Befall mit 'TR/Trash.Gen' [trojan]

Boutrous · 07.05.2010, 19:08

hallo Experten-Team!
Vielleicht könnt Ihr mir ja helfen...Das wäre toll!
Nachdem Avira den folgenden Virus gemeldet hat 'TR/Trash.Gen' [trojan] hab ich die Datei mit Ant-Malware löschen können (wahrscheinlich) Ich vermute aber, dass da auf meinem REchner aber noch was drauf ist, was kann ich denn da noch tun, um auf Nummer sicher zu gehen?
Hier ist die HijackThis logfile....
Danke schon mal im Voraus!

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:00, on 07.05.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Windows\vspc1300.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?clid=40488
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - S:\Kommunikation\Neuer Ordner\jccatch.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - S:\Kommunikation\Neuer Ordner\getflash.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SPC1300] C:\Windows\vspc1300.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ccleaner] "D:\imag\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: TrayMin1300.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - S:\Kommunikation\Neuer Ordner\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - S:\Kommunikation\Neuer Ordner\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - Z:\messi\icq\ICQ7.1\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - Z:\messi\icq\ICQ7.1\ICQ.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - S:\Kommunikation\Neuer Ordner\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - S:\Kommunikation\Neuer Ordner\FlashGet.exe (file missing)
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BADFA41-93DB-4EA6-A97A-F173549BF0B2}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe

--
End of file - 9780 bytes

cosinus · 08.05.2010, 00:42

Hallo und

Zitat:

hab ich die Datei mit Ant-Malware löschen können (wahrscheinlich)

Malwarebytes? Wenn Du das Tool schon benutzt hast, will man auch das Logfile davon sehen.

Boutrous · 08.05.2010, 08:16

Hallo Arne, vielen Dank für deine Antwort. Toll, dass du dich gemeldet hast.
Also dies war das Logfile des ersten Durchlaufs, nach dem Reboot hab ich nochmal einen kompletten Scan gemacht und da gab es dann keine positive Meldung mehr. Aber ich bin mir nicht sicher, ob sich da nicht doch jemand eingenistet hat, weil mein Laptop extrem langsam ist und ständig irgend etwas "rattert"....obwohl ich nix mache!
Danke fürs Reinkucken!
Viele Grüße
Peter

Zitat:

Hier die Logfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4070

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06.05.2010 09:56:37
mbam-log-2010-05-06 (09-56-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129190
Laufzeit: 16 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
C:\Users\Peter\AppData\Roaming\svchost.exe (Trojan.Agent) -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Peter\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Peter\AppData\Roaming\svchost.exe (Trojan.Agent) -> Delete on reboot.

Boutrous · 08.05.2010, 08:22

Und der Vollständigkeit halber das Ergebnis des kompletten Scans danach:

Zitat:

Also das komplette Screen Logfile ist jetzt wir folgt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4070

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06.05.2010 15:05:13
mbam-log-2010-05-06 (15-05-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 275326
Laufzeit: 4 Stunde(n), 21 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Boutrous · 08.05.2010, 08:37

Hallo nochmal, ich hab auch eben gerade mit OTL einen Scan gemacht. Hier kommt OTL.text Teil1...

Zitat:

OTL logfile created on: 08.05.2010 09:26:12 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.013,00 Mb Total Physical Memory | 157,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,79 Gb Free Space | 9,48% Space Free | Partition Type: NTFS
Drive D: | 69,78 Gb Total Space | 4,41 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PETER-PC
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe ()
PRC - C:\Windows\vspc1300.exe (Sonix)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\Peter\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (freenet) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

========== Driver Services (SafeList) ==========

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (SPC1300) USB2.0 PC Camera (SPC1300) -- C:\Windows\System32\drivers\spc1300.sys ()
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SWUMX71) Sierra Wireless USB MUX Driver (UMTS71) -- C:\Windows\system32\drivers\swumx71.sys (Sierra Wireless Inc.)
DRV - (SWUMX70) Sierra Wireless USB MUX Driver (UMTS70) -- C:\Windows\system32\drivers\swumx70.sys (Sierra Wireless Inc.)
DRV - (SWUMX54) Sierra Wireless USB MUX Driver (UMTS54) -- C:\Windows\system32\drivers\swumx54.sys (Sierra Wireless Inc.)
DRV - (SWUMX53) Sierra Wireless USB MUX Driver (UMTS53) -- C:\Windows\system32\drivers\swumx53.sys (Sierra Wireless Inc.)
DRV - (SWUMX52) Sierra Wireless USB MUX Driver (UMTS52) -- C:\Windows\system32\drivers\swumx52.sys (Sierra Wireless Inc.)
DRV - (SWUMX51) Sierra Wireless USB MUX Driver (UMTS51) -- C:\Windows\system32\drivers\swumx51.sys (Sierra Wireless Inc.)
DRV - (SWUMX50) Sierra Wireless USB MUX Driver (UMTS50) -- C:\Windows\system32\drivers\swumx50.sys (Sierra Wireless Inc.)
DRV - (SWUMX3A) Sierra Wireless USB MUX Driver (UMTS3A) -- C:\Windows\system32\drivers\swumx3a.sys (Sierra Wireless Inc.)
DRV - (SWUMX33) Sierra Wireless USB MUX Driver (UMTS33) -- C:\Windows\system32\drivers\swumx33.sys (Sierra Wireless Inc.)
DRV - (SWUMX32) Sierra Wireless USB MUX Driver (UMTS32) -- C:\Windows\System32\drivers\swumx32.sys (Sierra Wireless Inc.)
DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- C:\Windows\system32\drivers\swumx20.sys (Sierra Wireless Inc.)
DRV - (swumx12) Sierra Wireless USB MUX Driver (UMTS12) -- C:\Windows\system32\drivers\swumx12.sys (Sierra Wireless Inc.)
DRV - (SWUMX00) Sierra Wireless USB MUX Driver (UMTS00) -- C:\Windows\system32\drivers\swumx00.sys (Sierra Wireless Inc.)
DRV - (SWNC8U32) Sierra Wireless MUX NDIS Driver (UMTS32) -- C:\Windows\System32\drivers\swnc8u32.sys (Sierra Wireless Inc.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (O2SDRDR) -- C:\Windows\system32\drivers\o2sd.sys (O2Micro )
DRV - (tosporte) -- C:\Windows\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (O2MDRDR) -- C:\Windows\system32\drivers\o2media.sys (O2Micro )
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (toshidpt) -- C:\Windows\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.fujitsu-siemens.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?clid=40488
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ">8A: 2 8=B5@=5B"
FF - prefs.js..browser.search.defaulturl: "hxxp://yup.ru/search?m=sponsored&toolid=60969&p="
FF - prefs.js..browser.search.order.1: ">8A: 2 8=B5@=5B"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93}:1.0.0.2
FF - prefs.js..keyword.URL: "hxxp://yup.ru/search?m=sponsored&toolid=60969&p="
FF - prefs.js..network.proxy.http: "68.229.224.179"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2010.05.01 13:40:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.11 09:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.11 09:47:08 | 000,000,000 | ---D | M]

[2009.04.22 07:52:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions
[2008.06.24 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2008.06.24 21:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.05.01 14:00:45 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions
[2010.01.07 16:39:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.07 16:40:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.01.01 17:30:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.05.12 00:02:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009.08.05 07:16:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.08.18 23:24:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.29 09:47:32 | 000,004,299 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\FireFox\Profiles\xlvgr0yh.default\searchplugins\yasearch.xml
[2009.09.18 14:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.08.04 17:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - S:\Kommunikation\Neuer Ordner\jccatch.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - S:\Kommunikation\Neuer Ordner\getflash.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SPC1300] C:\Windows\vspc1300.exe (Sonix)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] D:\imag\CCleaner\ccleaner.exe (Piriform Ltd)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - Z:\messi\icq\ICQ7.1\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - Z:\messi\icq\ICQ7.1\ICQ.exe File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - S:\Kommunikation\Neuer Ordner\FlashGet.exe File not found
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - S:\Kommunikation\Neuer Ordner\FlashGet.exe File not found
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{181ee439-2b25-11dd-a3d3-00a0d5ffff97}\Shell\AutoRun\command - "" = OneCare-Connect-PC\SetupWireless.exe
O33 - MountPoints2\{79a39f29-25e5-11df-8cef-00a0d5ffff97}\Shell\AutoRun\command - "" = Menu.exe
O33 - MountPoints2\{81999b97-5edf-11dd-9cfb-00a0d5ffff97}\Shell - "" = AutoRun
O33 - MountPoints2\{81999b97-5edf-11dd-9cfb-00a0d5ffff97}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8cfc5410-dea6-11de-ae2c-00a0d5ffff97}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.08 09:24:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010.05.07 14:45:53 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.05.06 20:52:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.06 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.05.06 14:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.05.06 09:36:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2010.05.06 09:35:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.06 09:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.06 09:35:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.02 01:52:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010.05.02 01:52:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010.05.02 01:52:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.05.02 01:52:51 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010.05.02 01:52:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010.05.02 01:52:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010.05.02 01:52:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010.05.02 01:52:50 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010.05.02 01:52:50 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010.05.02 01:52:50 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010.05.02 01:52:50 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010.05.02 01:52:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010.05.02 01:52:50 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010.05.02 01:52:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010.05.02 01:52:50 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010.05.02 01:52:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010.05.02 01:52:49 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010.05.02 01:52:49 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010.05.02 01:52:49 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010.05.02 01:52:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010.05.02 01:52:48 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010.05.02 01:52:48 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010.05.02 01:52:48 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010.05.02 01:52:48 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010.05.02 00:57:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010.05.02 00:57:35 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010.05.02 00:57:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010.05.02 00:57:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.05.02 00:57:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010.05.02 00:57:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010.05.02 00:57:32 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010.05.01 20:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010.05.01 20:39:40 | 000,000,000 | ---D | C] -- C:\657138cdd7bd3d6ed9ad87c58b90
[2010.05.01 19:48:48 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010.05.01 18:59:59 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2010.05.01 18:59:59 | 000,047,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2010.05.01 18:21:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2010.05.01 18:21:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2010.05.01 18:21:16 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2010.05.01 18:21:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2010.05.01 18:20:42 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010.05.01 18:20:42 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010.05.01 18:20:42 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2010.05.01 18:20:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
[2010.05.01 18:20:41 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2010.05.01 18:20:41 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010.05.01 18:20:41 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010.05.01 18:20:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.05.01 18:20:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll
[2010.05.01 18:20:41 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2010.05.01 18:20:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2010.05.01 18:20:41 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2010.05.01 18:20:41 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2010.05.01 18:20:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2010.05.01 18:20:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2010.05.01 18:20:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2010.05.01 18:20:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2010.05.01 18:20:41 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2010.05.01 18:20:40 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2010.05.01 18:20:40 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010.05.01 18:20:40 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2010.05.01 18:20:40 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2010.05.01 18:20:40 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010.05.01 18:20:40 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010.05.01 18:20:40 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2010.05.01 18:20:39 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010.05.01 18:20:39 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010.05.01 18:20:39 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2010.05.01 18:20:39 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.05.01 18:20:38 | 001,052,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010.05.01 18:20:38 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010.05.01 18:20:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2010.05.01 18:20:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2010.05.01 18:20:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.05.01 18:20:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2010.05.01 18:20:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2010.05.01 18:20:36 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2010.05.01 18:20:36 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2010.05.01 18:20:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2010.05.01 18:20:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2010.05.01 18:20:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010.05.01 18:20:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010.05.01 18:20:35 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2010.05.01 18:20:35 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2010.05.01 18:20:35 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010.05.01 18:20:35 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010.05.01 18:20:35 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2010.05.01 18:20:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2010.05.01 18:20:35 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2010.05.01 18:20:34 | 002,085,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010.05.01 18:20:34 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2010.05.01 18:20:34 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2010.05.01 18:20:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2010.05.01 18:20:34 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010.05.01 18:20:34 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010.05.01 18:20:34 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010.05.01 18:20:34 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2010.05.01 18:20:34 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010.05.01 18:20:34 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.05.01 18:20:34 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010.05.01 18:20:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.05.01 18:20:34 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2010.05.01 18:20:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2010.05.01 18:20:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll
[2010.05.01 18:20:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2010.05.01 18:20:31 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010.05.01 18:20:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010.05.01 18:20:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010.05.01 18:20:30 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010.05.01 18:20:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2010.05.01 18:20:27 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2010.05.01 18:20:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2010.05.01 18:20:25 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2010.05.01 18:20:25 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010.05.01 18:20:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010.05.01 18:20:25 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010.05.01 18:20:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2010.05.01 18:20:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2010.05.01 18:20:20 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2010.05.01 18:20:20 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010.05.01 18:20:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010.05.01 18:20:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2010.05.01 18:20:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2010.05.01 18:20:19 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2010.05.01 18:20:19 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2010.05.01 18:20:19 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2010.05.01 18:20:18 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010.05.01 18:20:18 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010.05.01 18:20:18 | 000,223,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.05.01 18:20:18 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010.05.01 18:20:18 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2010.05.01 18:20:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2010.05.01 18:20:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2010.05.01 18:20:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010.05.01 18:20:18 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.05.01 18:20:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2010.05.01 18:20:17 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010.05.01 18:20:17 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010.05.01 18:20:17 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2010.05.01 18:20:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010.05.01 18:20:17 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010.05.01 18:20:17 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2010.05.01 18:20:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2010.05.01 18:20:17 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2010.05.01 18:20:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2010.05.01 18:20:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2010.05.01 18:20:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2010.05.01 18:20:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2010.05.01 18:20:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010.05.01 18:20:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2010.05.01 18:20:16 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010.05.01 18:20:16 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2010.05.01 18:20:16 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010.05.01 18:20:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010.05.01 18:20:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2010.05.01 18:20:15 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2010.05.01 18:20:15 | 000,939,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010.05.01 18:20:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2010.05.01 18:20:15 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2010.05.01 18:20:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2010.05.01 18:20:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010.05.01 18:20:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2010.05.01 18:20:14 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2010.05.01 18:20:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2010.05.01 18:20:14 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010.05.01 18:20:14 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010.05.01 18:20:14 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2010.05.01 18:20:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010.05.01 18:20:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2010.05.01 18:20:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2010.05.01 18:20:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2010.05.01 18:20:13 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010.05.01 18:20:13 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010.05.01 18:20:13 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2010.05.01 18:20:13 | 000,376,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010.05.01 18:20:13 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010.05.01 18:20:13 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2010.05.01 18:20:13 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2010.05.01 18:20:13 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2010.05.01 18:20:13 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2010.05.01 18:20:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2010.05.01 18:20:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2010.05.01 18:20:12 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010.05.01 18:20:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2010.05.01 18:20:12 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.05.01 18:20:12 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2010.05.01 18:20:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2010.05.01 18:20:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010.05.01 18:20:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2010.05.01 18:20:11 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010.05.01 18:20:11 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2010.05.01 18:20:11 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2010.05.01 18:20:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.05.01 18:20:11 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2010.05.01 18:20:11 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010.05.01 18:20:11 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2010.05.01 18:20:11 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2010.05.01 18:20:11 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010.05.01 18:20:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2010.05.01 18:20:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010.05.01 18:20:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2010.05.01 18:20:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2010.05.01 18:20:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2010.05.01 18:20:10 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2010.05.01 18:20:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010.05.01 18:20:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.05.01 18:20:10 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2010.05.01 18:20:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2010.05.01 18:20:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2010.05.01 18:20:09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2010.05.01 18:20:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2010.05.01 18:20:09 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010.05.01 18:20:09 | 000,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010.05.01 18:20:09 | 000,019,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010.05.01 18:20:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2010.05.01 18:20:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2010.05.01 18:20:08 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2010.05.01 18:20:08 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.05.01 18:20:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010.05.01 18:20:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2010.05.01 18:20:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010.05.01 18:20:07 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.05.01 18:20:07 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2010.05.01 18:20:07 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2010.05.01 18:20:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010.05.01 18:20:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2010.05.01 18:20:06 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2010.05.01 18:20:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
[2010.05.01 18:20:03 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010.05.01 18:20:03 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010.05.01 18:20:03 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2010.05.01 18:20:03 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2010.05.01 18:20:02 | 002,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010.05.01 18:20:02 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010.05.01 18:20:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010.05.01 18:20:01 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2010.05.01 18:20:01 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2010.05.01 18:20:00 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2010.05.01 18:20:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2010.05.01 18:19:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2010.05.01 18:19:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2010.05.01 18:19:58 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010.05.01 18:19:58 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2010.05.01 18:19:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010.05.01 18:19:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2010.05.01 18:19:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2010.05.01 18:19:57 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2010.05.01 18:19:57 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010.05.01 18:19:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2010.05.01 18:19:57 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010.05.01 18:19:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2010.05.01 18:19:56 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010.05.01 18:19:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010.05.01 18:19:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010.05.01 18:19:56 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010.05.01 18:19:56 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010.05.01 18:19:56 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010.05.01 18:19:56 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010.05.01 18:19:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010.05.01 18:19:56 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010.05.01 18:19:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010.05.01 18:19:56 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010.05.01 18:19:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2010.05.01 18:19:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010.05.01 18:19:55 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010.05.01 18:19:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2010.05.01 18:19:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2010.05.01 18:19:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2010.05.01 18:19:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
[2010.05.01 18:19:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2010.05.01 18:19:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2010.05.01 18:19:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2010.05.01 18:19:54 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010.05.01 18:19:54 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ppcsnap.dll
[2010.05.01 18:19:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010.05.01 18:19:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010.05.01 18:19:54 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010.05.01 18:19:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2010.05.01 18:19:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010.05.01 18:19:53 | 001,823,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010.05.01 18:19:53 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010.05.01 18:19:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010.05.01 18:19:53 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010.05.01 18:19:53 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010.05.01 18:19:53 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2010.05.01 18:19:53 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2010.05.01 18:19:53 | 000,051,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010.05.01 18:19:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.05.01 18:19:53 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll
[2010.05.01 18:19:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2010.05.01 18:19:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2010.05.01 18:19:52 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2010.05.01 18:19:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.05.01 18:19:52 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.05.01 18:19:52 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2010.05.01 18:19:52 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2010.05.01 18:19:52 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010.05.01 18:19:52 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2010.05.01 18:19:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2010.05.01 18:19:51 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010.05.01 18:19:51 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2010.05.01 18:19:51 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2010.05.01 18:19:51 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2010.05.01 18:19:51 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2010.05.01 18:19:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2010.05.01 18:19:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2010.05.01 18:19:46 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010.05.01 18:19:46 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010.05.01 18:19:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2010.05.01 18:19:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2010.05.01 18:19:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2010.05.01 18:19:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010.05.01 18:19:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2010.05.01 18:19:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2010.05.01 18:19:45 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2010.05.01 18:19:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2010.05.01 18:19:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2010.05.01 18:19:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2010.05.01 18:19:44 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010.05.01 18:19:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2010.05.01 18:19:44 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2010.05.01 18:19:43 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010.05.01 18:19:43 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010.05.01 18:19:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010.05.01 18:19:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2010.05.01 18:19:42 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010.05.01 18:19:42 | 000,544,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2010.05.01 18:19:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010.05.01 18:19:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2010.05.01 18:19:41 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010.05.01 18:19:41 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010.05.01 18:19:41 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2010.05.01 18:19:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010.05.01 18:19:41 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2010.05.01 18:19:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2010.05.01 18:19:41 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010.05.01 18:19:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2010.05.01 18:19:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2010.05.01 18:19:40 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010.05.01 18:19:40 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010.05.01 18:19:40 | 000,242,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010.05.01 18:19:40 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2010.05.01 18:19:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2010.05.01 18:19:40 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2010.05.01 18:19:40 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010.05.01 18:19:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2010.05.01 18:19:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2010.05.01 18:19:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2010.05.01 18:19:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2010.05.01 18:19:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2010.05.01 18:19:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010.05.01 18:19:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.05.01 18:19:39 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2010.05.01 18:19:39 | 000,412,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2010.05.01 18:19:39 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010.05.01 18:19:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010.05.01 18:19:39 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010.05.01 18:19:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.05.01 18:19:39 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2010.05.01 18:19:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010.05.01 18:19:39 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2010.05.01 18:19:39 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2010.05.01 18:19:39 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2010.05.01 18:19:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010.05.01 18:19:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010.05.01 18:19:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2010.05.01 18:19:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010.05.01 18:19:37 | 000,889,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010.05.01 18:19:37 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010.05.01 18:19:37 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010.05.01 18:19:37 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010.05.01 18:19:37 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010.05.01 18:19:37 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2010.05.01 18:19:37 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010.05.01 18:19:37 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010.05.01 18:19:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2010.05.01 18:19:37 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010.05.01 18:19:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2010.05.01 18:19:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2010.05.01 18:19:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2010.05.01 18:19:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2010.05.01 18:19:36 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010.05.01 18:19:36 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010.05.01 18:19:36 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010.05.01 18:19:36 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2010.05.01 18:19:36 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2010.05.01 18:19:36 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2010.05.01 18:19:36 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010.05.01 18:19:36 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2010.05.01 18:19:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010.05.01 18:19:36 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2010.05.01 18:19:36 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2010.05.01 18:19:36 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2010.05.01 18:19:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010.05.01 18:19:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010.05.01 18:19:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2010.05.01 18:19:36 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010.05.01 18:19:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2010.05.01 18:19:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2010.05.01 18:19:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2010.05.01 18:19:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2010.05.01 18:19:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2010.05.01 18:19:35 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2010.05.01 18:19:35 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010.05.01 18:19:35 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010.05.01 18:19:35 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010.05.01 18:19:35 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2010.05.01 18:19:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2010.05.01 18:19:35 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010.05.01 18:19:35 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
[2010.05.01 18:19:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010.05.01 18:19:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2010.05.01 18:19:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2010.05.01 18:19:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2010.05.01 18:19:34 | 001,788,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010.05.01 18:19:34 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2010.05.01 18:19:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010.05.01 18:19:34 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2010.05.01 18:19:34 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2010.05.01 18:19:34 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010.05.01 18:19:34 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010.05.01 18:19:34 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010.05.01 18:19:33 | 001,855,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010.05.01 18:19:33 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2010.05.01 18:19:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2010.05.01 18:19:33 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2010.05.01 18:19:33 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2010.05.01 18:19:33 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010.05.01 18:19:33 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2010.05.01 18:19:33 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2010.05.01 18:19:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2010.05.01 18:19:33 | 000,053,248 | ---- | C] (Microsoft Corporation) --

Boutrous · 08.05.2010, 08:39

Und jetzt OTL.text TEil 2:

Zitat:

C:\Windows\System32\d3dxof.dll
[2010.05.01 18:19:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010.05.01 18:19:32 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010.05.01 18:19:32 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2010.05.01 18:19:32 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2010.05.01 18:19:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2010.05.01 18:19:32 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010.05.01 18:19:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2010.05.01 18:19:32 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2010.05.01 18:19:32 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010.05.01 18:19:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010.05.01 18:19:32 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010.05.01 18:19:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010.05.01 18:19:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2010.05.01 18:19:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2010.05.01 18:19:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.05.01 18:19:31 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010.05.01 18:19:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2010.05.01 18:19:31 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010.05.01 18:19:31 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2010.05.01 18:19:31 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2010.05.01 18:19:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2010.05.01 18:19:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2010.05.01 18:19:31 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2010.05.01 18:19:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2010.05.01 18:19:30 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010.05.01 18:19:30 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2010.05.01 18:19:30 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2010.05.01 18:19:30 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2010.05.01 18:19:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010.05.01 18:19:30 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010.05.01 18:19:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2010.05.01 18:19:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010.05.01 18:19:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2010.05.01 18:19:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2010.05.01 18:19:30 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010.05.01 18:19:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010.05.01 18:19:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2010.05.01 18:19:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2010.05.01 18:19:29 | 001,208,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010.05.01 18:19:29 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010.05.01 18:19:29 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2010.05.01 18:19:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2010.05.01 18:19:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2010.05.01 18:19:29 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2010.05.01 18:19:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2010.05.01 18:19:29 | 000,127,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010.05.01 18:19:29 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2010.05.01 18:19:29 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2010.05.01 18:19:29 | 000,036,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010.05.01 18:19:29 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2010.05.01 18:19:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.05.01 18:19:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2010.05.01 18:19:28 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2010.05.01 18:19:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2010.05.01 18:19:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2010.05.01 18:19:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.05.01 18:19:28 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010.05.01 18:19:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2010.05.01 18:19:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2010.05.01 18:19:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2010.05.01 18:19:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2010.05.01 18:19:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2010.05.01 18:19:27 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2010.05.01 18:19:26 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010.05.01 18:19:26 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.05.01 18:19:26 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2010.05.01 18:19:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2010.05.01 18:19:26 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2010.05.01 18:19:25 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2010.05.01 18:19:25 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2010.05.01 18:19:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2010.05.01 18:19:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010.05.01 18:19:25 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010.05.01 18:19:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2010.05.01 18:19:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010.05.01 18:19:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2010.05.01 18:19:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010.05.01 18:19:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010.05.01 18:19:25 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010.05.01 18:19:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2010.05.01 18:19:25 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2010.05.01 18:19:24 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2010.05.01 18:19:24 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2010.05.01 18:19:24 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010.05.01 18:19:24 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010.05.01 18:19:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2010.05.01 18:19:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010.05.01 18:19:23 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010.05.01 18:19:23 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2010.05.01 18:19:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2010.05.01 18:19:23 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2010.05.01 18:19:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010.05.01 18:19:23 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2010.05.01 18:19:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2010.05.01 18:19:23 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2010.05.01 18:19:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010.05.01 18:19:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2010.05.01 18:19:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2010.05.01 18:19:23 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2010.05.01 18:19:23 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010.05.01 18:19:22 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010.05.01 18:19:22 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010.05.01 18:19:22 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2010.05.01 18:19:22 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010.05.01 18:19:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2010.05.01 18:19:22 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2010.05.01 18:19:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2010.05.01 18:19:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010.05.01 18:19:22 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2010.05.01 18:19:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2010.05.01 18:19:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2010.05.01 18:19:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2010.05.01 18:19:21 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2010.05.01 18:19:21 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010.05.01 18:19:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2010.05.01 18:19:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010.05.01 18:19:21 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2010.05.01 18:19:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2010.05.01 18:19:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010.05.01 18:19:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2010.05.01 18:19:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.05.01 18:19:20 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.05.01 18:19:20 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010.05.01 18:19:20 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010.05.01 18:19:20 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010.05.01 18:19:20 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010.05.01 18:19:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010.05.01 18:19:20 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010.05.01 18:19:20 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010.05.01 18:19:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2010.05.01 18:19:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010.05.01 18:19:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
[2010.05.01 18:19:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2010.05.01 18:19:19 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010.05.01 18:19:19 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010.05.01 18:19:19 | 000,220,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys
[2010.05.01 18:19:19 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2010.05.01 18:19:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2010.05.01 18:19:19 | 000,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2010.05.01 18:19:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010.05.01 18:19:19 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2010.05.01 18:19:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2010.05.01 18:19:19 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2010.05.01 18:19:19 | 000,029,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010.05.01 18:19:18 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2010.05.01 18:19:18 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2010.05.01 18:19:18 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2010.05.01 18:19:18 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2010.05.01 18:19:18 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010.05.01 18:19:18 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010.05.01 18:19:18 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010.05.01 18:19:18 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010.05.01 18:19:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2010.05.01 18:19:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2010.05.01 18:19:17 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2010.05.01 18:19:17 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2010.05.01 18:19:17 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2010.05.01 18:19:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2010.05.01 18:19:17 | 000,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010.05.01 18:19:16 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010.05.01 18:19:16 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010.05.01 18:19:16 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2010.05.01 18:19:16 | 000,131,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010.05.01 18:19:16 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2010.05.01 18:19:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2010.05.01 18:19:16 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2010.05.01 18:19:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2010.05.01 18:19:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2010.05.01 18:19:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010.05.01 18:19:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2010.05.01 18:19:15 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010.05.01 18:19:15 | 001,186,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2010.05.01 18:19:15 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010.05.01 18:19:15 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010.05.01 18:19:15 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010.05.01 18:19:15 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2010.05.01 18:19:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2010.05.01 18:19:14 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2010.05.01 18:19:14 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2010.05.01 18:19:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2010.05.01 18:19:14 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2010.05.01 18:19:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2010.05.01 18:19:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2010.05.01 18:19:13 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
[2010.05.01 18:19:13 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2010.05.01 18:19:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2010.05.01 18:19:12 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2010.05.01 18:19:12 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2010.05.01 18:19:11 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010.05.01 18:19:11 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010.05.01 18:19:11 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2010.05.01 18:19:11 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2010.05.01 18:19:10 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010.05.01 18:19:10 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2010.05.01 18:19:10 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2010.05.01 18:19:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2010.05.01 18:19:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010.05.01 18:19:09 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010.05.01 18:19:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2010.05.01 18:19:08 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010.05.01 18:19:08 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2010.05.01 18:19:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2010.05.01 18:19:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2010.05.01 18:19:07 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2010.05.01 18:19:07 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2010.05.01 18:19:07 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2010.05.01 18:19:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2010.05.01 18:19:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2010.05.01 18:19:06 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010.05.01 18:19:06 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010.05.01 18:19:06 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2010.05.01 18:19:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010.05.01 18:19:06 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2010.05.01 18:19:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2010.05.01 18:19:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2010.05.01 18:19:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2010.05.01 18:19:05 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.05.01 18:19:05 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2010.05.01 18:19:05 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010.05.01 18:19:05 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010.05.01 18:19:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010.05.01 18:19:05 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2010.05.01 18:19:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010.05.01 18:19:05 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010.05.01 18:19:05 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2010.05.01 18:19:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2010.05.01 18:19:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2010.05.01 18:19:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2010.05.01 18:19:05 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010.05.01 18:19:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2010.05.01 18:19:04 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010.05.01 18:19:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2010.05.01 18:19:04 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2010.05.01 18:19:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010.05.01 18:19:04 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blb_ps.dll
[2010.05.01 18:18:58 | 000,882,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010.05.01 18:18:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010.05.01 18:18:58 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.05.01 18:18:56 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2010.05.01 18:18:55 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010.05.01 18:18:55 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010.05.01 18:18:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010.05.01 18:18:54 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.05.01 18:18:54 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010.05.01 18:18:54 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010.05.01 18:18:54 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010.05.01 18:18:54 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2010.05.01 18:18:54 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010.05.01 18:18:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2010.05.01 18:18:52 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010.05.01 18:18:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010.05.01 18:18:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2010.05.01 18:18:49 | 000,445,952 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010.05.01 18:18:49 | 000,251,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010.05.01 18:18:49 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010.05.01 18:18:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010.05.01 18:18:49 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010.05.01 18:18:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010.05.01 18:18:49 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010.05.01 18:18:49 | 000,034,304 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPZIPT12.DLL
[2010.05.01 18:18:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010.05.01 18:18:49 | 000,020,992 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPZISN12.DLL
[2010.05.01 18:18:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2010.05.01 18:18:48 | 000,053,248 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPZIDR12.DLL
[2010.05.01 18:18:48 | 000,037,376 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPZIPR12.DLL
[2010.05.01 18:18:47 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.05.01 18:18:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2010.05.01 18:18:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.05.01 18:18:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.05.01 18:18:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010.05.01 18:18:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2010.05.01 18:18:45 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.05.01 18:18:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2010.05.01 18:18:45 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010.05.01 18:18:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.05.01 18:18:45 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2010.05.01 18:18:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2010.05.01 18:18:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010.05.01 18:18:43 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2010.05.01 18:18:43 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2010.05.01 18:18:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2010.05.01 18:18:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2010.05.01 18:18:43 | 000,011,776 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPBPROPS.DLL
[2010.05.01 18:18:42 | 000,039,936 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPBPRO.DLL
[2010.05.01 18:18:42 | 000,029,184 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPBOID.DLL
[2010.05.01 18:18:42 | 000,028,160 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\HPBMIAPI.DLL
[2010.05.01 18:18:42 | 000,011,776 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPBOIDPS.DLL
[2010.05.01 18:18:42 | 000,008,192 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\System32\HPBMINI.DLL
[2010.05.01 18:18:41 | 000,705,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOMPOSE.dll
[2010.05.01 18:18:41 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOMEX.dll
[2010.05.01 18:18:41 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2010.05.01 18:18:41 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSEXT32.dll
[2010.05.01 18:18:41 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2010.05.01 18:18:40 | 000,925,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSRESM.dll
[2010.05.01 18:18:40 | 000,890,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSST.dll
[2010.05.01 18:18:40 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010.05.01 18:18:40 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSXP32.dll
[2010.05.01 18:18:40 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2010.05.01 18:18:40 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
[2010.05.01 18:18:40 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXST30.dll
[2010.05.01 18:18:40 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSUTILITY.dll
[2010.05.01 18:18:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOM.dll
[2010.05.01 18:18:40 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSROUTE.dll
[2010.05.01 18:18:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2010.05.01 18:18:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010.05.01 18:18:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSUNATD.exe
[2010.05.01 18:18:39 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2010.05.01 18:18:39 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2010.05.01 18:18:39 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010.05.01 18:18:39 | 000,101,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010.05.01 18:18:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2010.05.01 18:18:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2010.05.01 18:18:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2010.05.01 18:18:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2010.05.01 18:18:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2010.05.01 18:18:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010.05.01 18:18:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010.05.01 18:18:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010.05.01 18:18:37 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2010.05.01 18:18:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2010.05.01 18:18:37 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2010.05.01 18:18:36 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2010.05.01 18:18:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2010.05.01 18:18:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2010.05.01 18:18:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2010.05.01 18:18:35 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010.05.01 18:18:35 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010.05.01 18:18:35 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010.05.01 18:18:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2010.05.01 18:18:35 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2010.05.01 18:18:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2010.05.01 18:18:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2010.05.01 18:18:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010.05.01 18:18:28 | 001,514,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010.05.01 18:18:28 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2010.05.01 18:18:26 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2010.05.01 18:18:26 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010.05.01 18:18:26 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2010.05.01 18:18:26 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010.05.01 18:18:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2010.05.01 18:18:26 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2010.05.01 18:18:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.05.01 18:18:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010.05.01 18:18:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.05.01 18:18:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010.05.01 18:18:24 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010.05.01 18:18:24 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2010.05.01 18:18:24 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2010.05.01 18:18:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2010.05.01 18:18:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2010.05.01 18:18:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2010.05.01 18:18:23 | 003,216,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010.05.01 18:18:23 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2010.05.01 18:18:23 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2010.05.01 18:18:23 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.05.01 18:18:23 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010.05.01 18:18:23 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2010.05.01 18:18:22 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010.05.01 18:18:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2010.05.01 18:18:21 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.05.01 18:18:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.05.01 18:18:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.05.01 18:18:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFax.dll
[2010.05.01 18:18:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.05.01 18:18:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2010.05.01 18:18:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2010.05.01 18:18:19 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2010.05.01 18:18:19 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbadmin.exe
[2010.05.01 18:18:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2010.05.01 18:18:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2010.05.01 18:18:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2010.05.01 18:18:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010.05.01 18:18:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2010.05.01 18:18:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2010.05.01 18:18:16 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010.05.01 18:18:16 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010.05.01 18:18:15 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010.05.01 18:18:15 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010.05.01 18:18:15 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010.05.01 18:18:15 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010.05.01 18:18:15 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.05.01 18:18:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2010.05.01 18:18:15 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.05.01 18:18:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2010.05.01 18:18:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2010.05.01 18:18:13 | 001,532,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010.05.01 18:18:13 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010.05.01 18:18:13 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.05.01 18:18:12 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010.05.01 18:18:12 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010.05.01 18:18:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010.05.01 18:18:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2010.05.01 18:18:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010.05.01 18:18:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010.05.01 18:18:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2010.05.01 18:18:11 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2010.05.01 18:18:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2010.05.01 18:18:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2010.05.01 18:18:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010.05.01 18:18:09 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010.05.01 18:18:09 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010.05.01 18:18:09 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2010.05.01 18:18:09 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2010.05.01 18:18:08 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010.05.01 18:18:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010.05.01 18:18:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2010.05.01 18:18:05 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2010.05.01 18:18:04 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2010.05.01 18:18:04 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.05.01 18:18:04 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.05.01 18:18:04 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.05.01 18:18:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010.05.01 18:18:04 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2010.05.01 18:18:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2010.05.01 18:18:03 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2010.05.01 18:18:03 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.05.01 18:18:03 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.05.01 18:18:03 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2010.05.01 18:18:03 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010.05.01 18:18:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.05.01 18:18:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2010.05.01 18:18:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.05.01 18:18:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2010.05.01 18:18:03 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2010.05.01 18:18:02 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2010.05.01 18:18:02 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.05.01 18:18:01 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.05.01 18:18:01 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2010.05.01 18:18:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2010.05.01 18:18:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010.05.01 18:17:59 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010.05.01 18:17:59 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2010.05.01 18:17:59 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2010.05.01 18:17:58 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2010.05.01 18:17:57 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010.05.01 18:17:56 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2010.05.01 18:17:56 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2010.05.01 18:17:56 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010.05.01 18:17:56 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2010.05.01 18:17:55 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2010.05.01 18:17:55 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010.05.01 18:17:55 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2010.05.01 18:17:55 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2010.05.01 18:17:54 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2010.05.01 18:17:54 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010.05.01 18:17:54 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010.05.01 18:17:53 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2010.05.01 18:17:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2010.05.01 18:17:52 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.05.01 18:17:48 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010.05.01 18:17:46 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010.05.01 18:17:45 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2010.05.01 18:17:45 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010.05.01 18:17:44 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010.05.01 18:17:44 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010.05.01 18:17:44 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2010.05.01 18:17:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2010.05.01 18:17:42 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2010.05.01 18:17:42 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010.05.01 18:17:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2010.05.01 18:17:34 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2010.05.01 18:17:33 | 000,842,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010.05.01 18:17:33 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2010.05.01 18:17:26 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.05.01 18:17:26 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010.05.01 18:17:26 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2010.05.01 18:17:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2010.05.01 18:17:25 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.05.01 18:17:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2010.05.01 18:17:24 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2010.05.01 18:17:24 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2010.05.01 18:17:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2010.05.01 18:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2010.05.01 18:17:23 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.05.01 18:17:23 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2010.05.01 18:17:23 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2010.05.01 18:17:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2010.05.01 18:17:22 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2010.05.01 18:17:22 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2010.05.01 18:17:21 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2010.05.01 18:17:20 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2010.05.01 18:17:20 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010.05.01 18:17:20 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2010.05.01 18:17:19 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2010.05.01 18:17:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2010.05.01 18:17:18 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2010.05.01 18:17:17 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010.05.01 18:17:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010.05.01 18:17:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2010.05.01 18:17:14 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2010.05.01 18:17:14 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010.05.01 18:17:14 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2010.05.01 18:17:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2010.05.01 18:17:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2010.05.01 18:17:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2010.05.01 18:17:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2010.05.01 18:17:13 | 002,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010.05.01 18:17:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2010.05.01 18:17:13 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2010.05.01 18:17:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2010.05.01 18:17:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2010.05.01 18:17:12 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2010.05.01 18:17:11 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010.05.01 18:17:11 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2010.05.01 18:17:11 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2010.05.01 18:17:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2010.05.01 18:17:10 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010.05.01 18:17:10 | 000,123,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010.05.01 18:17:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010.05.01 18:17:10 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010.05.01 18:17:09 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.05.01 18:17:09 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2010.05.01 18:17:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2010.05.01 18:17:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010.05.01 18:17:08 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2010.05.01 18:17:07 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010.05.01 18:17:07 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2010.05.01 18:17:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.05.01 18:17:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2010.05.01 18:17:06 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2010.05.01 18:17:06 | 000,073,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2010.05.01 18:17:06 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.05.01 18:17:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2010.05.01 18:17:05 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010.05.01 18:17:05 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010.05.01 18:17:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010.05.01 18:17:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2010.05.01 18:17:04 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2010.05.01 18:17:04 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2010.05.01 18:17:04 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2010.05.01 18:17:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2010.05.01 18:17:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2010.05.01 18:17:01 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010.05.01 18:17:01 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2010.05.01 18:17:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2010.05.01 18:17:01 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010.05.01 18:17:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2010.05.01 18:17:01 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2010.05.01 18:17:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010.05.01 18:17:00 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010.05.01 18:17:00 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2010.05.01 18:17:00 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2010.05.01 18:17:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2010.05.01 18:17:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2010.05.01 18:17:00 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2010.05.01 18:17:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2010.05.01 18:16:59 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2010.05.01 18:16:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2010.05.01 18:16:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2010.05.01 18:16:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2010.05.01 18:16:58 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010.05.01 18:16:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2010.05.01 18:16:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2010.05.01 18:16:57 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010.05.01 18:16:57 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2010.05.01 18:16:57 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010.05.01 18:16:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2010.05.01 18:16:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2010.05.01 18:16:56 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010.05.01 18:16:56 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
[2010.05.01 18:16:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2010.05.01 18:16:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010.05.01 18:16:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2010.05.01 18:16:54 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2010.05.01 18:16:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010.05.01 18:16:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010.05.01 18:16:51 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2010.05.01 18:16:51 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2010.05.01 18:16:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2010.05.01 18:16:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2010.05.01 18:16:50 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2010.05.01 18:16:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2010.05.01 18:16:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010.05.01 18:16:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2010.05.01 18:16:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010.05.01 18:16:49 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2010.05.01 18:16:48 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010.05.01 18:16:48 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2010.05.01 18:01:44 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010.05.01 18:00:18 | 000,000,000 | ---D | C] -- C:\14c442de2feb117870b7faccc9
[2010.05.01 17:55:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.05.01 13:39:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Comodo
[2010.05.01 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Comodo
[2010.05.01 13:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2010.05.01 13:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010.04.30 11:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010.04.29 18:10:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Avira
[2010.04.29 18:03:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.29 18:03:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.29 18:03:53 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.29 18:03:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.29 18:03:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.29 18:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.29 09:47:25 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\ICQ
[2010.04.29 09:47:24 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\AOL
[2010.04.15 10:04:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 10:04:26 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 10:04:17 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 10:04:08 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.15 10:04:08 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2008.06.21 16:23:44 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1300.dll
[653 C:\*.tmp files -> C:\*.tmp -> ]
[4 d:\Peter\Documents\*.tmp files -> d:\Peter\Documents\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.08 09:31:37 | 003,932,160 | -HS- | M] () -- C:\Users\Peter\ntuser.dat
[2010.05.08 09:24:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010.05.08 09:16:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3236734470-1321717159-3152903743-1000UA.job
[2010.05.08 09:01:24 | 000,000,300 | ---- | M] () -- C:\Windows\win.ini
[2010.05.08 08:59:37 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.05.08 08:58:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.08 08:58:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.08 08:58:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.08 08:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.07 23:39:01 | 000,524,288 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.05.07 23:39:01 | 000,065,536 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.05.07 23:38:28 | 003,453,766 | -H-- | M] () -- C:\Users\Peter\AppData\Local\IconCache.db
[2010.05.07 19:55:13 | 002,672,312 | ---- | M] () -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2010.05.07 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010.05.07 13:16:05 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3236734470-1321717159-3152903743-1000Core.job
[2010.05.07 11:22:18 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DC6ACBFC-DEC8-43EA-8549-CA8085A1B80D}.job
[2010.05.06 20:34:25 | 000,000,790 | ---- | M] () -- d:\Peter\Documents\cc_20100506_203416.reg
[2010.05.06 20:33:56 | 000,002,240 | ---- | M] () -- d:\Peter\Documents\cc_20100506_203346.reg
[2010.05.06 20:33:30 | 000,013,232 | ---- | M] () -- d:\Peter\Documents\cc_20100506_203325.reg
[2010.05.06 20:32:46 | 000,284,252 | ---- | M] () -- d:\Peter\Documents\cc_20100506_203211.reg
[2010.05.06 20:05:03 | 000,000,645 | ---- | M] () -- C:\Users\Peter\Desktop\CCleaner.lnk
[2010.05.06 16:15:04 | 000,379,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.06 14:54:30 | 000,102,072 | ---- | M] () -- C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.06 14:22:20 | 000,001,880 | ---- | M] () -- C:\Users\Peter\Desktop\HijackThis.lnk
[2010.05.06 09:35:59 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.06 08:51:36 | 000,581,632 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\plugin.dat
[2010.05.05 14:08:59 | 001,427,210 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.05 14:08:59 | 000,621,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.05 14:08:59 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.05 14:08:59 | 000,123,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.05 14:08:59 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.02 12:59:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.05.01 23:13:24 | 000,144,896 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.01 20:39:39 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2010.05.01 20:13:46 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010.05.01 19:32:04 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010.05.01 19:31:44 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010.05.01 19:18:22 | 000,065,536 | ---- | M] () -- C:\Windows\SPInstall.etl
[2010.05.01 18:00:18 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2010.05.01 18:00:18 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2010.04.29 18:04:16 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 18:02:16 | 000,043,520 | ---- | M] () -- C:\Users\Peter\Desktop\Recruiting Spreadsheet London V1 with revenue.xls
[2010.04.27 23:28:23 | 000,023,335 | ---- | M] () -- C:\Users\Peter\Desktop\KRC 100326_APP Screener 3-18-10 (2).docx
[2010.04.26 10:14:18 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.04.26 09:31:16 | 000,000,455 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.04.14 14:18:35 | 000,649,728 | ---- | M] () -- d:\Peter\Documents\ben1.doc
[2010.04.12 23:15:23 | 001,218,560 | ---- | M] () -- d:\Peter\Documents\online research.doc
[2010.04.09 01:50:34 | 000,568,832 | ---- | M] () -- d:\Peter\Documents\Online Forums.doc
[653 C:\*.tmp files -> C:\*.tmp -> ]
[4 d:\Peter\Documents\*.tmp files -> d:\Peter\Documents\*.tmp -> ]
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

Boutrous · 08.05.2010, 08:39

OTL.txt TEil 3

Zitat:

[2010.05.07 19:55:03 | 002,672,312 | ---- | C] () -- C:\Users\Peter\Desktop\esetsmartinstaller_enu.exe
[2010.05.06 20:34:17 | 000,000,790 | ---- | C] () -- d:\Peter\Documents\cc_20100506_203416.reg
[2010.05.06 20:33:47 | 000,002,240 | ---- | C] () -- d:\Peter\Documents\cc_20100506_203346.reg
[2010.05.06 20:33:27 | 000,013,232 | ---- | C] () -- d:\Peter\Documents\cc_20100506_203325.reg
[2010.05.06 20:32:16 | 000,284,252 | ---- | C] () -- d:\Peter\Documents\cc_20100506_203211.reg
[2010.05.06 20:05:03 | 000,000,645 | ---- | C] () -- C:\Users\Peter\Desktop\CCleaner.lnk
[2010.05.06 14:22:20 | 000,001,880 | ---- | C] () -- C:\Users\Peter\Desktop\HijackThis.lnk
[2010.05.06 09:35:59 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 12:59:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.05.02 01:52:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.02 01:52:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.02 01:52:50 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010.05.01 20:39:39 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010.05.01 18:20:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2010.05.01 18:20:14 | 003,662,296 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010.05.01 18:20:00 | 000,120,458 | ---- | C] () -- C:\Windows\System32\secpol.msc
[2010.05.01 18:19:56 | 000,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010.05.01 18:19:52 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.05.01 18:19:43 | 000,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010.05.01 18:19:41 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2010.05.01 18:19:37 | 000,009,987 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010.05.01 18:19:37 | 000,000,150 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010.05.01 18:19:21 | 000,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010.05.01 18:19:20 | 000,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010.05.01 18:18:40 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2010.05.01 18:18:36 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2010.05.01 18:18:34 | 000,147,439 | ---- | C] () -- C:\Windows\System32\gpedit.msc
[2010.05.01 18:18:26 | 000,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010.05.01 18:18:21 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.05.01 18:17:34 | 000,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010.05.01 14:12:18 | 000,065,536 | ---- | C] () -- C:\Windows\SPInstall.etl
[2010.04.29 18:04:16 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.28 18:02:16 | 000,043,520 | ---- | C] () -- C:\Users\Peter\Desktop\Recruiting Spreadsheet London V1 with revenue.xls
[2010.04.27 23:28:18 | 000,023,335 | ---- | C] () -- C:\Users\Peter\Desktop\KRC 100326_APP Screener 3-18-10 (2).docx
[2010.04.27 10:28:12 | 000,000,865 | ---- | C] () -- C:\Users\Peter\Desktop\Ivacy Monitor.lnk
[2010.04.25 12:46:34 | 000,581,632 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\plugin.dat
[2010.04.12 23:15:21 | 001,218,560 | ---- | C] () -- d:\Peter\Documents\online research.doc
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.14 10:23:49 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009.04.24 10:31:50 | 000,000,187 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.04.24 10:31:36 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.04.24 10:31:36 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008.06.21 16:23:46 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1300c.sys
[2008.06.21 16:23:45 | 003,033,856 | ---- | C] () -- C:\Windows\System32\drivers\spc1300.sys
[2008.06.21 16:23:45 | 000,015,497 | ---- | C] () -- C:\Windows\spc1300.ini
[2008.02.06 19:13:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.11.08 15:27:15 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007.11.08 15:18:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007.11.08 15:18:57 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007.11.08 15:14:07 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2007.11.08 15:14:05 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2007.11.08 15:10:44 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2007.10.08 22:50:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.07.23 08:54:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.07.23 08:54:49 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.07.23 08:54:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007.06.19 14:05:02 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:82E88B856571622B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:63238B95
< End of report >

Boutrous · 08.05.2010, 08:42

Und last but not least der Extras.txt

Zitat:

OTL Extras logfile created on: 08.05.2010 09:26:12 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Peter\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.013,00 Mb Total Physical Memory | 157,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,79 Gb Free Space | 9,48% Space Free | Partition Type: NTFS
Drive D: | 69,78 Gb Total Space | 4,41 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ****
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{187A21BA-2BE9-4320-A250-61533C9CA5EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3646C2B1-C964-4BB9-8AEE-1DFEF1ACE109}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{4AC278A1-DEB5-49FB-8E91-EB96B32D4154}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7FA3A746-BD66-4A1D-8717-CC3D30E9026C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8E9218F9-E16F-498E-B82D-9D2E072F3071}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{954C7BC4-09B4-4AAF-8657-FE05C86A2999}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9C71B67B-98D8-48BF-82A8-DBBF99E060B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A34773A3-08ED-4567-8260-B3823E18EDAA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B39216F4-E988-49DF-B3A1-0A294149DA67}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{D264121D-3F69-4528-943C-2B32E3B7D242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4C4DBFB-FC87-4E4E-BD28-CE9FA9B29B2C}" = lport=3389 | protocol=6 | dir=in | app=system |
"{E78C83C0-AC67-48B1-A2C5-A0FE3B6B229C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFC92ADE-C526-4F14-B480-6F9E97E14747}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06107EC1-073B-44E6-BB27-C4B22516774C}" = protocol=6 | dir=in | app=z:\messi\icq\icq7.1\aolload.exe |
"{0A02B78A-442D-4352-85DF-9F14EF4A8BDC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0D3B7F13-ABBA-4EB2-B137-F4A5D6A967B2}" = protocol=17 | dir=in | app=q:\kommunikation\yahoo messenger\messenger\yahoomessenger.exe |
"{25A77FFB-62F2-4186-8065-022183AD8140}" = protocol=17 | dir=in | app=z:\messi\icq\icq7.1\aolload.exe |
"{3B413BC2-AB9A-4F4F-AE6B-BAB8D23EA3B3}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{61471D50-32EF-4839-B0EA-21ADD257F49D}" = protocol=17 | dir=in | app=z:\messi\icq\icq7.1\icq.exe |
"{6627344B-9530-448D-BFFF-5C5D6538845C}" = protocol=6 | dir=in | app=q:\kommunikation\yahoo messenger\messenger\yahoomessenger.exe |
"{732CFB05-8283-41AF-8878-BAFC3BBAB5FA}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{733AD42C-9990-4340-9F09-E457B807F95B}" = protocol=6 | dir=in | app=z:\messi\icq\icq7.1\icq.exe |
"{74ECE14D-27C5-4002-8F8D-AC7965F99328}" = protocol=17 | dir=in | app=z:\messi\icq\icq7.1\aolload.exe |
"{7E17B9A0-AC2E-416F-A2F4-178BECB563CF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{904B5AB4-55E4-4B53-854C-05AC66D8D58A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{95DC4840-A2A2-4C47-A222-56A2F6469212}" = protocol=6 | dir=in | app=z:\messi\icq\icq7.1\aolload.exe |
"{A7975F43-EBB8-45A5-9816-FB8667C3B04D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B57EECAE-473C-484B-9D66-CA310BF4746C}" = protocol=6 | dir=in | app=z:\messi\icq\icq7.1\icq.exe |
"{B6AEE4D5-E1A7-449A-AACE-D367D524357A}" = protocol=17 | dir=in | app=z:\messi\icq\icq7.1\icq.exe |
"{FC729A55-0E25-4806-9EBE-A05BF27E4BAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0E00CA22-4711-4418-B3A9-A983922C3900}C:\program files\java\j2re1.4.2_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\j2re1.4.2_03\bin\javaw.exe |
"TCP Query User{0E8E0C3F-1137-4083-9462-C0B6E4C7B95D}D:\neuer ordner (3)\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=d:\neuer ordner (3)\bittornado\btdownloadgui.exe |
"TCP Query User{589C1B4A-7913-49F9-BD85-CBE7D2D59E21}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{A00D52A8-6B53-4793-9DF3-DD99A77E4550}D:\gigatribe\gigatribe.exe" = protocol=6 | dir=in | app=d:\gigatribe\gigatribe.exe |
"TCP Query User{C6AE86A4-FF8D-4E73-83BA-F3C625ABD7CC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DBF11D21-43F4-46C7-ABAE-82ED71846C0E}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{118636E0-0739-4664-A781-6427EF618132}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{24278EE5-E952-4109-81C3-55280AB157CC}C:\program files\java\j2re1.4.2_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\j2re1.4.2_03\bin\javaw.exe |
"UDP Query User{3AF45F5E-A96E-48F9-BDA0-655DBE2F32B2}D:\gigatribe\gigatribe.exe" = protocol=17 | dir=in | app=d:\gigatribe\gigatribe.exe |
"UDP Query User{9DD8CB0A-81D5-4306-B83A-1227FDC6CAE6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{AA5C8C4A-4D65-499B-997E-A84E07BDB97B}D:\neuer ordner (3)\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=d:\neuer ordner (3)\bittornado\btdownloadgui.exe |
"UDP Query User{D6045A84-CAA4-4840-8B1B-E7EC865068D9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16
"{314D592A-B234-4424-A49C-B43F993AB07B}" = Philips SPC1300NC Webcam
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4C9355F-6E45-463F-8AF9-8D9D4EDD434F}" = BB FlashBack 2 Free Player
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD93976F-D5AC-4C70-805A-9D5BB2210D08}" = Roxio CinePlayer DVD Decoder for Windows Vista
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Avira UnErase Personal" = Avira UnErase Personal
"BB FlashBack 2 Free Player" = BB FlashBack 2 Free Player
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CCleaner" = CCleaner
"Comodo HopSurf Toolbar" = Comodo HopSurf
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.08
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Gravity_is1" = Gravity Version 2.8.0
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"InstallShield_{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterSplitter" = MasterSplitter Program
"MediaMarkt Online Print Wizard Installer_is1" = MediaMarkt Online Print Wizard Installer 1.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"Picasa 3" = Picasa 3
"QuickPar" = QuickPar 0.9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Security Task Manager" = Security Task Manager 1.7f
"Shockwave" = Shockwave
"SuperMailer_is1" = SuperMailer 4.51
"Trojancheck_is1" = Trojancheck 6
"TrueCrypt" = TrueCrypt
"Vidalia" = Vidalia 0.1.15
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Ivacy Monitor" = Ivacy Monitor
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.05.2010 14:18:11 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 03:18:02 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 04:18:15 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 05:18:06 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 06:18:08 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 07:18:06 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 08:18:07 | Computer Name = Peter-PC | Source = Google Update | ID = 20
Description =

Error - 07.05.2010 08:51:21 | Computer Name = Peter-PC | Source = MsiInstaller | ID = 11324
Description =

Error - 07.05.2010 08:51:26 | Computer Name = Peter-PC | Source = MsiInstaller | ID = 11324
Description =

Error - 07.05.2010 08:51:36 | Computer Name = Peter-PC | Source = MsiInstaller | ID = 11324
Description =

[ System Events ]
Error - 07.05.2010 08:40:00 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 07.05.2010 08:41:42 | Computer Name = Peter-PC | Source = HTTP | ID = 15016
Description =

Error - 07.05.2010 08:43:11 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.05.2010 14:23:05 | Computer Name = Peter-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.05.2010 um 20:20:28 unerwartet heruntergefahren.

Error - 07.05.2010 14:23:08 | Computer Name = Peter-PC | Source = HTTP | ID = 15016
Description =

Error - 07.05.2010 14:24:37 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.05.2010 17:39:06 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 07.05.2010 17:39:06 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 08.05.2010 02:58:58 | Computer Name = Peter-PC | Source = HTTP | ID = 15016
Description =

Error - 08.05.2010 03:00:46 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Boutrous · 08.05.2010, 13:13

Hallo nochmal,
ich bin bestimmt schon total in Panik, glaube ich, aber das nimmt irgendwie zu mit der Zeit, in der ich nicht weiß, ob da jemand in meinem System rumschnüffelt....
Die ursprünglicher Virusmeldung lautete doch, dass die Datei svchost befallen ist, und was sehe ich das zufällig im Windoes Task Manager, ganz viele Prozesse mit svchost, kann das der Virus sein????
Hier ein screenshot...
habe ich jetzt die totale paranoia?????? oder sind meine bedenken berechtigt, denn ursprünglicher virus war ja svchost

Boutrous · 08.05.2010, 17:13

Hab gedacht, es macht vielleicht Sinn meine Ports zu scannen, ob da was raus geht, das dumme ist nur, ich kann das nicht richtig interpretieren....
hier ist der scan mit netstat -a
was bedeutet das denn?

cosinus · 09.05.2010, 16:21

Ok. Dann mach nochmal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Boutrous · 09.05.2010, 17:05

Halo Arne, ich hab das gemacht, hier ist es...
VG
Peter

Zitat:

ComboFix 10-05-08.03 - Peter 09.05.2010 17:42:33.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.49.1031.18.1013.346 [GMT 2:00]
ausgeführt von:: c:\users\Peter\Desktop\CoFi.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Peter\AppData\Roaming\inst.exe
c:\users\Peter\g2mdlhlpx.exe
c:\users\Peter\GoToAssistDownloadHelper.exe
c:\windows\pi.exe
c:\windows\system32\Thumbs.db
d:\peter\Documents\cc_20100506_203211.reg

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-09 bis 2010-05-09 ))))))))))))))))))))))))))))))
.

2010-05-08 22:24 . 2010-05-08 22:24 -------- d-----w- c:\users\Peter\AppData\Roaming\InfraRecorder
2010-05-08 12:35 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-05-08 12:35 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-05-08 12:35 . 2009-03-08 11:22 156160 ----a-w- c:\windows\system32\msls31.dll
2010-05-07 12:45 . 2010-05-07 12:45 -------- d-----w- c:\windows\Internet Logs
2010-05-06 18:52 . 2010-05-06 18:53 -------- d-----w- C:\rsit
2010-05-06 12:53 . 2010-05-06 12:53 -------- d-----w- c:\programdata\WindowsSearch
2010-05-06 12:22 . 2010-05-06 18:53 -------- d-----w- c:\program files\Trend Micro
2010-05-06 07:36 . 2010-05-06 07:36 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes
2010-05-06 07:35 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 07:35 . 2010-05-06 07:35 -------- d-----w- c:\programdata\Malwarebytes
2010-05-06 07:35 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 22:57 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-05-01 18:39 . 2010-05-07 12:41 -------- d-----w- c:\program files\CheckPoint
2010-05-01 18:39 . 2010-05-01 18:39 -------- d-----w- C:\657138cdd7bd3d6ed9ad87c58b90
2010-05-01 17:48 . 2010-05-01 17:48 -------- d-----w- C:\PerfLogs
2010-05-01 16:59 . 2010-05-01 16:00 47560 ----a-w- c:\windows\system32\SPReview.exe
2010-05-01 16:59 . 2010-05-01 16:00 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2010-05-01 16:21 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2010-05-01 16:21 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2010-05-01 16:21 . 2008-01-18 21:33 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2010-05-01 16:21 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2010-05-01 16:21 . 2008-01-18 21:36 142336 ----a-w- c:\windows\system32\spp.dll
2010-05-01 16:19 . 2008-01-18 21:36 68608 ----a-w- c:\windows\system32\shgina.dll
2010-05-01 16:18 . 2008-01-18 21:34 729088 ----a-w- c:\windows\system32\IMJP10K.DLL
2010-05-01 16:17 . 2008-01-18 21:41 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys
2010-05-01 16:16 . 2008-01-18 21:36 163840 ----a-w- c:\windows\system32\tscfgwmi.dll
2010-05-01 16:01 . 2008-01-18 21:33 44032 ----a-w- c:\windows\system32\cbsra.exe
2010-05-01 16:00 . 2010-05-01 16:00 -------- d-----w- C:\14c442de2feb117870b7faccc9
2010-05-01 15:55 . 2010-05-01 15:55 -------- d-----w- c:\windows\system32\EventProviders
2010-05-01 11:39 . 2010-05-09 14:31 -------- d-----w- c:\users\Peter\AppData\Local\Comodo
2010-05-01 11:39 . 2010-05-09 14:31 -------- d-----w- c:\program files\Comodo
2010-05-01 11:39 . 2010-05-01 11:39 -------- d-----w- c:\users\Peter\AppData\Roaming\Comodo
2010-05-01 11:37 . 2010-05-08 17:30 -------- d-----w- c:\programdata\Comodo Downloader
2010-04-30 09:00 . 2010-04-30 09:00 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-29 16:10 . 2010-04-29 16:10 -------- d-----w- c:\users\Peter\AppData\Roaming\Avira
2010-04-29 16:03 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-29 16:03 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-29 16:03 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-29 16:03 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-29 16:03 . 2010-04-29 16:03 -------- d-----w- c:\programdata\Avira
2010-04-29 07:47 . 2010-04-30 09:30 -------- d-----w- c:\users\Peter\AppData\Roaming\ICQ
2010-04-29 07:47 . 2010-04-29 07:47 -------- d-----w- c:\users\Peter\AppData\Local\AOL
2010-04-15 08:04 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 08:04 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 08:04 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 08:04 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 08:04 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 08:03 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 08:03 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 08:03 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 08:03 . 2008-01-19 05:55 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 09:44 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 09:24 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 17:25 . 2010-05-08 17:25 5542592 ----a-w- c:\programdata\Comodo Downloader\hopsurf.exe
2010-05-06 18:07 . 2009-05-11 22:21 -------- d-----w- c:\program files\SlySoft
2010-05-06 12:54 . 2007-10-08 17:56 102072 ----a-w- c:\users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 06:51 . 2010-04-25 10:46 581632 ----a-w- c:\users\Peter\AppData\Roaming\plugin.dat
2010-05-05 12:08 . 2007-02-02 09:56 621942 ----a-w- c:\windows\system32\perfh007.dat
2010-05-05 12:08 . 2007-02-02 09:56 123666 ----a-w- c:\windows\system32\perfc007.dat
2010-05-03 11:10 . 2008-02-06 17:13 -------- d-----w- c:\programdata\FreePDF
2010-05-02 10:59 . 2010-05-02 10:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-01 18:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-01 18:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-01 17:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-01 17:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-01 17:31 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-30 18:54 . 2008-03-11 10:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-29 16:03 . 2009-04-08 15:02 -------- d-----w- c:\program files\Avira
2010-04-29 07:49 . 2007-10-09 02:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 07:48 . 2009-08-04 15:20 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-29 07:48 . 2009-08-04 15:20 -------- d-----w- c:\programdata\ICQ
2010-04-26 09:24 . 2009-11-13 15:33 -------- d-----w- c:\users\Peter\AppData\Roaming\TrueCrypt
2010-04-26 08:14 . 2009-11-13 15:24 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\users\Peter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-18 08:49 . 2007-11-28 16:38 -------- d-----w- c:\users\Peter\AppData\Roaming\Skype
2010-04-18 08:10 . 2007-11-28 16:40 -------- d-----w- c:\users\Peter\AppData\Roaming\skypePM
2010-04-03 22:18 . 2009-05-11 23:00 -------- d-----w- c:\users\Peter\AppData\Roaming\gtk-2.0
2010-03-28 15:52 . 2009-01-27 12:37 -------- d-----w- c:\program files\Ivacy Monitor
2010-03-27 08:25 . 2009-03-09 20:08 -------- d-----w- c:\program files\Yahoo!
2010-03-27 08:23 . 2007-10-27 16:41 -------- d-----w- c:\program files\Google
2010-03-26 10:45 . 2009-09-27 15:44 -------- d-----w- c:\users\Peter\AppData\Roaming\dvdcss
2010-03-26 10:21 . 2010-03-26 10:21 -------- d-----w- c:\users\Peter\AppData\Roaming\FlashGet
2010-02-24 08:16 . 2009-10-02 20:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-05-08 12:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-05-08 12:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-05-08 12:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-05-08 12:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-10 22:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-10 22:42 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-10 22:42 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 10:49 . 2010-03-05 08:22 293376 ----a-w- c:\windows\system32\browserchoice.exe
2007-07-23 06:57 . 2007-05-25 09:23 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 133912]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2006-11-17 81920]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 136744]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-13 239144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SPC1300"="c:\windows\vspc1300.exe" [2007-05-31 675840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-09-21 305440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin1300.lnk - c:\program files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2008-6-21 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 freenet;Freenet background service;y:\freenett\bin\wrapper-windows-x86-32.exe [x]
R2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [2006-12-04 57344]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2007-07-16 88320]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2007-07-06 3033856]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [x]
R4 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);c:\windows\system32\drivers\swumx00.sys [2007-03-12 72576]
R4 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [2007-03-12 72576]
R4 SWUMX33;Sierra Wireless USB MUX Driver (UMTS33);c:\windows\system32\drivers\swumx33.sys [2007-03-12 72576]
R4 SWUMX3A;Sierra Wireless USB MUX Driver (UMTS3A);c:\windows\system32\drivers\swumx3a.sys [2007-03-12 72576]
R4 SWUMX50;Sierra Wireless USB MUX Driver (UMTS50);c:\windows\system32\drivers\swumx50.sys [2007-03-12 72576]
R4 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-03-12 72576]
R4 SWUMX53;Sierra Wireless USB MUX Driver (UMTS53);c:\windows\system32\drivers\swumx53.sys [2007-03-12 72576]
R4 SWUMX54;Sierra Wireless USB MUX Driver (UMTS54);c:\windows\system32\drivers\swumx54.sys [2007-03-12 72576]
R4 SWUMX70;Sierra Wireless USB MUX Driver (UMTS70);c:\windows\system32\drivers\swumx70.sys [2007-03-12 72576]
R4 SWUMX71;Sierra Wireless USB MUX Driver (UMTS71);c:\windows\system32\drivers\swumx71.sys [2007-03-12 72576]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2007-10-09 10368]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-03 36640]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2008-07-04 99840]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 63016]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
S3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32);c:\windows\system32\DRIVERS\swnc8u32.sys [2007-03-12 102272]
S3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);c:\windows\system32\DRIVERS\swumx32.sys [2007-03-12 72576]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - ANTIVIRSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3236734470-1321717159-3152903743-1000Core.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 12:58]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3236734470-1321717159-3152903743-1000UA.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 12:58]

2010-05-09 c:\windows\Tasks\User_Feed_Synchronization-{DC6ACBFC-DEC8-43EA-8549-CA8085A1B80D}.job
- c:\windows\system32\msfeedssync.exe [2010-05-08 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.yandex.ru/?clid=40488
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Alles mit FlashGet laden - s:\kommunikation\Neuer Ordner\jc_all.htm
IE: &Mit FlashGet laden - s:\kommunikation\Neuer Ordner\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - z:\messi\icq\ICQ7.1\ICQ.exe
TCP: {1BADFA41-93DB-4EA6-A97A-F173549BF0B2} = 192.168.1.1
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xlvgr0yh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://yup.ru/search?m=sponsored&toolid=60969&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://yup.ru/search?m=sponsored&toolid=60969&p=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Peter\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xlvgr0yh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Peter\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\Peter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-09 17:54
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-09 18:01:31
ComboFix-quarantined-files.txt 2010-05-09 16:01

Vor Suchlauf: 3.711.008.768 Bytes frei
Nach Suchlauf: 3.668.185.088 Bytes frei

- - End Of File - - C66C71B4E13D3ACF80FF8A2756EB3D9B

cosinus · 09.05.2010, 19:19

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Boutrous · 09.05.2010, 19:24

Zitat:

Zitat von cosinus

Sieht ok aus.

Echt? dann hab ich mir unbegründet Panik gemacht?
Sind die Portscans von mir nicht erschreckend?
kann ich denn mit irgendeiner SW überprüfen ob da einer aus meinem PC nach haus telefoniert?
Gibt es da etwas wo ich sehen kann, wenn einer was nach draußen verschickt?
Danke Arne!
VG
Peter

cosinus · 09.05.2010, 19:38

Zitat:

Sind die Portscans von mir nicht erschreckend?

Was soll daran erschreckend sein? Das was Du gemacht hast ist kein Portscan in dem Sinne, sondern eine Auflistung mit netstat. Wirkliche Aufschlüsse über Befall gibt netstat nicht, man sieht nur die aktiven Verbindungen.

Zitat:

kann ich denn mit irgendeiner SW überprüfen ob da einer aus meinem PC nach haus telefoniert?

Nein, das geht nicht zuverlässig genug. Ich würd an Deiner Stelle auch keine Personal Firewall deswegen installieren, die macht mehr potentielle Probleme als das sie welche verhindern oder beheben kann und Sinn macht die nur, wenn man das Regelwerk sinnvoll definiert. Nur hier und da ein paar Programme sperren macht keinen Sinn. Nutz einfach die Windows-Firewall und falls noch nicht vorhanden einen DSL-Router.

Evtl. wäre aber Netlimiter Monitor was für Dich, damit sieht man zumindest (mehr oder weniger

) den Traffic bzw. die Traffic-Auslastung der einzelnen Prozesse.
Richtig viele Infos bekommst Du beim Mitsniffen mit Wireshark.

09.05.2010, 19:19	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Befall mit 'TR/Trash.Gen' [trojan] Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Befall mit 'TR/Trash.Gen' [trojan]

Log-Analyse und Auswertung: Befall mit 'TR/Trash.Gen' [trojan]