Vilsel.aejm u.a./Antivir u. Spybot versagen

resistance01 · 19.05.2010, 21:26

ComboFix 10-05-19.02 - Customer 19.05.2010 22:17:14.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.732 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Customer\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Customer\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-19 bis 2010-05-19 ))))))))))))))))))))))))))))))
.

2010-05-19 12:42 . 2010-05-19 12:42 -------- d-----w- c:\programme\VirusTotalUploader2
2010-05-18 16:33 . 2010-05-19 08:17 -------- d-----w- c:\windows\system32\(null)
2010-05-18 11:54 . 2010-05-18 11:54 -------- d-----w- C:\_OTL
2010-05-18 10:08 . 2008-04-14 02:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-18 09:36 . 2010-05-18 09:36 -------- d-----w- c:\programme\MSXML 4.0
2010-05-18 09:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-18 09:12 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-18 09:11 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-18 09:10 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-05-18 09:08 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-05-18 09:08 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-05-18 09:08 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-05-18 09:01 . 2009-06-21 21:45 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-05-18 08:51 . 2009-07-31 04:32 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-05-18 08:51 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-05-18 08:51 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-05-18 08:49 . 2008-06-14 17:32 273024 ------w- c:\windows\system32\dllcache\bthport.sys
2010-05-18 08:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-05-18 07:34 . 2010-05-18 07:34 -------- d-----w- c:\programme\Intel
2010-05-18 07:32 . 2005-03-28 07:19 220992 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-05-18 07:32 . 2005-03-04 17:53 127872 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-05-18 07:32 . 2001-09-11 12:20 30208 ----a-w- c:\windows\system32\wdmioctl.dll
2010-05-18 07:32 . 2001-09-11 12:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-05-18 07:32 . 2010-05-18 07:32 -------- d-----w- c:\programme\Analog Devices
2010-05-18 07:32 . 2004-12-08 14:16 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-05-18 07:32 . 2002-04-17 12:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-05-18 07:32 . 2009-11-18 12:04 35176 ----a-w- c:\windows\system32\tpinspm.dll
2010-05-18 07:14 . 2010-05-18 07:15 -------- d-----w- c:\programme\Lenovo
2010-05-18 07:14 . 2010-05-18 07:15 -------- d-----w- c:\programme\Gemeinsame Dateien\Lenovo
2010-05-18 07:14 . 2007-02-19 05:56 21376 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-05-17 21:11 . 1999-05-28 08:33 21468 ----a-w- c:\windows\kill.exe
2010-05-17 15:00 . 2010-05-17 15:00 63488 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 15:00 . 2010-05-17 15:00 52224 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 15:00 . 2010-05-17 15:00 117760 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 14:59 . 2010-05-17 14:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-17 13:44 . 2010-05-17 21:13 -------- d-----w- c:\programme\Unlocker
2010-05-17 13:18 . 2010-05-17 13:18 -------- d--h--w- c:\windows\PIF
2010-05-17 07:25 . 2010-05-17 07:25 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Netzwerkumgebung
2010-05-17 07:04 . 2010-05-17 07:13 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-17 07:01 . 2010-05-17 07:01 -------- d-----w- c:\programme\CCleaner
2010-05-17 06:41 . 2010-05-17 06:41 -------- d-----w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Malwarebytes
2010-05-17 06:41 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 06:41 . 2010-05-17 06:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-17 06:41 . 2010-05-17 06:41 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-17 06:41 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 20:58 . 2010-05-15 20:58 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Vorlagen
2010-05-14 23:59 . 2010-05-17 06:57 -------- d---a-w- C:\Settings
2010-05-05 14:21 . 2010-05-05 14:21 57344 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-02 20:01 . 2010-05-15 00:19 -------- d-----w- c:\programme\IndieVolume

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 15:55 . 1979-12-31 22:00 72886 ----a-w- c:\windows\system32\perfc007.dat
2010-05-19 15:55 . 1979-12-31 22:00 411840 ----a-w- c:\windows\system32\perfh007.dat
2010-05-18 11:57 . 2009-08-23 09:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-05-18 07:33 . 2006-06-21 06:41 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-05-18 07:32 . 2006-06-21 06:41 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield
2010-05-18 06:59 . 2006-08-02 13:39 20392 ----a-w- c:\dokumente und einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-05-17 21:37 . 2009-08-23 09:51 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-05-17 14:58 . 2010-05-17 14:58 -------- d-----w- c:\programme\SUPERAntiSpyware
2010-05-17 14:58 . 2010-05-17 14:58 -------- d-----w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\SUPERAntiSpyware.com
2010-05-17 14:58 . 2010-05-17 14:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-05-17 14:58 . 2010-05-17 14:58 503808 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-693df6cd-n\msvcp71.dll
2010-05-17 14:58 . 2010-05-17 14:58 499712 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-693df6cd-n\jmc.dll
2010-05-17 14:58 . 2010-05-17 14:58 348160 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-693df6cd-n\msvcr71.dll
2010-05-17 14:58 . 2010-05-17 14:58 61440 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69d473ab-n\decora-sse.dll
2010-05-17 14:58 . 2010-05-17 14:58 12800 ----a-w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69d473ab-n\decora-d3d.dll
2010-05-17 14:58 . 2009-10-10 17:08 -------- d-----w- c:\programme\Java
2010-05-17 14:58 . 2010-05-17 14:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-05-17 07:13 . 2009-08-26 19:13 -------- d-----w- c:\programme\DivX
2010-05-17 07:04 . 2009-08-26 19:13 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2010-05-15 00:24 . 1979-12-31 22:00 14336 ----a-w- c:\windows\system32\svchost.exe
2010-05-09 22:23 . 2009-10-31 14:02 -------- d-----w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\vlc
2010-05-02 17:20 . 2010-03-25 11:22 -------- d-----w- c:\programme\Spiele
2010-04-16 18:54 . 2010-04-16 18:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Trymedia
2010-04-12 15:29 . 2010-05-17 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-10 21:21 . 2009-10-31 14:06 -------- d-----w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\dvdcss
2010-04-10 17:18 . 2010-04-10 17:18 -------- d--h--r- c:\dokumente und einstellungen\Customer\Anwendungsdaten\SecuROM
2010-04-06 12:17 . 2010-04-06 12:17 108768 ----a-w- c:\windows\system32\drivers\ACEDRV08.sys
2010-03-31 01:58 . 2009-08-26 19:13 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-08-26 19:13 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2009-08-15 23:25 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-27 11:22 . 2010-03-25 12:42 737280 ----a-w- c:\windows\iun6002.exe
2010-03-27 11:00 . 2009-10-01 21:21 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-26 13:58 . 2009-11-19 19:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-26 13:38 . 2010-03-26 13:38 451072 ----a-w- c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2010-03-26 13:21 . 2010-03-26 13:21 -------- d-----w- c:\programme\ATI Technologies
2010-03-26 13:08 . 2010-03-26 13:08 4396 ----a-w- c:\programme\DRIVEINSTALL.INI
2010-03-25 11:24 . 2010-03-25 11:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Super X Studios
2010-03-25 10:18 . 2010-03-25 10:18 -------- d-----w- c:\dokumente und einstellungen\Customer\Anwendungsdaten\Microsoft Games
2010-03-25 10:18 . 2010-03-25 10:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Games
2010-03-09 11:09 . 1979-12-31 22:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 05:41 . 1979-12-31 22:00 672768 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:41 . 2009-08-15 22:02 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2008-04-14 02:22 . 2004-08-03 22:58 1695232 --sha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 420BE00D1F13A30335AA92DE3F647E98 . 979456 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 420BE00D1F13A30335AA92DE3F647E98 . 979456 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-03 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-05-18_13.05.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-19 18:22 . 2010-05-19 18:22 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2010-05-19 12:32 . 2003-01-29 15:14 65536 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPFcs.dll
+ 2010-05-19 12:32 . 2003-01-29 15:07 45056 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPCOM.dll
+ 2010-05-19 12:32 . 2003-01-29 15:19 77824 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPCoI.dll
+ 2010-05-19 12:32 . 2003-01-29 15:08 69632 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynCOM.dll
+ 2010-05-19 12:32 . 2003-01-29 15:20 65536 c:\windows\system32\ReinstallBackups\0016\DriverFiles\InstNT.exe
+ 2010-05-19 12:32 . 2008-04-14 01:49 23552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\mouclass.sys
+ 2010-05-19 12:32 . 2008-04-14 01:55 52992 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\i8042prt.sys
+ 1979-12-31 22:00 . 2010-05-19 15:55 60114 c:\windows\system32\perfc009.dat
- 1979-12-31 22:00 . 2010-05-18 11:54 60114 c:\windows\system32\perfc009.dat
+ 2010-05-19 12:32 . 2003-01-29 15:15 212992 c:\windows\system32\ReinstallBackups\0016\DriverFiles\Tutorial.exe
+ 2010-05-19 12:32 . 2003-01-29 15:01 159744 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynZMetr.exe
+ 2010-05-19 12:32 . 2003-01-29 15:14 126976 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPLpr.exe
+ 2010-05-19 12:32 . 2003-01-29 15:14 573440 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPEnh.exe
+ 2010-05-19 12:32 . 2003-01-29 15:07 110592 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPAPI.dll
+ 2010-05-19 12:32 . 2003-01-29 15:04 264848 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTP.sys
+ 2010-05-19 12:32 . 2003-01-29 15:00 147456 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynMood.exe
+ 2010-05-19 12:32 . 2003-01-29 15:16 344064 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynISDLL.dll
+ 2010-05-19 12:32 . 2003-01-29 15:08 102400 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynCtrl.dll
- 1979-12-31 22:00 . 2010-05-18 11:54 397894 c:\windows\system32\perfh009.dat
+ 1979-12-31 22:00 . 2010-05-19 15:55 397894 c:\windows\system32\perfh009.dat
+ 2010-05-19 12:32 . 2003-01-29 15:11 4702208 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPCpl.exe
+ 2010-05-19 12:32 . 2003-01-29 15:09 4829184 c:\windows\system32\ReinstallBackups\0016\DriverFiles\SynTPCpl.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2002-07-15 69632]
"AtiPTA"="atiptaxx.exe" [2004-08-04 339968]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

c:\dokumente und einstellungen\Customer\Startmen\Programme\Autostart\
RocketDock.lnk - c:\programme\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-04-23 20:10 1668920 ----a-w- c:\programme\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"srservice"=2 (0x2)
"TVT Scheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [06.05.2010 17:10 68168]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [13.04.2008 10:30 76800]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [06.04.2010 14:17 108768]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.mini20.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {F7783F43-720A-4180-90A6-0C9B79C1C74B} = 192.168.178.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Customer\Anwendungsdaten\Mozilla\Firefox\Profiles\mzgalc9y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web.de
FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-19 22:20
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1857643510-3639526926-2790870431-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:57,5d,3a,7c,85,8a,1d,a7,50,bf,d9,27,b3,9a,35,ad,d7,33,c9,ab,c2,19,14,
82,f8,4e,00,9d,ca,6e,7f,1b,ba,cd,52,5a,cd,0e,af,35,56,bd,c3,49,69,15,d1,87,\
"??"=hex:94,d4,39,4d,3a,2a,a0,1c,ff,80,f2,70,67,59,72,0d
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2560)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-05-19 22:23:04
ComboFix-quarantined-files.txt 2010-05-19 20:23
ComboFix2.txt 2010-05-18 16:41
ComboFix3.txt 2010-05-18 13:09

Vor Suchlauf: 7 Verzeichnis(se), 33.432.711.168 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 33.413.619.712 Bytes frei

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - F1C0FCFB94AD67E5544D7A9A8B3AD150

resistance01 · 20.05.2010, 08:37

Hi,
habe eben mal nachgeschaut: Das gelöschte Verzeichnis mit den beiden Schad-Dateien ist immer noch da.

cosinus · 20.05.2010, 08:43

Systemscan mit OTLPE

Lade Dir zuerst ISOBurner herunter und installiere es.
Lade Dir dann OTLPE.iso von Oldtimer und brenne sie per Imagebrennfunktion auf eine leere CD-R oder CD-RW
Bei Verwendung von ISOBurner reicht ein Doppelklick auf OTLPE.iso.
Boote nun den infizierten Rechner von der OTLPE-CD (evtl. Reihenfolge im BIOS umstellen).
Dein System sollte nun einen REATOGO-X-PE Desktop anzeigen.
Starte OTLPE mit einem Doppelklick auf das OTLPE Icon.
"Do you wish to load the remote registry" und "Do you wish to load remote user profile(s) for scanning" mit Yes beantworten.
Entsichere die Box "Automatically Load All Remaining Users" wenn sie gewählt ist und drücke OK.
Im Block "Drivers" Use SafeList auswählen und dann mit Run Scan den Scan starten.
Nach dem Scan wird ein Logfile erstellt (C:\OTL.txt)
Kopiere dieses auf einen USB-Stick und poste es hier.

resistance01 · 20.05.2010, 08:47

Geht erst heute abend. Ich habe gerade keine Rohlinge. Bis hierher zwischendurch noch mal ein großes

See you

myrtille · 23.05.2010, 22:59

Hi resistance,

bist du noch da?

lg myrtille

resistance01 · 25.05.2010, 14:27

Ja, bin noch da.
Am WE war so schönes Wetter, da habe ich den Virus mal Virus sein lassen.
Einen Rohling habe ich jetzt. Wenn nichts dagegen spricht, mache ich dann mal den Scan von CD.
Oder schlägst Du etwas anderes vor, myrtille?

Gruß
Jens

myrtille · 25.05.2010, 14:52

Hi,

versuch bitte erstmal folgendes:

Starte deinen Rechner neu und während des Hochfahrens solltest du die Auswahl zwischen der Recovery Console und deinem normalen Betriebssystem haben. Wähle die Recovery Console.
Du wirst dann gebeten deine Windowsinstallation auszuwählen, tue dies und es sollte sich eine Kommandozeile öffnen in der:
C:\windows: > steht.

Gebe dann fixmbr ein. Sag Bescheid falls du eine Warnung bekommst.
Falls du keine Warnung bekommst, gebe danach exit ein um die Recovery Console zu verlassen und normal neu zu booten.

Überprüfe dann ob die Prozesse svchost.exe und smss.exe noch in der Systemwiederherstellung laufen.

lg myrtille

resistance01 · 25.05.2010, 15:36

Hallo,

ich bekomme eine Warnung, die vor irreperablen Partitionsschäden warnt.
Bei der nachfolgenden Auswahl (Masterbootsektor neu schreiben?) habe ich jetzt erst mal "n" gewählt. Soll ich "j" wählen?

myrtille · 25.05.2010, 16:38

Hi,

Benutzt du Verschlüsselungsprogramme oder hast du einen PC von Dell?
Das sind die beiden häufigsten Ursachen für einen veränderten/spezialisierten MBR Bereich.

lg myrtille

resistance01 · 26.05.2010, 11:00

Nein,
weder das eine noch das andere. Ist die dritte
Möglichkeit der Virus?

myrtille · 26.05.2010, 11:23

Hi,

jein. Das sind die 2. häufigsten Optionen wenn man einen nicht Standardcode im MBR vorfindet.

Kannst du bitte bootkit_remover herunterladen. Entpacke den Bootkitremover bitte und doppelklick in dem ordner auf remove.exe.
Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Sag mir dann bitte Bescheid ob es Veränderungen gibt und wenn ja in welchem device.

MfG myrtille

resistance01 · 26.05.2010, 19:17

Er findet:

C: Physical Drive0
MD5: 274955059efe9236c07688c5ff9242b2

Physical Drive0 Unknown Boot code

Unknown boot code has been found...

Hier noch das Log des OTLPE-Scans vom REATOGO-CD-Start:

OTL logfile created on: 5/26/2010 9:35:07 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: | Country: | Language: | Date Format:

1,023.00 Mb Total Physical Memory | 791.00 Mb Available Physical Memory | 77.00% Memory free
906.00 Mb Paging File | 829.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.79 Gb Total Space | 30.83 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = All Days
Output = Minimal
Using ControlSet: ControlSet006

========== Win32 Services (SafeList) ==========

SRV - (StarWindServiceAE) -- File not found
SRV - (gusvc) -- File not found
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo.)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE ()
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SANDRA) -- File not found
DRV - (PMEM) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PcdrNt) -- File not found
DRV - (PCDRDRV) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (BTWDNDIS) -- File not found
DRV - (BTDriver) -- File not found
DRV - (AgereSoftModem) -- File not found
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SSHDRV84) -- C:\WINDOWS\system32\drivers\SSHDRV84.sys ()
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (w70n51) Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (gv3) -- C:\WINDOWS\system32\drivers\gv3.sys (Microsoft Corporation)
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Customer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com
IE - HKU\Customer_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/03/18 04:31:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/05/17 10:58:10 | 000,000,000 | ---D | M]

[2010/05/25 09:37:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010/05/17 10:58:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 11:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/13 15:47:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/13 15:47:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/13 15:47:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/13 15:47:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/13 15:47:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/05/18 12:37:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274171294682 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/21 03:08:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within All Days ==========

[2010/05/25 09:32:47 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/20 15:11:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Customer\Eigene Dateien\Temp
[2010/05/18 12:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\(null)
[2010/05/18 08:42:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/18 08:40:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/18 08:40:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/18 08:40:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/18 08:40:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/18 08:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/18 08:40:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/18 07:54:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/18 05:37:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/18 05:14:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/05/18 05:12:23 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/18 05:11:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/05/18 05:10:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/05/18 05:08:55 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/05/18 05:08:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/05/18 05:08:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/05/18 04:54:56 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/05/18 04:54:55 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/18 04:54:54 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/18 04:51:47 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/05/18 04:51:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/05/18 04:51:19 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/05/18 04:49:51 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/18 04:49:43 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/05/18 04:28:51 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/05/18 03:32:57 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2010/05/18 03:32:57 | 000,030,208 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2010/05/18 03:32:56 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/05/18 03:32:56 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/05/18 03:32:22 | 000,035,176 | ---- | C] (Lenovo.) -- C:\WINDOWS\System32\tpinspm.dll
[2010/05/18 03:14:49 | 000,021,376 | ---- | C] (Lenovo (United States) Inc.) -- C:\WINDOWS\System32\drivers\psadd.sys
[2010/05/17 10:58:10 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/17 10:58:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/17 10:58:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/17 10:58:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/17 09:18:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/05/17 03:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/05/17 02:41:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/17 02:41:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/14 19:59:56 | 000,000,000 | ---D | C] -- C:\Settings
[2010/05/05 10:17:51 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Customer\Eigene Dateien\Eigene Videos
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/06 14:24:58 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Customer\Desktop\HijackThis.exe
[2010/04/06 13:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/06 08:17:43 | 000,108,768 | ---- | C] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV08.sys
[2010/03/25 08:42:43 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/03/10 12:51:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/03/10 00:33:52 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/10 00:33:47 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/26 01:41:12 | 000,672,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/02/26 01:41:11 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/02/26 01:41:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/02/26 01:41:09 | 003,094,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/02/26 01:41:06 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/02/26 01:41:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/02/19 15:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/12 00:33:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/01/29 10:59:30 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/13 10:00:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2009/12/24 02:59:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/17 03:40:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 03:08:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/08 05:23:28 | 000,474,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/11/27 13:11:57 | 001,297,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 13:11:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 12:08:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 12:08:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 12:08:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 12:08:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 12:08:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/19 15:12:08 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/11/17 14:59:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\uninstall
[2009/10/31 11:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/10/13 06:32:34 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/10 13:09:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/05 09:45:44 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2009/10/05 08:37:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/10/05 04:05:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2009/10/05 03:49:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/01 17:00:35 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/10/01 17:00:35 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/10/01 17:00:34 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/10/01 17:00:34 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/10/01 17:00:33 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/10/01 17:00:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/10/01 17:00:33 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/09/10 10:39:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\save$$updater
[2009/09/09 14:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks
[2009/09/09 14:36:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIRepair
[2009/09/09 05:43:19 | 000,019,968 | ---- | C] (Dead Knight) -- C:\WINDOWS\System32\reico.exe
[2009/09/09 05:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VITrans
[2009/09/07 03:11:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/09/07 03:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/09/07 02:59:03 | 002,068,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe.zottel
[2009/09/07 02:59:02 | 002,191,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe.zottel
[2009/09/07 02:20:02 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/09/04 17:03:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/08/27 14:20:42 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/08/27 14:20:42 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/08/27 14:20:42 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/08/27 14:20:41 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/08/27 14:20:41 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/08/27 14:20:41 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/08/27 14:20:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/08/27 14:20:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/08/27 14:20:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/08/27 14:20:39 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/08/27 14:20:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/08/27 14:20:39 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/08/27 14:20:39 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/08/27 14:20:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/08/27 14:20:38 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/08/27 14:20:38 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/08/27 14:20:37 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/08/27 14:20:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/08/27 14:20:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/08/27 14:20:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/08/27 14:20:36 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/08/27 14:20:36 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/08/27 14:20:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/08/27 14:20:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/08/27 14:20:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/08/27 14:20:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/08/27 14:20:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/08/27 14:20:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/08/27 14:20:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/08/27 14:20:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/08/27 14:20:32 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/08/27 14:20:32 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/08/27 14:20:32 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/08/27 14:20:31 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/08/27 14:20:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/08/27 14:20:31 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/08/27 14:20:30 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/08/27 14:20:29 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/08/27 14:20:29 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/08/27 14:20:29 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/08/27 14:20:29 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/08/27 14:20:28 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/08/27 14:20:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/08/27 14:20:28 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/08/27 14:20:28 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/08/27 14:20:27 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/08/27 14:20:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/08/27 14:20:25 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/08/27 14:20:21 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/08/27 14:20:21 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/08/27 14:20:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/08/27 14:20:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/08/27 14:20:17 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/08/27 14:20:17 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/08/27 14:20:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/08/27 14:20:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/08/27 14:20:16 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/08/27 14:20:16 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/08/27 14:20:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/08/27 14:20:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/08/27 14:20:15 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/08/27 14:20:15 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/08/27 14:20:15 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/08/27 14:20:14 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/08/27 14:20:14 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/08/27 14:20:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/08/27 14:20:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/08/27 14:20:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/08/27 14:20:13 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/08/27 14:20:13 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/08/27 14:20:12 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/08/27 14:20:10 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/08/27 14:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/26 16:37:12 | 000,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd[xyz].sys
[2009/08/26 15:13:29 | 000,125,424 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/08/26 15:13:29 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/08/15 20:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/08/15 19:25:29 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/08/15 19:25:29 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/08/15 19:25:29 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/08/15 19:25:29 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/08/15 19:25:29 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/08/15 19:25:28 | 002,083,312 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/08/15 19:25:28 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/08/15 18:35:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Customer\Eigene Dateien\Downloads
[2009/08/15 18:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/08/15 18:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/08/15 18:08:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/15 18:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/08/15 18:02:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/08/15 17:57:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/08/15 17:57:05 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/08/15 17:57:04 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/08/15 17:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/15 17:23:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2009/08/15 17:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/08/15 17:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2009/08/15 17:23:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/08/15 17:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/08/15 17:08:27 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2009/08/15 17:08:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2009/08/15 17:08:26 | 002,458,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2009/08/15 17:08:26 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMSPDMOE.dll
[2009/08/15 17:08:26 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/08/15 17:08:26 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2009/08/15 17:08:26 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2009/08/15 17:08:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2009/08/15 17:08:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2009/08/15 17:08:25 | 008,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2009/08/15 17:08:25 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2009/08/15 17:08:25 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/08/15 17:08:25 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/08/15 17:08:25 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2009/08/15 17:08:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2009/08/15 17:08:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2009/08/15 17:08:25 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/08/15 17:08:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2009/08/15 17:08:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2009/08/15 17:08:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2009/08/15 17:08:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2009/08/15 17:08:24 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2009/08/15 17:08:24 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2009/08/15 17:08:23 | 010,841,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/08/15 17:08:23 | 000,938,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetmgr.dll
[2009/08/15 17:08:22 | 001,117,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOE.dll
[2009/08/15 17:08:22 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMADMOD.dll
[2009/08/15 17:08:22 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2009/08/15 17:08:22 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2009/08/15 17:08:22 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2009/08/15 17:08:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2009/08/15 17:08:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2009/08/15 17:08:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/08/15 17:08:19 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/08/15 17:08:19 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/08/15 17:08:13 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2009/08/15 17:08:12 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/08/15 17:08:04 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/08/15 17:07:58 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/08/15 17:07:55 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2009/08/15 17:07:48 | 001,678,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/08/15 17:07:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/08/15 17:07:38 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/08/15 17:07:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/08/15 17:07:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/08/15 17:07:31 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/08/15 17:07:30 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/08/15 17:07:28 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/08/15 17:07:22 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/08/15 17:07:10 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/08/15 17:07:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/08/15 17:07:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/08/15 17:07:02 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/08/15 17:07:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/08/15 17:07:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/08/15 17:06:58 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/08/15 17:06:58 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/08/15 17:06:58 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/08/15 17:06:56 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2009/08/15 17:06:53 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/08/15 17:06:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/08/15 17:06:52 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2009/08/15 17:06:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2009/08/15 17:06:51 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2009/08/15 17:06:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2009/08/15 17:06:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2009/08/15 17:06:35 | 000,004,126 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2009/08/15 17:06:34 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/08/15 17:06:34 | 000,847,898 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2009/08/15 17:06:34 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
[2009/08/15 17:06:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/08/15 17:06:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2009/08/15 17:06:29 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2009/08/15 17:06:29 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2009/08/15 17:06:29 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/08/15 17:06:29 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/08/15 17:06:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MPG4DMOD.dll
[2009/08/15 17:06:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP4SDMOD.dll
[2009/08/15 17:06:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\MP43DMOD.dll
[2009/08/15 17:06:24 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009/08/15 17:06:24 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/08/15 17:06:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/08/15 17:06:24 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/08/15 17:06:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/08/15 17:06:21 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2009/08/15 17:06:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\LAPRXY.dll
[2009/08/15 17:06:17 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/08/15 17:06:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/08/15 17:06:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/08/15 17:06:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/08/15 17:06:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/08/15 17:06:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/08/15 17:06:11 | 000,144,384 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/08/15 17:06:09 | 000,500,278 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2009/08/15 17:06:09 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/08/15 17:06:09 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/08/15 17:06:09 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/08/15 17:06:09 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/08/15 17:06:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/08/15 17:06:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/08/15 17:06:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/08/15 17:06:08 | 000,991,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2009/08/15 17:06:08 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/08/15 17:06:08 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2009/08/15 17:06:08 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2009/08/15 17:06:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/08/15 17:06:08 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/08/15 17:06:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/08/15 17:06:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/08/15 17:06:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/08/15 17:06:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/08/15 17:06:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/08/15 17:06:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/08/15 17:06:05 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2009/08/15 17:06:05 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2009/08/15 17:06:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/08/15 17:06:04 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/08/15 17:06:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2009/08/15 17:06:01 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/08/15 16:19:44 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/08/15 16:19:43 | 000,018,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/08/15 16:19:43 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/08/14 11:10:16 | 001,850,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/08/05 04:59:36 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/19 12:41:10 | 011,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/17 15:01:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/17 12:15:43 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/06/25 04:25:23 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/06/25 04:25:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/06/25 04:25:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/06/24 07:18:41 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/06/15 06:43:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/06/15 06:43:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/06/12 04:21:58 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2009/06/10 03:19:38 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/06/10 02:14:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2004/07/25 20:16:40 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

resistance01 · 26.05.2010, 19:45

Teil zwo des Logs:

========== Files - Modified Within All Days ==========

[2010/05/26 14:20:23 | 000,233,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2010/05/26 14:20:23 | 000,233,472 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2010/05/26 14:20:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 14:20:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 14:20:17 | 009,699,328 | -H-- | M] () -- C:\Dokumente und Einstellungen\Customer\NTUSER.DAT
[2010/05/26 14:20:17 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Customer\ntuser.ini
[2010/05/26 14:20:15 | 003,732,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/26 14:06:40 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 14:00:20 | 1072,676,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 09:32:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/19 16:20:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 16:13:13 | 003,692,000 | R--- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\cofi.exe
[2010/05/19 11:56:18 | 000,000,537 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 11:56:18 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/19 11:55:50 | 000,952,762 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 11:55:50 | 000,411,840 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/05/19 11:55:50 | 000,397,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/19 11:55:50 | 000,072,886 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/05/19 11:55:50 | 000,060,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/19 11:50:41 | 002,656,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/19 11:50:25 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2010/05/19 08:42:13 | 000,001,685 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\VirusTotal Uploader 2.0.lnk
[2010/05/18 17:09:07 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2010/05/18 12:37:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/18 06:08:18 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 05:49:08 | 000,103,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/18 02:59:52 | 000,020,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/05/17 17:36:20 | 000,000,916 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Spybot - Search & Destroy.lnk
[2010/05/17 17:07:59 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/05/17 09:54:35 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Arbeitsplatz.lnk
[2010/05/17 03:01:19 | 000,001,523 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\CCleaner.lnk
[2010/05/01 06:44:16 | 000,000,748 | ---- | M] () -- C:\WINDOWS\Rollemup.ini
[2010/04/29 06:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 06:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 09:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/12 11:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 11:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 11:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 11:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 09:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/06 14:24:59 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Customer\Desktop\HijackThis.exe
[2010/04/06 13:47:51 | 000,385,986 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100517-233958.backup
[2010/04/06 08:17:43 | 000,108,768 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV08.sys
[2010/04/06 06:44:47 | 000,001,561 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Frag doch mal.lnk
[2010/03/30 21:58:04 | 002,083,312 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/03/30 21:58:04 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/03/30 21:58:04 | 000,559,600 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/03/30 21:58:04 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/03/30 21:58:04 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/03/30 21:58:04 | 000,133,616 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/03/30 21:58:04 | 000,125,424 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/03/30 21:58:04 | 000,123,888 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/03/30 21:58:04 | 000,100,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\VXBLOCK.dll
[2010/03/30 21:58:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/03/30 21:58:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/03/27 07:22:11 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/03/27 07:15:24 | 000,000,301 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/27 07:00:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/26 10:05:55 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/26 09:58:29 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/26 09:38:51 | 000,451,072 | ---- | M] () -- C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
[2010/03/26 09:08:24 | 000,004,396 | ---- | M] () -- C:\Programme\DRIVEINSTALL.INI
[2010/03/10 00:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/10 00:33:47 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/09 07:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/09 07:09:28 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/03/05 05:36:58 | 000,380,339 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100406-194751.backup
[2010/02/26 01:41:12 | 000,672,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/02/26 01:41:11 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/02/26 01:41:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/02/26 01:41:09 | 003,094,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/02/26 01:41:06 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/02/26 01:41:06 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/02/26 01:41:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/02/26 01:41:06 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/02/26 01:31:47 | 000,371,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/20 12:40:24 | 000,002,680 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010/02/20 12:40:24 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010/02/19 15:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 15:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 15:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 15:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 15:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/17 08:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/17 08:04:26 | 002,192,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/16 15:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/16 15:04:25 | 002,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/16 15:04:17 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/16 15:04:17 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/12 06:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/12 00:33:08 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/01/29 10:59:30 | 000,691,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/29 10:43:35 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010/01/29 10:43:35 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/01/13 10:00:09 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/24 02:59:41 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/20 15:28:02 | 000,366,547 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100305-103658.backup
[2009/12/17 03:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/17 03:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 03:08:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 03:08:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/08 05:23:28 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/02 17:37:18 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/11/27 13:11:57 | 001,297,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 13:11:57 | 001,297,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 13:11:57 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 12:08:01 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 12:08:01 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 12:08:01 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 12:08:01 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 12:08:01 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/27 12:08:01 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/21 11:54:48 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 11:54:17 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/18 08:04:22 | 000,035,176 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\tpinspm.dll
[2009/11/18 08:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\ibmpmsvc.exe
[2009/11/18 08:03:36 | 000,026,608 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys
[2009/10/26 13:53:37 | 000,347,237 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091220-202802.backup
[2009/10/25 00:11:34 | 000,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 11:28:37 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009/10/15 12:28:24 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/10/15 12:28:24 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/10/15 12:28:24 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/10/15 12:28:24 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/10/14 20:30:31 | 000,344,149 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091026-185336.backup
[2009/10/14 15:40:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/13 12:20:14 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\emule.lnk
[2009/10/13 06:32:34 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/10/13 06:32:34 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/10/12 09:38:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/10 13:58:07 | 000,343,775 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091015-023030.backup
[2009/10/05 05:07:49 | 000,338,223 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091010-195807.backup
[2009/10/01 20:26:57 | 000,338,223 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091005-110749.backup
[2009/10/01 16:05:27 | 000,000,141 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/11 10:17:01 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/09/10 10:13:50 | 000,329,969 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091002-022657.backup
[2009/09/09 14:57:41 | 000,060,287 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd
[2009/09/09 14:57:41 | 000,005,334 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd
[2009/09/09 14:57:26 | 002,359,350 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp
[2009/09/09 14:57:21 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Startmenü\Programme\Autostart\RocketDock.lnk
[2009/09/09 05:43:32 | 000,078,942 | ---- | M] () -- C:\WINDOWS\Icon_1.ico
[2009/09/07 02:19:45 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/07 02:19:45 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/04 17:03:28 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/09/04 11:44:40 | 000,515,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/09/04 11:44:40 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/09/04 11:44:40 | 000,069,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/09/04 11:29:34 | 000,453,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/09/04 11:29:34 | 000,235,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/09/04 11:29:32 | 005,501,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/09/04 11:29:32 | 001,974,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/09/04 11:29:30 | 001,892,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/09/01 15:34:53 | 000,326,007 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090910-161350.backup
[2009/08/27 13:53:19 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/26 16:37:13 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd[xyz].sys
[2009/08/26 04:00:21 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll
[2009/08/26 04:00:21 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/08/15 18:34:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/15 18:24:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/15 18:21:42 | 000,000,636 | ---- | M] () -- C:\Dokumente und Einstellungen\Customer\Desktop\RegCleaner.lnk
[2009/08/15 17:17:35 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2009/08/14 11:10:16 | 001,850,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/08/14 11:10:16 | 001,850,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/08/13 11:15:57 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/08/13 11:15:57 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/08/06 13:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/08/06 13:24:18 | 000,327,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/08/06 13:24:12 | 000,018,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/08/06 13:24:10 | 000,217,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/08/06 13:24:10 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009/08/06 13:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/08/06 13:24:10 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/08/06 13:24:10 | 000,015,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/08/06 13:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/08/06 13:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2009/08/06 13:24:04 | 000,096,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2009/08/06 13:24:04 | 000,015,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/08/06 13:24:02 | 000,023,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/08/06 13:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/08/06 13:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/08/06 13:23:46 | 001,929,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/08/06 13:23:28 | 000,209,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/08/05 04:59:36 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:59:36 | 000,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/31 04:02:20 | 001,372,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/07/31 00:32:17 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/19 12:41:10 | 011,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/17 15:01:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/07/17 12:15:43 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\query.dll
[2009/07/17 12:15:43 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2009/07/13 17:43:24 | 010,841,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/07/13 17:43:24 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2009/07/03 12:55:16 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/07/03 12:55:16 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/07/03 12:55:14 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/06/25 04:25:23 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2009/06/25 04:25:23 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/06/25 04:25:23 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/06/25 04:25:23 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/06/25 04:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/06/25 04:25:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/06/15 06:43:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009/06/15 06:43:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/06/15 06:43:57 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2009/06/15 06:43:57 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/06/12 04:21:58 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2009/06/10 03:19:38 | 002,066,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/06/10 02:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll

========== Files Created - No Company Name ==========

[2010/05/19 11:51:34 | 1072,676,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/19 08:42:13 | 000,001,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\VirusTotal Uploader 2.0.lnk
[2010/05/18 08:42:18 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/05/18 08:42:14 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010/05/18 08:40:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/18 08:40:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/18 08:40:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/18 08:40:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/18 08:40:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/18 08:34:27 | 003,692,000 | R--- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\cofi.exe
[2010/05/17 17:36:20 | 000,000,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Spybot - Search & Destroy.lnk
[2010/05/17 17:11:52 | 000,021,468 | ---- | C] () -- C:\WINDOWS\kill.exe
[2010/05/17 09:54:35 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Arbeitsplatz.lnk
[2010/05/17 03:01:19 | 000,001,523 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\CCleaner.lnk
[2010/04/14 09:50:03 | 000,000,748 | ---- | C] () -- C:\WINDOWS\Rollemup.ini
[2010/04/06 06:44:47 | 000,001,561 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\Frag doch mal.lnk
[2010/03/27 07:27:48 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/03/26 09:43:56 | 000,145,834 | ---- | C] () -- C:\WINDOWS\System32\atmdeuxx.hlp
[2010/03/26 09:43:56 | 000,044,812 | ---- | C] () -- C:\WINDOWS\System32\attdeuxx.hlp
[2010/03/26 09:43:56 | 000,024,283 | ---- | C] () -- C:\WINDOWS\System32\atfdeuxx.hlp
[2010/03/26 09:38:51 | 000,451,072 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
[2010/03/26 09:08:24 | 000,004,396 | ---- | C] () -- C:\Programme\DRIVEINSTALL.INI
[2010/02/20 12:40:18 | 000,002,680 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010/02/20 12:40:18 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2009/11/18 10:35:18 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/14 15:40:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/13 12:20:14 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\emule.lnk
[2009/10/01 17:21:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/01 16:05:27 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/10 15:33:20 | 000,000,446 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\WhiteCap (Holiday Edition) Prefs (Windows Media Player).txt
[2009/09/09 14:57:41 | 000,060,287 | ---- | C] () -- C:\WINDOWS\BricoPackUninst.cmd
[2009/09/09 14:57:39 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Startmenü\Programme\Autostart\RocketDock.lnk
[2009/09/09 14:57:26 | 002,359,350 | ---- | C] () -- C:\WINDOWS\BricoPack Wallpaper.bmp
[2009/09/09 14:56:03 | 000,005,334 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd
[2009/09/09 05:43:32 | 000,078,942 | ---- | C] () -- C:\WINDOWS\Icon_1.ico
[2009/09/09 05:43:19 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe
[2009/09/09 05:43:19 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifype.exe
[2009/09/09 05:41:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\scrnrdr.exe
[2009/08/26 19:00:39 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/26 19:00:39 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/15 18:34:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/15 18:24:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/15 18:21:42 | 000,000,636 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Desktop\RegCleaner.lnk
[2009/08/15 17:08:25 | 000,660,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/08/15 17:08:25 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/08/15 17:08:25 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/08/15 17:08:25 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/08/15 17:08:25 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/08/15 17:08:25 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/08/15 17:08:25 | 000,079,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/08/15 17:08:25 | 000,026,141 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/08/15 17:08:25 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/08/15 17:08:25 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/08/15 17:08:25 | 000,001,730 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/08/15 17:08:25 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/08/15 17:08:24 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/08/15 17:08:24 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/08/15 17:08:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/08/15 17:08:24 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/08/15 17:08:24 | 000,058,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/08/15 17:08:22 | 000,034,554 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/08/15 17:08:22 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/08/15 17:08:22 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/08/15 17:08:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/08/15 17:08:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/08/15 17:08:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/08/15 17:08:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/08/15 17:08:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/08/15 17:08:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/08/15 17:08:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/08/15 17:08:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/08/15 17:08:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/08/15 17:08:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/08/15 17:08:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/08/15 17:08:12 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/08/15 17:08:12 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/08/15 17:08:12 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/08/15 17:08:12 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/08/15 17:08:12 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/08/15 17:08:12 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/08/15 17:08:09 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/08/15 17:08:09 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/08/15 17:08:09 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/08/15 17:08:09 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/08/15 17:07:59 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/08/15 17:07:57 | 000,001,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/08/15 17:07:42 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/08/15 17:07:37 | 000,066,132 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/08/15 17:07:28 | 000,084,531 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/08/15 17:07:28 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/08/15 17:07:27 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/08/15 17:07:27 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/08/15 17:07:27 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/08/15 17:07:27 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/08/15 17:07:27 | 000,001,467 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/08/15 17:07:27 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/08/15 17:07:27 | 000,001,055 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/08/15 17:07:27 | 000,001,047 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/08/15 17:07:27 | 000,001,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/08/15 17:07:27 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/08/15 17:07:27 | 000,000,800 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/08/15 17:07:27 | 000,000,779 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/08/15 17:07:27 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/08/15 17:07:27 | 000,000,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/08/15 17:07:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/08/15 17:07:10 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/08/15 17:07:10 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/08/15 17:06:29 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/08/15 17:06:29 | 000,036,610 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/08/15 17:06:29 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/08/15 17:06:29 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/08/15 17:06:29 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/08/15 17:06:22 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/08/15 17:06:14 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/08/15 17:06:10 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/08/15 17:06:07 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/08/15 17:06:07 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/08/15 17:06:07 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/08/15 17:06:07 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/08/15 17:06:06 | 000,184,109 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/08/15 17:06:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/08/15 17:06:06 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/08/15 17:06:06 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/08/15 17:06:06 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/08/15 17:06:06 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/08/15 17:06:05 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/04/13 04:30:16 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys
[2008/02/13 19:00:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/07/17 12:40:40 | 000,103,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Customer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/12 13:43:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 03:08:21 | 000,020,480 | -H-- | C] () -- C:\Dokumente und Einstellungen\Customer\ntuser.dat.LOG
[2006/06/21 03:08:21 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Customer\ntuser.ini
[2006/06/21 03:08:20 | 009,699,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\Customer\NTUSER.DAT
[2006/06/21 02:56:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 02:51:35 | 000,000,301 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/21 02:49:14 | 000,000,251 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/06/21 02:43:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/06/21 02:42:46 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/06/21 02:41:46 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2004/07/25 20:16:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2002/10/07 12:15:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/01 04:05:15 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/01 03:58:27 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG
[2002/10/01 03:58:27 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2002/10/01 03:58:26 | 000,233,472 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2002/10/01 03:58:26 | 000,233,472 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2002/10/01 03:58:26 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG
[2002/10/01 03:58:26 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[1979/12/31 18:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll

========== LOP Check ==========

[2009/10/14 16:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\Blitware
[2009/08/15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\CoreCodec
[2009/08/26 16:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\DAEMON Tools Lite
[2009/08/15 20:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\DeepBurner
[2010/02/19 14:10:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\GetRightToGo
[2007/07/12 12:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\IBM
[2007/07/12 15:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\InterVideo
[2009/10/31 09:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\phonostar-Player
[2009/08/30 16:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\streamripper
[2009/10/09 12:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\uTorrent
[2007/07/12 16:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\VERITAS
[2009/10/10 13:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Customer\Anwendungsdaten\www.homeopathyonline.org

========== Purity Check ==========

< End of report >

Das ist ein wirklich hartnäckiger Quälgeist...

myrtille · 26.05.2010, 20:02

Hi,

dann versuch bitt folgendes:

Gib unter Start-> Ausführen als.. cmd ein.

Es sollte sich ein schwarzes Fenster öffnen.
In das Fenster gibt bitte Folgendes ein:

Zitat:

START remover.exe fix \\.\PhysicalDrive0

Danach bitte den Rechner neustarten und mir sagen ob du weiterhin die Prozesse findest.

lg myrtille

resistance01 · 26.05.2010, 21:25

Huhu,

die Datei "remover.exe" kann nicht gefunden werden.
Muss ich die erst in ein bestimmtes Verzeichnis kopieren?

23.05.2010, 22:59	#35
myrtille /// TB-Ausbilder	Vilsel.aejm u.a./Antivir u. Spybot versagen Hi resistance, bist du noch da? lg myrtille __________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly!

Vilsel.aejm u.a./Antivir u. Spybot versagen

Antiviren-, Firewall- und andere Schutzprogramme: Vilsel.aejm u.a./Antivir u. Spybot versagen