18:46:23 | 03,778,785 | ---- | C] () -- C:\Programme\tex4ht.zip
[2009.10.17 19:48:57 | 00,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\PnkBstrK.sys
[2009.10.17 19:48:57 | 00,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.08.22 15:09:41 | 08,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2009.04.09 09:48:58 | 00,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2008.12.25 10:10:56 | 00,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2008.12.25 10:10:55 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2008.11.23 16:01:32 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\gksl_ger.dll
[2008.09.19 22:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.09.19 22:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.09.19 22:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.11 14:46:02 | 00,008,348 | ---- | C] () -- C:\Programme\polynom.zip
[2008.09.01 16:13:40 | 00,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2008.08.17 17:53:07 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2008.07.09 18:44:05 | 01,480,920 | ---- | C] () -- C:\Programme\TeamViewer_Setup_de.exe
[2008.07.08 13:51:23 | 00,000,055 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2008.06.15 14:30:02 | 00,000,647 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\gnuplot_history
[2008.05.19 17:58:01 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.05 19:12:27 | 00,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2008.04.25 21:42:10 | 00,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.04.08 21:33:07 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.04.03 17:07:21 | 00,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.03 09:02:05 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.04.01 21:27:18 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008.03.31 13:19:22 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007.11.06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005.02.07 07:35:48 | 00,121,562 | ---- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2005.02.07 07:35:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\fvh.dll
[2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 17.01.2010 09:45:02 - Run 2
OTL by OldTimer - Version 3.1.22.0 Folder = C:\Programme\Sicherheits-Software
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 507,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 156,25 Gb Total Space | 117,10 Gb Free Space | 74,94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHRIS
Current User Name: Christopher
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTornado\btdownloadgui.exe" = C:\Programme\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Programme\SmartFTP Client\SmartFTP.exe" = C:\Programme\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\MathCast088\MathCast.exe" = C:\Programme\MathCast088\MathCast.exe:*:Enabled:MathCast Equation Editor -- ()
"C:\Dokumente und Einstellungen\Christopher\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\Christopher\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe" = C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe:*:Enabled:Ftp-Client -- (Ruff-Tech)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader -- (Orbitdownloader.com)
"C:\Programme\Microsoft Games\Age of Mythology\aom.exe" = C:\Programme\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE" = C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Enabled:GMX MultiMessenger -- (GMX GmbH)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Halo\halo.exe" = C:\Programme\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Programme\MultiProxy\MProxy.exe" = C:\Programme\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server -- (MishkinSoft, http://www.multiproxy.org)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\xampp\FileZillaFTP\FileZilla Server.exe" = C:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- (FileZilla Project)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27AB9BD6-4A3E-4BBD-8381-CD445E474936}" = Berkeley Madonna
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{510A492E-062F-49BA-9A98-FB3662AD4B36}" = PhysProf
"{52061908-F94F-3D78-AA50-B956039C845D}" = Microsoft Visual C# 2008 Express Edition - DEU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DA764F-7C3C-4D77-8C8B-67744E457544}" = Kurvendiskussion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63E921D9-799A-44F9-A742-DE3DC968AFEF}" = Microsoft .NET Framework SDK (German) 1.1
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B76034B-B3ED-46D5-8C66-DEB102CB830A}" = ATI Catalyst Control Center
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{90B608A7-A50A-426E-9322-2E557C9DA628}" = MATHPROF 4.0
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5A1E65F-4828-41F0-B516-6AFAF5D021B8}" = Borland Delphi 2005 Personal Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}" = RssReader
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FB1F228C-8D68-41A7-BEA2-D667DDB8B8B7}" = Phase 5 HTML-Editor
"{FFAA01ED-BEEC-4578-87D5-90E1C7A6D230}" = MSI US54EX Wireless Client Utility
"7-Zip" = 7-Zip 4.65
"AbiMan Hessen_is1" = AbiMan Hessen Version Juni 2007
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Mythology 1.0" = Age of Mythology
"All ATI Software" = ATI - Software Uninstall Utility
"Aspell" = Aspell Data
"Aspell6-Dictionary-be" = Aspell 0.6 Dictionary (Language: be)
"Aspell6-Dictionary-bg" = Aspell 0.6 Dictionary (Language: bg)
"Aspell6-Dictionary-ca" = Aspell 0.6 Dictionary (Language: ca)
"Aspell6-Dictionary-cs" = Aspell 0.6 Dictionary (Language: cs)
"Aspell6-Dictionary-da" = Aspell 0.6 Dictionary (Language: da)
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTornado" = BitTornado 0.3.17
"Blue Byte Game Channel" = Blue Byte Game Channel
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"ClearProg" = ClearProg 1.5.1 Beta 3
"Codepad" = Codepad
"Derive 6 Trial Edition" = Derive 6 Trial Edition
"Descartes3D Version 2.4 Testversion_is1" = Descartes3D Version 2.4 Testversion
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVC" = DVC DVC Simulator
"EasyBurning" = Easy Burning (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firefox Profile Switcher" = Firefox Profile Switcher
"FLV Player" = FLV Player 2.0, build 24
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Funktion" = Funktion
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"GameSpy Arcade" = GameSpy Arcade
"gb40Unst #1" = MathEnvision
"Geo" = Geo
"GeoGebra" = GeoGebra
"GEONExT_is1" = GEONExT 1.71
"GMX MultiMessenger" = GMX MultiMessenger
"Google Updater" = Google Updater
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GUYacas" = GUYacas
"Halo Trial" = Microsoft Halo Trial
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.5.7 Q16_is1" = ImageMagick 6.5.7-9 Q16 (2009-11-15)
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.46
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JonDoUninstall" = JonDo
"LEd_is1" = LEd Beta 0.53
"Little Math Helper_is1" = Little Math Helper 3.0
"LyX" = LyX 1.6.3-2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.7" = MiKTeX 2.7
"MinGW" = MinGW 5.1.4
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-nb-base-6.5.0.0.200811100001" = NetBeans IDE 6.5
"Nero 7 Lite_is1" = Nero Lite 7.8.5.0
"NetBrute Scanner Security Suite" = NetBrute Scanner Security Suite
"Orbit_is1" = Orbit Downloader
"PhET 1.0" = PhET
"Phun_is1" = Phun beta 4.22
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Qt Eclipse Integration 1.4.3 - C:_Programme_Trolltech_Eclipse" = Qt Eclipse Integration 1.4.3
"RealPlayer 12.0" = RealPlayer
"Ruff-FTP_is1" = Ruff-Tech
"S4Uninst" = Die Siedler IV
"scilab-4.1.2_is1" = scilab-4.1.2
"Security Task Manager" = Security Task Manager 1.7h
"ST6UNST #1" = Date Cracker 2000
"Stellarium_is1" = Stellarium 0.10.2
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"Trillian" = Trillian
"UBCD4Win_is1" = UBCD4Win 3.50
"VCam 3.1_is1" = VCam 3.1.1
"webcamXP" = webcamXP 2007
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.3
"WIC" = Windows Imaging Component
"WinDjView" = WinDjView 1.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"WinShell_is1" = WinShell
"Wireshark" = Wireshark 1.0.4
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
"dac3872c7adba82f" = EasyGrafiker starten
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"GChess" = GChess
"MiKTeX 2.7" = MiKTeX 2.7
"Nuclear Physics" = Nuclear Physics
"Radio Waves" = Radio Waves
"Reversible Reactions" = Reversible Reactions
"The Photoelectric Effect" = The Photoelectric Effect
"Wave Interference" = Wave Interference
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
17.01.2010, 10:03
| #93 |
  | malware defense und security alert @guardensema
__________________Hallo, bitte einen eigenen Thread eröffnen und folgendes dort abarbeiten/posten: Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Free dent poll internet\audio dvd obj.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INTERNET SPAM SUPPORT AUDIO\ping remote.exe
Deinstalliere Bearshare! Zuerst versucht ihr MAM zu installieren, dazu benennt es bereits im Downloaddialog auf z.B. Test.exe um. Startet es nach der Installation nicht, wartet bis Avenger den Rootkit "ausgeknippst" hat und lasst es dann sofort laufen (nach dem Update der Signaturen!) Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Falls MAM bereits installiert ist, weiter mit Avenger... Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Drivers to delete:
H8SRTd.sys
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BearShare
Files to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bags Plus Online Chin\City Link.exe
C:\DOKUME~1\Sema\ANWEND~1\thisidle\Chic base.exe
Folders to delete:
C:\Dokumente und Einstellungen\Sema\Lokale Einstellungen\Temp
C:\Programme\AskBarDis
C:\Programme\BearShare
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ss
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programme\ShoppingReport\Bin\2.0.22\ShoppingReport.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [FaceFilm] C:\DOKUME~1\Sema\ANWEND~1\thisidle\Chic base.exe
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOKUME~1\Sema\LOKALE~1\Temp\cls_pack.exe
Startet MAM immer noch nicht, in das Installationsverzeichnis von MAM wechseln und die EXE von MAM (mbam.exe) auf z. B. test.exe umbenennen und durch Doppelklick starten. Nach Beendigung des Scanns (und MAM) nennt ihr sie auf den ursprünglichen Namen (mbam.exe) zurück. Gmer: http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Chris
__________________ |
|
17.01.2010, 17:58
| #94 | |
| | malware defense und security alert @capella: Sieht soweit gut aus, du solltest dich allerdings für eine Sicherheitslösung entscheiden, die Einstellungen vom Sicherheitscenter prüfen sowie einige Links die keiner Zone zugeordnet sind: Zitat:
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
17.01.2010, 18:39
| #95 |
| | malware defense und security alert Was meinst du damit? |
|
18.01.2010, 13:58
| #96 |
| | malware defense und security alert Ich kann damit nix anfangen!! Kannst du das mal übersetzen? |
|
18.01.2010, 16:24
| #97 |
| | malware defense und security alert
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
18.01.2010, 17:38
| #98 |
| | malware defense und security alert Ich nutze aber keine IE... |
|
19.01.2010, 14:13
| #99 |
| | malware defense und security alert Also betrifrf mich das icht. Irgendwie ist jetzt erst seit ein paar tagen der PC beim ausschalten. D.h. wenn ich ihn ausschlaten will, dauert es erst lange bis das "Ausschalt-Symbol" kommt. Und das eigentliche runterfahren ist sehr langsam. |
|
| Themen zu malware defense und security alert |
| aktiv, alert, combofix, deutsch, experte, expertenmeinung, falsches, fensteröffnen, klicke, laufe, laufen, malware, meinung, minute, minuten, net-worm.win32.mytob.t, nicht öffnen, problem, protection, security, security alert, taskleiste, virus, windows, windows alert, windows security, öffnen, öffnet |
Linear-Darstellung
