| |
| |||||||
Log-Analyse und Auswertung: Thunderbird verschickt automatisch Spam-Emails an AdressbuchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.09.2010, 19:01
| #1 |
| |  Thunderbird verschickt automatisch Spam-Emails an Adressbuch Hi, Thunderbird verschickt bei mir an mein Adressbuch automatisch Spam-Emails. Anbei die Logfiles. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133 "{71D5559C-85E5-5206-3B1C-A8A9DDDE4AC9}" = AMD Drag and Drop Transcoding "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitTorrent" = BitTorrent "CCleaner" = CCleaner "Civilization4 Caesium Modifikation v1.4_is1" = Caesium Mod v1.4 Uninstall "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "GMX SMS-Manager" = GMX SMS-Manager "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox (3.5.12)" = Mozilla Firefox (3.5.12) "Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24) "Notepad++" = Notepad++ "StarCraft II" = StarCraft II "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VLC media player" = VLC media player 1.1.1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Schwert und Speer Ultimat" = Schwert und Speer Ultimat "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.09.2010 15:19:05 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 05.09.2010 15:19:21 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 05.09.2010 15:19:24 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.09.2010 12:07:07 | Computer Name = Pierre-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Civilization4.exe, Version: 1.7.4.0, Zeitstempel: 0x464b0000 Name des fehlerhaften Moduls: Civilization4.exe, Version: 1.7.4.0, Zeitstempel: 0x464b0000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003a4d74 ID des fehlerhaften Prozesses: 0x16ac Startzeit der fehlerhaften Anwendung: 0x01cb4dd4029a1bab Pfad der fehlerhaften Anwendung: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe Pfad des fehlerhaften Moduls: C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe Berichtskennung: cbc9e0c3-b9d0-11df-a6a0-001fd08bfbec Error - 06.09.2010 14:48:10 | Computer Name = Pierre-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.0.0.68, Zeitstempel: 0x4c7e6c10 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c2913 ID des fehlerhaften Prozesses: 0x914 Startzeit der fehlerhaften Anwendung: 0x01cb4df3ec71bfef Pfad der fehlerhaften Anwendung: C:\Program Files\iTunes\iTunes.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 4b53d0f3-b9e7-11df-a6a0-001fd08bfbec Error - 07.09.2010 13:56:00 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 07.09.2010 13:56:21 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 07.09.2010 13:56:26 | Computer Name = Pierre-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 07.09.2010 20:37:20 | Computer Name = Pierre-PC | Source = Google Update | ID = 20 Description = Error - 07.09.2010 21:37:20 | Computer Name = Pierre-PC | Source = Google Update | ID = 20 Description = [ System Events ] Error - 02.04.2010 14:25:50 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 04.04.2010 06:42:47 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 06.04.2010 05:56:58 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 08.04.2010 05:37:23 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 08.04.2010 05:38:54 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 08.04.2010 05:45:28 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 08.04.2010 10:08:00 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 11.04.2010 07:06:30 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 12.04.2010 10:29:20 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = Error - 13.04.2010 16:51:22 | Computer Name = Pierre-PC | Source = bowser | ID = 8003 Description = < End of report > color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.09.10 15:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL.exe PRC - [2010.09.09 18:39:25 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.09.04 13:51:51 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010.09.04 13:51:50 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.07.07 03:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.06.15 17:28:00 | 001,701,888 | ---- | M] (Curse) -- C:\Users\Pierre\AppData\Local\Apps\2.0\N3YV8489.NO0\P4J5XTML.D1D\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2009.08.13 19:02:34 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2009.08.13 18:59:22 | 003,161,608 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2009.08.13 18:38:34 | 000,498,696 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe PRC - [2009.08.13 18:38:26 | 000,473,608 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe PRC - [2009.08.13 18:37:56 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2009.08.13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2009.08.13 18:37:34 | 000,523,784 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2009.08.13 18:37:24 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:48 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPSideShowGadget.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010.09.10 15:28:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Pierre\Downloads\OTL.exe MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.09.04 13:51:50 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pierre\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2010.08.11 15:54:59 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010.07.12 10:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010.07.07 04:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.07.07 04:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.07.07 03:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.12.08 12:39:59 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.14 16:35:30 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.14 00:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.11 11:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 11:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2007.12.06 14:40:12 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14978&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gayromeo.com/-BerlinCalling-" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 18:39:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 18:39:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.04 13:56:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.04 13:56:22 | 000,000,000 | ---D | M] [2009.11.07 18:22:11 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\mozilla\Extensions [2010.09.09 18:49:38 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\i6x02if6.default\extensions [2010.06.25 11:25:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pierre\AppData\Roaming\mozilla\Firefox\Profiles\i6x02if6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.08 20:05:54 | 000,002,255 | ---- | M] () -- C:\Users\Pierre\AppData\Roaming\Mozilla\FireFox\Profiles\i6x02if6.default\searchplugins\askcom.xml [2010.09.09 18:49:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a713ab93-cbb6-11de-8f42-001fd08bfbec}\Shell - "" = AutoRun O33 - MountPoints2\{a713ab93-cbb6-11de-8f42-001fd08bfbec}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.04 13:57:40 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.04 13:57:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.04 13:56:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.09.04 13:55:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.25 15:11:20 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.08.25 15:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.08.25 15:07:20 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.12 22:58:57 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.12 22:58:57 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 22:58:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 22:58:52 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 22:58:51 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 22:58:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 22:58:49 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 22:58:49 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 22:58:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 22:58:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 22:58:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 22:58:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 22:58:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 22:58:47 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.10 15:31:23 | 002,097,152 | -HS- | M] () -- C:\Users\Pierre\NTUSER.DAT [2010.09.10 15:24:44 | 000,014,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.10 15:24:44 | 000,014,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.10 15:17:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.09.10 15:17:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.10 15:17:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.10 15:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.10 15:17:20 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.09.10 10:58:58 | 002,284,117 | -H-- | M] () -- C:\Users\Pierre\AppData\Local\IconCache.db [2010.09.10 09:35:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.09 18:46:02 | 000,000,689 | ---- | M] () -- C:\Users\Pierre\Desktop\World of Warcraft.lnk [2010.09.08 12:30:09 | 000,100,895 | ---- | M] () -- C:\Users\Pierre\Desktop\pi2.jpg [2010.09.08 12:29:07 | 000,087,479 | ---- | M] () -- C:\Users\Pierre\Desktop\pi.jpg [2010.09.05 00:12:32 | 000,058,613 | ---- | M] () -- C:\Users\Pierre\Desktop\lol.jpg [2010.09.04 13:57:52 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.25 15:09:26 | 000,042,274 | ---- | M] () -- C:\Users\Pierre\Documents\10-08-25 sicherung reg..reg [2010.08.13 11:46:40 | 000,284,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.10 07:33:48 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.09.08 12:30:09 | 000,100,895 | ---- | C] () -- C:\Users\Pierre\Desktop\pi2.jpg [2010.09.08 12:29:07 | 000,087,479 | ---- | C] () -- C:\Users\Pierre\Desktop\pi.jpg [2010.09.05 00:12:32 | 000,058,613 | ---- | C] () -- C:\Users\Pierre\Desktop\lol.jpg [2010.09.04 13:57:52 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.25 15:09:20 | 000,042,274 | ---- | C] () -- C:\Users\Pierre\Documents\10-08-25 sicherung reg..reg [2010.07.24 12:29:23 | 012,980,224 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.05.25 11:01:17 | 000,000,284 | ---- | C] () -- C:\Windows\reimage.ini [2009.11.07 18:45:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.09.10 00:06:24 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\BitTorrent [2009.11.09 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\MobMapUpdater [2009.12.05 09:22:12 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Notepad++ [2009.11.07 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Thunderbird [2010.01.09 03:25:47 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\TS3Client [2010.09.10 15:17:57 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.08.02 10:21:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP  FC5A2B2< End of report > $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.1.7600] C: C:\pagefile.sys --------- C:\hiberfil.sys --------- 10.09.2010 15:17 C:\aaw7boot.log --------- 31247 08.09.2010 23:33 C:\System Volume Information --------- 24576 05.09.2010 11:12 C:\Config.Msi --------- 0 04.09.2010 13:57 C:\Program Files --------- 20480 25.08.2010 16:02 C:\ProgramData --------- 8192 31.07.2010 17:28 C:\Windows --------- 24576 02.05.2010 16:44 C:\tracert.txt --------- 487 22.04.2010 12:55 C:\MSDOS.SYS --------- 0 22.04.2010 12:55 C:\IO.SYS --------- 0 25.03.2010 22:19 C:\temp --------- 0 07.11.2009 19:30 C:\ATI --------- 0 07.11.2009 18:09 C:\$Recycle.Bin --------- 0 07.11.2009 18:09 C:\Users --------- 4096 07.11.2009 18:09 C:\Recovery --------- 0 07.11.2009 18:09 C:\Programme --------- 0 07.11.2009 18:09 C:\Dokumente und Einstellungen --------- 0 14.07.2009 06:53 C:\Documents and Settings --------- 0 14.07.2009 04:37 C:\PerfLogs --------- 0 10.06.2009 23:42 C:\config.sys --------- 10 10.06.2009 23:42 C:\autoexec.bat --------- 24 ---------------------------------------- C:\Windows 10.09.2010 15:20 C:\Windows\WindowsUpdate.log --------- 1374841 10.09.2010 15:17 C:\Windows\setupact.log --------- 61475 10.09.2010 15:17 C:\Windows\bootstat.dat --------- 67584 26.08.2010 11:21 C:\Windows\PFRO.log --------- 6566 18.06.2010 07:13 C:\Windows\atiogl.xml --------- 21682 09.06.2010 18:20 C:\Windows\DirectX.log --------- 358198 25.05.2010 11:01 C:\Windows\reimage.ini --------- 284 11.01.2010 10:04 C:\Windows\nsreg.dat --------- 0 04.12.2009 14:08 C:\Windows\KB893803v2.log --------- 548 07.11.2009 23:56 C:\Windows\MEMORY.DMP --------- 268615071 07.11.2009 18:45 C:\Windows\ODBC.INI --------- 400 07.11.2009 18:26 C:\Windows\SetPointII_000.log --------- 1110360 07.11.2009 18:25 C:\Windows\LDPINST.LOG --------- 2998 07.11.2009 18:12 C:\Windows\avmfwlanci.log --------- 11187 07.11.2009 17:59 C:\Windows\TSSysprep.log --------- 1313 07.11.2009 17:58 C:\Windows\ativpsrm.bin --------- 0 07.11.2009 17:56 C:\Windows\DtcInstall.log --------- 1774 31.10.2009 07:45 C:\Windows\explorer.exe --------- 2614272 14.07.2009 06:54 C:\Windows\win.ini --------- 403 14.07.2009 06:41 C:\Windows\WindowsShell.Manifest --------- 749 14.07.2009 06:39 C:\Windows\setuperr.log --------- 0 14.07.2009 03:16 C:\Windows\twain_32.dll --------- 51200 14.07.2009 03:14 C:\Windows\write.exe --------- 9216 14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728 14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232 14.07.2009 03:14 C:\Windows\regedit.exe --------- 398336 14.07.2009 03:14 C:\Windows\notepad.exe --------- 179712 14.07.2009 03:14 C:\Windows\hh.exe --------- 15360 14.07.2009 03:14 C:\Windows\HelpPane.exe --------- 497152 14.07.2009 03:14 C:\Windows\fveupdate.exe --------- 13824 14.07.2009 03:14 C:\Windows\bfsvc.exe --------- 65024 14.07.2009 00:58 C:\Windows\mib.bin --------- 43131 17.06.2009 10:55 C:\Windows\KHALMNPR.Exe --------- 55824 10.06.2009 23:46 C:\Windows\system.ini --------- 219 10.06.2009 23:42 C:\Windows\_default.pif --------- 707 10.06.2009 23:42 C:\Windows\winhelp.exe --------- 256192 10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680 10.06.2009 23:41 C:\Windows\twain.dll --------- 94784 10.06.2009 23:34 C:\Windows\WMSysPr9.prx --------- 316640 10.06.2009 23:19 C:\Windows\msdfmap.ini --------- 1405 10.06.2009 23:14 C:\Windows\Starter.xml --------- 48201 10.06.2009 23:14 C:\Windows\HomePremium.xml --------- 48265 ---------------------------------------- C:\Windows\System 13.07.2009 23:41 C:\Windows\System\OLESVR.DLL --------- 24064 13.07.2009 23:41 C:\Windows\System\WFWNET.DRV --------- 12704 13.07.2009 23:41 C:\Windows\System\COMMDLG.DLL --------- 32816 13.07.2009 23:41 C:\Windows\System\TIMER.DRV --------- 4048 13.07.2009 23:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992 13.07.2009 23:41 C:\Windows\System\mmtask.tsk --------- 1152 13.07.2009 23:41 C:\Windows\System\mouse.drv --------- 2032 13.07.2009 23:41 C:\Windows\System\vga.drv --------- 2176 13.07.2009 23:41 C:\Windows\System\sound.drv --------- 1744 13.07.2009 23:41 C:\Windows\System\keyboard.drv --------- 2000 13.07.2009 23:41 C:\Windows\System\SHELL.DLL --------- 5120 13.07.2009 23:41 C:\Windows\System\system.drv --------- 3360 10.06.2009 23:42 C:\Windows\System\ver.dll --------- 9008 10.06.2009 23:42 C:\Windows\System\olecli.dll --------- 82944 10.06.2009 23:42 C:\Windows\System\lzexpand.dll --------- 9936 10.06.2009 23:25 C:\Windows\System\stdole.tlb --------- 5532 10.06.2009 23:21 C:\Windows\System\msvideo.dll --------- 126912 10.06.2009 23:21 C:\Windows\System\mciwave.drv --------- 28160 10.06.2009 23:21 C:\Windows\System\mciseq.drv --------- 25264 10.06.2009 23:21 C:\Windows\System\mciavi.drv --------- 73376 10.06.2009 23:21 C:\Windows\System\avifile.dll --------- 109456 10.06.2009 23:21 C:\Windows\System\avicap.dll --------- 69584 ---------------------------------------- C:\Windows\System32 10.09.2010 15:24 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14064 10.09.2010 15:24 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14064 10.09.2010 10:59 C:\Windows\system32\config --------- 16384 08.09.2010 15:56 C:\Windows\system32\Tasks --------- 4096 05.09.2010 01:48 C:\Windows\system32\catroot --------- 4096 04.09.2010 13:55 C:\Windows\system32\DriverStore --------- 4096 27.08.2010 01:53 C:\Windows\system32\catroot2 --------- 16384 13.08.2010 11:46 C:\Windows\system32\FNTCACHE.DAT --------- 284560 13.08.2010 11:45 C:\Windows\system32\drivers --------- 65536 13.08.2010 11:45 C:\Windows\system32\migration --------- 0 10.08.2010 05:15 C:\Windows\system32\QuickTimeVR.qtx --------- 94208 10.08.2010 05:15 C:\Windows\system32\QuickTime.qts --------- 69632 03.08.2010 20:09 C:\Windows\system32\MRT.exe --------- 35962312 31.07.2010 17:25 C:\Windows\system32\CCCInstall_201007311725324803.log --------- 18078 29.07.2010 08:30 C:\Windows\system32\ir32_32.dll --------- 197632 29.07.2010 08:30 C:\Windows\system32\iccvid.dll --------- 82944 28.07.2010 09:56 C:\Windows\system32\wdi --------- 4096 27.07.2010 16:03 C:\Windows\system32\shell32.dll --------- 12867584 21.07.2010 15:54 C:\Windows\system32\DRVSTORE --------- 0 12.07.2010 10:55 C:\Windows\system32\lsdelete.exe --------- 15880 07.07.2010 03:55 C:\Windows\system32\atioglxx.dll --------- 15461888 07.07.2010 03:54 C:\Windows\system32\atiapfxx.blb --------- 63416 07.07.2010 03:54 C:\Windows\system32\atiapfxx.exe --------- 143360 07.07.2010 03:54 C:\Windows\system32\aticfx32.dll --------- 513024 07.07.2010 03:51 C:\Windows\system32\ATIDEMGX.dll --------- 446464 07.07.2010 03:51 C:\Windows\system32\atieclxx.exe --------- 380928 07.07.2010 03:50 C:\Windows\system32\atiesrxx.exe --------- 176128 07.07.2010 03:49 C:\Windows\system32\atitmmxx.dll --------- 159744 07.07.2010 03:49 C:\Windows\system32\atipdlxx.dll --------- 356352 07.07.2010 03:49 C:\Windows\system32\Oemdspif.dll --------- 278528 07.07.2010 03:49 C:\Windows\system32\atimuixx.dll --------- 11776 07.07.2010 03:49 C:\Windows\system32\ati2edxx.dll --------- 43520 07.07.2010 03:46 C:\Windows\system32\atidxx32.dll --------- 3826688 07.07.2010 03:29 C:\Windows\system32\aticalrt.dll --------- 46080 07.07.2010 03:29 C:\Windows\system32\aticalcl.dll --------- 44032 07.07.2010 03:28 C:\Windows\system32\atiumdag.dll --------- 3975680 07.07.2010 03:27 C:\Windows\system32\aticaldd.dll --------- 4323840 07.07.2010 03:24 C:\Windows\system32\coinst.dll --------- 50176 07.07.2010 03:23 C:\Windows\system32\atiumdva.dll --------- 3058688 07.07.2010 03:22 C:\Windows\system32\atiumdva.cap --------- 543664 07.07.2010 03:16 C:\Windows\system32\atiadlxx.dll --------- 237568 07.07.2010 03:15 C:\Windows\system32\atiglpxx.dll --------- 12800 07.07.2010 03:15 C:\Windows\system32\atigktxx.dll --------- 16896 07.07.2010 03:14 C:\Windows\system32\atiuxpag.dll --------- 30208 07.07.2010 03:14 C:\Windows\system32\atiu9pag.dll --------- 22528 07.07.2010 03:11 C:\Windows\system32\amdpcom32.dll --------- 52736 07.07.2010 03:11 C:\Windows\system32\atimpc32.dll --------- 52736 30.06.2010 08:25 C:\Windows\system32\wininet.dll --------- 978432 30.06.2010 08:25 C:\Windows\system32\urlmon.dll --------- 1226240 30.06.2010 08:22 C:\Windows\system32\mstime.dll --------- 606208 30.06.2010 08:22 C:\Windows\system32\mshtml.dll --------- 5971456 30.06.2010 08:22 C:\Windows\system32\msfeedsbs.dll --------- 64512 30.06.2010 08:21 C:\Windows\system32\jsproxy.dll --------- 48128 30.06.2010 08:21 C:\Windows\system32\ieui.dll --------- 176640 30.06.2010 08:21 C:\Windows\system32\iepeers.dll --------- 185856 30.06.2010 08:21 C:\Windows\system32\ieframe.dll --------- 10985472 30.06.2010 08:21 C:\Windows\system32\iedkcs32.dll --------- 381440 30.06.2010 08:19 C:\Windows\system32\msfeedssync.exe --------- 12800 30.06.2010 06:21 C:\Windows\system32\mshtml.tlb --------- 1638912 26.06.2010 00:03 C:\Windows\system32\de-DE --------- 327680 26.06.2010 00:02 C:\Windows\system32\perfc009.dat --------- 110216 26.06.2010 00:02 C:\Windows\system32\perfh007.dat --------- 664396 26.06.2010 00:02 C:\Windows\system32\perfh009.dat --------- 624578 26.06.2010 00:02 C:\Windows\system32\perfc007.dat --------- 134564 26.06.2010 00:02 C:\Windows\system32\PerfStringBackup.INI --------- 1542636 26.06.2010 00:01 C:\Windows\system32\en-US --------- 4096 19.06.2010 08:33 C:\Windows\system32\ntoskrnl.exe --------- 3899784 19.06.2010 08:33 C:\Windows\system32\ntkrnlpa.exe --------- 3955080 19.06.2010 08:23 C:\Windows\system32\rtutils.dll --------- 37376 19.06.2010 06:07 C:\Windows\system32\win32k.sys --------- 2326016 16.06.2010 07:48 C:\Windows\system32\schannel.dll --------- 224256 16.06.2010 00:28 C:\Windows\system32\atipblag.dat --------- 2857 08.06.2010 08:02 C:\Windows\system32\msxml3.dll --------- 1233920 27.05.2010 09:24 C:\Windows\system32\atmlib.dll --------- 34304 27.05.2010 05:49 C:\Windows\system32\atmfd.dll --------- 293888 24.05.2010 12:51 C:\Windows\system32\CmdLineExt.dll --------- 107888 23.05.2010 14:34 C:\Windows\system32\URTTEMP --------- 0 21.05.2010 14:14 C:\Windows\system32\MpSigStub.exe --------- 221568 18.05.2010 16:35 C:\Windows\system32\dnssd.dll --------- 91424 18.05.2010 16:35 C:\Windows\system32\dns-sd.exe --------- 107808 18.05.2010 16:35 C:\Windows\system32\dnssdX.dll --------- 197920 11.05.2010 22:42 C:\Windows\system32\atiicdxx.dat --------- 205156 09.05.2010 11:14 C:\Windows\system32\CPFilters.dll --------- 641536 09.05.2010 11:14 C:\Windows\system32\msdri.dll --------- 417792 09.05.2010 11:13 C:\Windows\system32\mpg2splt.ax --------- 199680 09.05.2010 11:13 C:\Windows\system32\MSNP.ax --------- 204288 05.05.2010 07:12 C:\Windows\system32\mlfcache.dat --------- 91816 23.04.2010 09:13 C:\Windows\system32\tzres.dll --------- 2048 19.04.2010 20:47 C:\Windows\system32\usbaaplrc.dll --------- 3062048 07.04.2010 09:10 C:\Windows\system32\oleaut32.dll --------- 571904 24.03.2010 08:37 C:\Windows\system32\ntdll.dll --------- 1286456 21.03.2010 23:35 C:\Windows\system32\NDF --------- 0 18.03.2010 13:16 C:\Windows\system32\msvcr100_clr0400.dll --------- 771424 08.03.2010 23:33 C:\Windows\system32\vbscript.dll --------- 427520 05.03.2010 09:42 C:\Windows\system32\asycfilt.dll --------- 67584 04.03.2010 09:33 C:\Windows\system32\inetcomm.dll --------- 740864 15.02.2010 16:14 C:\Windows\system32\ezsidmv.dat --------- 56 11.02.2010 09:10 C:\Windows\system32\browserchoice.exe --------- 293376 19.01.2010 01:29 C:\Windows\system32\secproc_ssp_isv.dll --------- 85504 19.01.2010 01:29 C:\Windows\system32\secproc_ssp.dll --------- 85504 ---------------------------------------- C:\Windows\Prefetch 10.09.2010 15:39 C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 6724 10.09.2010 15:38 C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf --------- 14350 10.09.2010 15:38 C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf --------- 44032 10.09.2010 15:38 C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 19070 10.09.2010 15:38 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 15436 10.09.2010 15:38 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 16526 10.09.2010 15:38 C:\Windows\Prefetch\AVWSC.EXE-4630B658.pf --------- 93444 10.09.2010 15:35 C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf --------- 36420 10.09.2010 15:33 C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf --------- 33808 10.09.2010 15:33 C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 84164 10.09.2010 15:32 C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf --------- 15364 10.09.2010 15:30 C:\Windows\Prefetch\RUNDLL32.EXE-02CC9EFF.pf --------- 46688 10.09.2010 15:30 C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 12398 10.09.2010 15:30 C:\Windows\Prefetch\OTL.EXE-A94AB752.pf --------- 33082 10.09.2010 15:30 C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 138722 10.09.2010 15:29 C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf --------- 29530 10.09.2010 15:27 C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 133232 10.09.2010 15:27 C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf --------- 153400 10.09.2010 15:21 C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 17964 10.09.2010 15:21 C:\Windows\Prefetch\THUNDERBIRD.EXE-5119524C.pf --------- 140688 10.09.2010 15:20 C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 76532 10.09.2010 15:19 C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf --------- 10076 10.09.2010 15:19 C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf --------- 50896 10.09.2010 15:19 C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 19052 10.09.2010 15:18 C:\Windows\Prefetch\ReadyBoot --------- 4096 10.09.2010 15:18 C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf --------- 18584 10.09.2010 15:18 C:\Windows\Prefetch\AAWTRAY.EXE-75D4AE19.pf --------- 23360 10.09.2010 15:18 C:\Windows\Prefetch\WMPSIDESHOWGADGET.EXE-6F46D654.pf --------- 28106 10.09.2010 15:18 C:\Windows\Prefetch\AAWWSC.EXE-AC2B49A2.pf --------- 26326 10.09.2010 15:18 C:\Windows\Prefetch\DXDIAG.EXE-1F1A4BF5.pf --------- 86588 10.09.2010 15:18 C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf --------- 25992 10.09.2010 15:18 C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 34440 10.09.2010 15:18 C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf --------- 278184 10.09.2010 10:59 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1008889 10.09.2010 10:59 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 404284 10.09.2010 10:59 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3178568 10.09.2010 10:59 C:\Windows\Prefetch\AgRobust.db --------- 167064 10.09.2010 10:59 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 10.09.2010 10:52 C:\Windows\Prefetch\APPLEMOBILEBACKUP.EXE-6FE90255.pf --------- 43246 10.09.2010 10:46 C:\Windows\Prefetch\WMIAPSRV.EXE-29F35ED0.pf --------- 17698 10.09.2010 10:46 C:\Windows\Prefetch\SYNCSERVER.EXE-5B564BE1.pf --------- 66416 10.09.2010 10:46 C:\Windows\Prefetch\CCC.EXE-AE792174.pf --------- 259816 10.09.2010 10:46 C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf --------- 217718 10.09.2010 10:46 C:\Windows\Prefetch\DISTNOTED.EXE-BFFB20F1.pf --------- 18546 10.09.2010 10:46 C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-96A367D7.pf --------- 43314 10.09.2010 10:46 C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf --------- 47410 10.09.2010 10:46 C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf --------- 13266 10.09.2010 10:46 C:\Windows\Prefetch\ITUNES.EXE-2A42B776.pf --------- 248928 10.09.2010 10:46 C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf --------- 17228 10.09.2010 10:46 C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf --------- 98162 10.09.2010 10:46 C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf --------- 40528 10.09.2010 10:46 C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf --------- 12802 10.09.2010 09:35 C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 16074 10.09.2010 09:33 C:\Windows\Prefetch\WLCOMM.EXE-272FF9F7.pf --------- 23276 10.09.2010 09:33 C:\Windows\Prefetch\MSNMSGR.EXE-9974F251.pf --------- 140694 10.09.2010 09:28 C:\Windows\Prefetch\SKYPEPM.EXE-EECA8925.pf --------- 37688 10.09.2010 09:28 C:\Windows\Prefetch\SKYPE.EXE-4929A84C.pf --------- 121732 10.09.2010 07:42 C:\Windows\Prefetch\CIVILIZATION4.EXE-1C4814FF.pf --------- 808840 10.09.2010 07:42 C:\Windows\Prefetch\RUNDLL32.EXE-B48AD96A.pf --------- 26266 10.09.2010 07:38 C:\Windows\Prefetch\MDCRASHREPORTTOOL.EXE-711A29B9.pf --------- 62234 10.09.2010 07:38 C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf --------- 4796 10.09.2010 07:35 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 177388 10.09.2010 07:34 C:\Windows\Prefetch\SETUP_WM.EXE-674F654A.pf --------- 37140 10.09.2010 07:33 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2537262 10.09.2010 00:24 C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 45588 09.09.2010 23:45 C:\Windows\Prefetch\BITTORRENT.EXE-BE42A0B0.pf --------- 142490 09.09.2010 22:17 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2115650759-1465992338-3137618595-1000.db --------- 925751 09.09.2010 22:17 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2115650759-1465992338-3137618595-1000.db --------- 1681934 09.09.2010 19:50 C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 24996 09.09.2010 18:46 C:\Windows\Prefetch\WOW.EXE-CBFBE6A4.pf --------- 304064 09.09.2010 18:46 C:\Windows\Prefetch\LAUNCHER.EXE-6E57B615.pf --------- 129014 09.09.2010 18:39 C:\Windows\Prefetch\CURSECLIENT.EXE-F2258FE7.pf --------- 221396 09.09.2010 18:39 C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf --------- 22964 09.09.2010 18:39 C:\Windows\Prefetch\UPDATER.EXE-9373041B.pf --------- 203156 09.09.2010 18:39 C:\Windows\Prefetch\RUNDLL32.EXE-90EFA705.pf --------- 27042 09.09.2010 16:39 C:\Windows\Prefetch\Layout.ini --------- 1235136 09.09.2010 16:31 C:\Windows\Prefetch\AVNOTIFY.EXE-FEC2FEC4.pf --------- 190244 09.09.2010 16:31 C:\Windows\Prefetch\UPDATE.EXE-026DCA13.pf --------- 63850 09.09.2010 11:35 C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-8C113626.pf --------- 15816 09.09.2010 02:50 C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --------- 15548 09.09.2010 02:50 C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 14566 09.09.2010 02:30 C:\Windows\Prefetch\AITAGENT.EXE-DA3E7689.pf --------- 1392 09.09.2010 00:30 C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf --------- 148228 09.09.2010 00:10 C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 15078 09.09.2010 00:10 C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 22408 09.09.2010 00:10 C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf --------- 29064 08.09.2010 22:25 C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf --------- 37136 08.09.2010 16:20 C:\Windows\Prefetch\RUNDLL32.EXE-FB698F2D.pf --------- 26262 08.09.2010 15:56 C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf --------- 14550 08.09.2010 15:56 C:\Windows\Prefetch\AAWSERVICE.EXE-FA222F6E.pf --------- 60612 08.09.2010 15:56 C:\Windows\Prefetch\AD-AWAREADMIN.EXE-6DA58883.pf --------- 16964 07.09.2010 22:54 C:\Windows\Prefetch\RUNDLL32.EXE-E527DB14.pf --------- 26338 07.09.2010 20:02 C:\Windows\Prefetch\PING.EXE-7E94E73E.pf --------- 11988 07.09.2010 20:02 C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf --------- 131162 07.09.2010 20:01 C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf --------- 14212 07.09.2010 17:12 C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-74B3ADF6.pf --------- 44336 07.09.2010 16:33 C:\Windows\Prefetch\MPAS-D_BD1.EXE-97E29C40.pf --------- 16908 07.09.2010 16:33 C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf --------- 31152 07.09.2010 16:33 C:\Windows\Prefetch\MPMINISIGSTUB.EXE-640A8C81.pf --------- 6534 07.09.2010 16:33 C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 31320 07.09.2010 16:31 C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf --------- 42122 06.09.2010 20:48 C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 35464 06.09.2010 18:09 C:\Windows\Prefetch\RUNDLL32.EXE-063E1BA5.pf --------- 26200 06.09.2010 16:58 C:\Windows\Prefetch\RUNDLL32.EXE-0216977B.pf --------- 26200 06.09.2010 14:25 C:\Windows\Prefetch\RUNDLL32.EXE-D17BE71E.pf --------- 26314 06.09.2010 13:02 C:\Windows\Prefetch\SC.EXE-945D79AE.pf --------- 9546 05.09.2010 20:10 C:\Windows\Prefetch\VLC.EXE-A11F73EE.pf --------- 367366 08.11.2009 00:58 C:\Windows\Prefetch\AgCx_SC1.db --------- 261276 08.11.2009 00:57 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 79238 07.11.2009 17:57 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 ---------------------------------------- C:\Windows\Tasks 10.09.2010 15:35 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 886 10.09.2010 15:17 C:\Windows\Tasks\Ad-Aware Update (Weekly).job --------- 370 10.09.2010 15:17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 882 10.09.2010 15:17 C:\Windows\Tasks\SA.DAT --------- 6 02.08.2010 10:21 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 ---------------------------------------- C:\Windows\Temp 10.09.2010 15:29 C:\Windows\Temp\MpCmdRun.log --------- 10928 10.09.2010 10:59 C:\Windows\Temp\fwtsqmfile17.sqm --------- 608 10.09.2010 10:07 C:\Windows\Temp\fwtsqmfile16.sqm --------- 608 08.09.2010 02:08 C:\Windows\Temp\fwtsqmfile15.sqm --------- 608 07.09.2010 16:33 C:\Windows\Temp\MpSigStub.log --------- 13254 06.09.2010 23:57 C:\Windows\Temp\fwtsqmfile14.sqm --------- 608 05.09.2010 22:07 C:\Windows\Temp\fwtsqmfile13.sqm --------- 608 05.09.2010 14:36 C:\Windows\Temp\fwtsqmfile12.sqm --------- 608 03.09.2010 18:00 C:\Windows\Temp\fwtsqmfile11.sqm --------- 608 03.09.2010 07:21 C:\Windows\Temp\fwtsqmfile10.sqm --------- 608 03.09.2010 01:06 C:\Windows\Temp\fwtsqmfile09.sqm --------- 608 02.09.2010 21:18 C:\Windows\Temp\fwtsqmfile08.sqm --------- 608 01.09.2010 20:47 C:\Windows\Temp\fwtsqmfile07.sqm --------- 608 01.09.2010 12:58 C:\Windows\Temp\fwtsqmfile06.sqm --------- 608 31.08.2010 02:00 C:\Windows\Temp\fwtsqmfile05.sqm --------- 608 30.08.2010 02:09 C:\Windows\Temp\fwtsqmfile04.sqm --------- 608 29.08.2010 00:56 C:\Windows\Temp\fwtsqmfile03.sqm --------- 608 28.08.2010 01:58 C:\Windows\Temp\fwtsqmfile02.sqm --------- 608 27.08.2010 01:53 C:\Windows\Temp\fwtsqmfile01.sqm --------- 608 26.08.2010 01:57 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608 24.07.2010 12:31 C:\Windows\Temp\History --------- 0 24.07.2010 12:31 C:\Windows\Temp\Cookies --------- 0 24.07.2010 12:31 C:\Windows\Temp\Temporary Internet Files --------- 0 21.07.2010 16:00 C:\Windows\Temp\MPInstrumentation --------- 0 26.06.2010 00:03 C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319 --------- 0 26.06.2010 00:01 C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319 --------- 0 08.01.2010 04:48 C:\Windows\Temp\MPTelemetrySubmit --------- 0 07.11.2009 21:26 C:\Windows\Temp\RtSigs --------- 0 ---------------------------------------- C:\Users\Pierre\AppData\Local\Temp 10.09.2010 15:38 C:\Users\Pierre\AppData\Local\Temp\Rar$DI00.292 --------- 0 10.09.2010 15:17 C:\Users\Pierre\AppData\Local\Temp\Curse --------- 0 10.09.2010 15:17 C:\Users\Pierre\AppData\Local\Temp\Deployment --------- 4096 10.09.2010 15:17 C:\Users\Pierre\AppData\Local\Temp\WPDNSE --------- 0 10.09.2010 10:58 C:\Users\Pierre\AppData\Local\Temp\WER6910.tmp.resp.erc.xml --------- 0 10.09.2010 07:34 C:\Users\Pierre\AppData\Local\Temp\wmsetup.log --------- 1218 08.09.2010 21:37 C:\Users\Pierre\AppData\Local\Temp\MessengerCache --------- 40960 04.09.2010 13:59 C:\Users\Pierre\AppData\Local\Temp\MSI98f24.LOG --------- 10912 04.09.2010 13:59 C:\Users\Pierre\AppData\Local\Temp\QTInstallCode.log --------- 10101 04.09.2010 13:56 C:\Users\Pierre\AppData\Local\Temp\SetupAdmin12FC.log --------- 84 04.09.2010 13:56 C:\Users\Pierre\AppData\Local\Temp\qtplugin.log --------- 4714 27.08.2010 21:28 C:\Users\Pierre\AppData\Local\Temp\StructuredQuery.log --------- 1423 27.08.2010 21:28 C:\Users\Pierre\AppData\Local\Temp\{816de4e8-bc04-4d77-8cab-c3d21ec86d3a} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\~rnsetup --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{FB1E6957-C060-4BEB-A939-43675AADF1A9} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{ED720AE4-1104-4B93-9519-66D8011FE073} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{E7E6F679-EA48-4759-A995-883A6869DCF6} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{E61302C5-A600-4ACE-BD38-6CF3F6E7AB72} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{E60E2E04-DEC5-4AB9-B880-95A846EC5F15} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{E073F0B5-12DB-44E6-852D-DF1C134349F3} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{D9141B94-BD2A-4BD1-812D-66AF9E950CD2} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{D7302515-009A-4261-8257-C3E870A3D27F} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{D5D4F55C-3834-466F-8A0C-38D42F061859} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{CEA0E401-A1A4-4FB2-9908-770DDFD92051} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{C64DAAC7-FFC2-48BA-B9DC-83035BFDF54B} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{C022484D-F24B-488B-A905-7AE9430DFD28} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{A967ABBF-F0DE-4741-806B-A8D2C18D20C8} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{A658085D-BBC5-4302-B973-C4790A27B4EC} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{70C70D3B-CCC5-4EB9-BA48-74FA54846926} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{706EF8A4-E78B-4414-9DA5-FCC526C87F9A} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{6D538B93-75B7-435E-AE79-9635C9BC17ED} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{6CD00F88-71E6-41D7-80A9-8FDB225359B7} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{6BFA536E-6743-4A16-9C8D-C89194C98053} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{695AD823-1B0B-4FC7-9FCA-B033A3A4EFC6} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{6305AAE2-6437-4699-B2EF-01EB2C77264C} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{66F564F1-68A0-47CB-9F42-76FAF66A74D9} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{614F790C-817A-45DB-8194-33583FD05938} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{59FB0E2D-7565-4898-92E1-89F887C05DB1} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{46EAD6C0-B2EA-4485-9163-A65A2571D0C1} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{3DC5FB18-997D-4C56-8ACA-6BCC0F770EED} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{3B5B4031-BA65-4B51-8DD6-D61777E482D6} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{39B9FB75-4741-4FE4-B7A3-9297A795BD8A} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{33125F0A-92F3-44DF-A7C4-65B478015A94} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{24B385FE-2057-4AB0-A473-27201CEDB6DD} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{1F981021-C66B-49BB-9380-F0F66F880E0E} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{149EF91B-C8FA-43EB-8C44-43FC0849E574} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{0E74F57B-C50F-4DEE-95EC-4D39FEFD91E3} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{0D900C78-5D37-4E12-8074-99E81174F0D6} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{0745B6A9-04D0-412A-B26B-3A48FB0945D8} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\{01E30EA0-74C4-4C06-A472-01D8AC2A16AE} --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\VSDE6D9.tmp --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\VBE --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\Temp1_134503.zip --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\plugtmp-1 --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\PCTInstaller --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\nsj930E.tmp --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\mProjector957005698 --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\nsf6386.tmp --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\ispF421.tmp --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\is-DDGD3.tmp --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\AskSearch --------- 0 25.08.2010 15:27 C:\Users\Pierre\AppData\Local\Temp\._msige52 --------- 0 31.07.2010 17:27 C:\Users\Pierre\AppData\Local\Temp\Blizzard Installer Temporary Data - 3fb6dffd --------- 0 31.07.2010 11:48 C:\Users\Pierre\AppData\Local\Temp\ge4748 --------- 0 21.07.2010 15:53 C:\Users\Pierre\AppData\Local\Temp\plugtmp-3 --------- 0 21.06.2010 18:25 C:\Users\Pierre\AppData\Local\Temp\plugtmp-2 --------- 0 13.06.2010 16:30 C:\Users\Pierre\AppData\Local\Temp\hsperfdata_Pierre --------- 0 09.06.2010 17:44 C:\Users\Pierre\AppData\Local\Temp\{561529f6-045b-4848-94bb-022874de6662} --------- 0 24.05.2010 18:14 C:\Users\Pierre\AppData\Local\Temp\{a7b07110-45d5-419d-9f52-d3b7404139c9} --------- 0 24.05.2010 12:43 C:\Users\Pierre\AppData\Local\Temp\{46640a0e-d3c9-4640-bb2e-b41305e5d3f6} --------- 0 24.05.2010 12:02 C:\Users\Pierre\AppData\Local\Temp\Temp1_134505.zip --------- 0 23.05.2010 14:14 C:\Users\Pierre\AppData\Local\Temp\{4b734145-0772-4f60-ac03-22994bf14fbf} --------- 0 23.05.2010 14:14 C:\Users\Pierre\AppData\Local\Temp\{332aeed7-8918-46c2-9095-9eb0877a15fd} --------- 0 23.05.2010 14:13 C:\Users\Pierre\AppData\Local\Temp\{81527f30-1293-44e2-972c-f342f038bd18} --------- 0 22.05.2010 21:46 C:\Users\Pierre\AppData\Local\Temp\msdtadmin --------- 0 22.04.2010 12:55 C:\Users\Pierre\AppData\Local\Temp\{e806f302-0ed5-44e8-a7ab-d8d71418b3be} --------- 0 22.04.2010 12:55 C:\Users\Pierre\AppData\Local\Temp\{a2f64357-f7d1-410b-a59e-00bf78b2ce45} --------- 0 22.04.2010 12:54 C:\Users\Pierre\AppData\Local\Temp\{0fa120de-1787-4daf-9a85-d529e9f28ff9} --------- 0 18.04.2010 00:41 C:\Users\Pierre\AppData\Local\Temp\{C857EC85-88A4-4E20-8E3F-09AF37157A92} --------- 0 18.04.2010 00:37 C:\Users\Pierre\AppData\Local\Temp\byeA718.tmp --------- 0 25.03.2010 22:23 C:\Users\Pierre\AppData\Local\Temp\{7FBD8FBD-1EDD-452D-9AF4-AF9BF0E20557} --------- 0 20.01.2010 11:27 C:\Users\Pierre\AppData\Local\Temp\1 --------- 0 05.12.2009 21:04 C:\Users\Pierre\AppData\Local\Temp\offer --------- 0 05.12.2009 09:09 C:\Users\Pierre\AppData\Local\Temp\plugtmp --------- 0 15.11.2009 03:53 C:\Users\Pierre\AppData\Local\Temp\Cookies --------- 0 14.11.2009 20:53 C:\Users\Pierre\AppData\Local\Temp\History --------- 0 14.11.2009 20:53 C:\Users\Pierre\AppData\Local\Temp\Temporary Internet Files --------- 0 07.11.2009 23:56 C:\Users\Pierre\AppData\Local\Temp\Blizzard --------- 0 07.11.2009 18:46 C:\Users\Pierre\AppData\Local\Temp\AVSETUP_4af5a42d --------- 0 07.11.2009 18:31 C:\Users\Pierre\AppData\Local\Temp\pft704.tmp --------- 0 07.11.2009 18:23 C:\Users\Pierre\AppData\Local\Temp\pft671D.tmp --------- 0 07.11.2009 18:18 C:\Users\Pierre\AppData\Local\Temp\Low --------- 0 07.11.2009 18:13 C:\Users\Pierre\AppData\Local\Temp\msdt --------- 0 07.11.2009 18:10 C:\Users\Pierre\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 25.09.2007 22:22 C:\Users\Pierre\AppData\Local\Temp\_isD5C6.exe --------- 455600 25.09.2007 22:22 C:\Users\Pierre\AppData\Local\Temp\_isF05B.exe --------- 455600 25.09.2007 22:21 C:\Users\Pierre\AppData\Local\Temp\_is8891.exe --------- 455600 25.09.2007 22:21 C:\Users\Pierre\AppData\Local\Temp\_isFBDF.exe --------- 455600 25.09.2007 22:20 C:\Users\Pierre\AppData\Local\Temp\_is95DA.exe --------- 455600 25.09.2007 22:20 C:\Users\Pierre\AppData\Local\Temp\_isFBCF.exe --------- 455600 25.09.2007 22:20 C:\Users\Pierre\AppData\Local\Temp\_is8A55.exe --------- 455600 25.09.2007 22:20 C:\Users\Pierre\AppData\Local\Temp\_is1384.exe --------- 455600 27.02.2007 23:08 C:\Users\Pierre\AppData\Local\Temp\_isE6CC.exe --------- 456416 27.02.2007 23:08 C:\Users\Pierre\AppData\Local\Temp\_isDDE7.exe --------- 456416 27.02.2007 23:08 C:\Users\Pierre\AppData\Local\Temp\_is8BCB.exe --------- 456416 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_isBE50.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_isE871.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_isDFD4.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_is4A30.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_is402C.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_is3382.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_is9389.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_is9D1.exe --------- 455600 24.05.2006 13:10 C:\Users\Pierre\AppData\Local\Temp\_isA526.exe --------- 455600 07.04.2005 01:39 C:\Users\Pierre\AppData\Local\Temp\setF1EC.tmp --------- 121064 ---------------------------------------- C:\Program Files 10.09.2010 15:27 C:\Program Files\Mozilla Firefox --------- 24576 04.09.2010 13:57 C:\Program Files\iTunes --------- 8192 04.09.2010 13:57 C:\Program Files\iPod --------- 0 04.09.2010 13:56 C:\Program Files\QuickTime --------- 4096 25.08.2010 15:14 C:\Program Files\Spybot - Search & Destroy --------- 8192 25.08.2010 15:07 C:\Program Files\CCleaner --------- 0 21.08.2010 12:19 C:\Program Files\BitTorrent --------- 4096 13.08.2010 11:45 C:\Program Files\Internet Explorer --------- 4096 31.07.2010 17:28 C:\Program Files\StarCraft II --------- 12288 31.07.2010 17:26 C:\Program Files\ATI --------- 0 31.07.2010 17:26 C:\Program Files\Common Files --------- 4096 31.07.2010 17:25 C:\Program Files\ATI Technologies --------- 0 31.07.2010 11:31 C:\Program Files\Google --------- 0 24.07.2010 12:29 C:\Program Files\SiSoftware --------- 0 21.07.2010 15:44 C:\Program Files\Lavasoft --------- 0 21.07.2010 10:46 C:\Program Files\GMX --------- 0 02.07.2010 19:29 C:\Program Files\Bonjour --------- 4096 26.06.2010 00:01 C:\Program Files\Microsoft.NET --------- 0 13.06.2010 16:30 C:\Program Files\InstallJammer Registry --------- 0 25.05.2010 14:00 C:\Program Files\InstallShield Installation Information --------- 0 24.05.2010 13:01 C:\Program Files\SEGA --------- 0 12.05.2010 18:58 C:\Program Files\Windows Mail --------- 0 18.04.2010 00:30 C:\Program Files\Firaxis Games --------- 0 02.04.2010 13:21 C:\Program Files\SystemRequirementsLab --------- 0 18.03.2010 15:55 C:\Program Files\Mozilla Thunderbird --------- 24576 19.01.2010 09:00 C:\Program Files\TeamSpeak 3 Client --------- 4096 30.12.2009 13:51 C:\Program Files\Skype --------- 0 17.12.2009 09:53 C:\Program Files\VideoLAN --------- 0 05.12.2009 21:04 C:\Program Files\Real --------- 0 05.12.2009 09:15 C:\Program Files\Notepad++ --------- 4096 05.12.2009 09:09 C:\Program Files\WinRAR --------- 4096 04.12.2009 18:55 C:\Program Files\Java --------- 0 04.12.2009 13:48 C:\Program Files\JoWood --------- 0 13.11.2009 02:19 C:\Program Files\DivX --------- 8192 08.11.2009 20:14 C:\Program Files\Microsoft --------- 0 08.11.2009 20:14 C:\Program Files\Windows Live --------- 0 08.11.2009 20:14 C:\Program Files\Windows Live SkyDrive --------- 0 07.11.2009 23:56 C:\Program Files\Windows Media Player --------- 4096 07.11.2009 21:35 C:\Program Files\Teamspeak2_RC2 --------- 0 07.11.2009 18:49 C:\Program Files\Apple Software Update --------- 0 07.11.2009 18:45 C:\Program Files\Avira --------- 0 07.11.2009 18:44 C:\Program Files\Microsoft Office --------- 0 07.11.2009 18:25 C:\Program Files\Logitech --------- 0 07.11.2009 18:23 C:\Program Files\MozBackup --------- 0 07.11.2009 18:22 C:\Program Files\Adobe --------- 0 07.11.2009 18:12 C:\Program Files\avmwlanstick --------- 0 07.11.2009 18:09 C:\Program Files\Windows NT --------- 4096 07.11.2009 18:09 C:\Program Files\Gemeinsame Dateien --------- 0 14.07.2009 10:56 C:\Program Files\DVD Maker --------- 0 14.07.2009 10:56 C:\Program Files\Windows Journal --------- 0 14.07.2009 10:56 C:\Program Files\Microsoft Games --------- 4096 14.07.2009 10:47 C:\Program Files\Windows Sidebar --------- 4096 14.07.2009 10:47 C:\Program Files\Windows Photo Viewer --------- 4096 14.07.2009 10:47 C:\Program Files\Windows Defender --------- 4096 14.07.2009 06:53 C:\Program Files\Uninstall Information --------- 0 14.07.2009 06:52 C:\Program Files\Windows Portable Devices --------- 0 14.07.2009 06:52 C:\Program Files\MSBuild --------- 0 14.07.2009 06:52 C:\Program Files\Reference Assemblies --------- 0 14.07.2009 06:41 C:\Program Files\desktop.ini --------- 174 ---------------------------------------- C:\ProgramData\.. Pierre Default Public Default User All Users desktop.ini ---------------------------------------- C:\Windows\system32\drivers\etc\hosts ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 3.440 K smss.exe 264 Services 0 1.668 K csrss.exe 368 Services 0 8.260 K wininit.exe 440 Services 0 9.488 K csrss.exe 448 Console 1 11.656 K services.exe 488 Services 0 14.020 K lsass.exe 504 Services 0 19.472 K lsm.exe 512 Services 0 6.644 K svchost.exe 644 Services 0 7.080 K svchost.exe 736 Services 0 6.384 K atiesrxx.exe 788 Services 0 12.900 K winlogon.exe 840 Console 1 13.264 K svchost.exe 892 Services 0 18.056 K svchost.exe 924 Services 0 72.928 K svchost.exe 964 Services 0 28.176 K svchost.exe 1072 Services 0 11.404 K WUDFHost.exe 1148 Services 0 21.968 K WUDFHost.exe 1200 Services 0 6.608 K svchost.exe 1268 Services 0 11.072 K AAWService.exe 1368 Services 0 34.348 K atieclxx.exe 1420 Console 1 15.636 K spoolsv.exe 1572 Services 0 25.608 K sched.exe 1612 Services 0 1.304 K svchost.exe 1632 Services 0 12.664 K dwm.exe 1856 Console 1 61.860 K explorer.exe 1904 Console 1 66.648 K taskhost.exe 1996 Console 1 43.220 K avguard.exe 2044 Services 0 10.900 K AppleMobileDeviceService. 336 Services 0 14.800 K LGDevAgt.exe 340 Console 1 36.568 K LCDMon.exe 380 Console 1 42.956 K mDNSResponder.exe 532 Services 0 27.676 K LGDCore.exe 508 Console 1 48.256 K taskeng.exe 732 Services 0 12.408 K GoogleUpdate.exe 2052 Services 0 27.424 K avgnt.exe 2072 Console 1 2.160 K MOM.exe 2144 Console 1 98.952 K svchost.exe 2332 Services 0 4.140 K SDWinSec.exe 2556 Services 0 35.444 K iTunesHelper.exe 2600 Console 1 73.436 K sidebar.exe 2608 Console 1 92.620 K TeaTimer.exe 2620 Console 1 122.452 K LCDClock.exe 2720 Console 1 32.552 K LCDMedia.exe 2808 Console 1 65.820 K LCDPop3.exe 2816 Console 1 32.832 K LCDCountdown.exe 2852 Console 1 33.488 K LCDRSS.exe 2860 Console 1 43.148 K CurseClient.exe 3020 Console 1 3.176 K unsecapp.exe 3104 Services 0 12.556 K WmiPrvSE.exe 3208 Services 0 16.416 K CCC.exe 3752 Console 1 93.812 K iPodService.exe 3936 Services 0 16.740 K SearchIndexer.exe 2572 Services 0 19.592 K WMPSideShowGadget.exe 1940 Console 1 66.696 K wmplayer.exe 3596 Console 1 133.520 K svchost.exe 2520 Services 0 4.716 K svchost.exe 2996 Services 0 11.368 K wmpnetwk.exe 4448 Services 0 2.616 K svchost.exe 4640 Services 0 11.836 K taskhost.exe 5056 Services 0 12.752 K AAWTray.exe 5344 Console 1 3.780 K svchost.exe 5100 Services 0 24.452 K firefox.exe 5264 Console 1 78.600 K OTL.exe 4032 Console 1 46.732 K notepad.exe 5776 Console 1 4.884 K notepad.exe 5312 Console 1 5.192 K audiodg.exe 5536 Services 0 14.748 K notepad.exe 3316 Console 1 5.336 K SearchProtocolHost.exe 4208 Services 0 6.476 K SearchFilterHost.exe 4060 Services 0 4.668 K notepad.exe 2508 Console 1 5.348 K WinRAR.exe 4300 Console 1 13.100 K cmd.exe 4252 Console 1 3.332 K conhost.exe 4064 Console 1 4.292 K tasklist.exe 5552 Console 1 4.412 K WmiPrvSE.exe 4776 Services 0 5.160 K ***** Ende des Scans 10.09.2010 um 15:39:20,34 *** |
|
11.09.2010, 19:06
| #2 |
| /// Malware-holic   | Thunderbird verschickt automatisch Spam-Emails an Adressbuch 1. deinstaliere spybot, der teatimer macht probleme beim reinigen. starte neu.
__________________2. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten, schalte nun alles an laufenden programmen ab, auch den avira guard, trenne die internetverbindung, starte nun einen komplett scan, funde löschen, avira + internet ein, log posten. 3. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
| Themen zu Thunderbird verschickt automatisch Spam-Emails an Adressbuch |
| 0x00000001, adobe, alternate, avgntflt.sys, avira, bho, components, computer, corp./icp, curse, defender, desktop, desktop.ini, drvstore, einstellungen, error, excel, excel.exe, ezsidmv.dat, fehler, firefox, flash player, fontcache, google, ieframe.dll, install.exe, installation, internet, internet explorer, intranet, launch, local\temp, memory.dmp, modifikation, mozilla, mozilla thunderbird, mpsigstub.exe, nicht gefunden, notepad.exe, ntdll.dll, nvstor.sys, oldtimer, plug-in, programdata, realtek, recycle.bin, registry, richtlinie, rundll, safer networking, saver, schannel.dll, searchplugins, security, shell32.dll, software, spam-emails, start menu, stick, teamspeak, twain.dll, twunk_32.exe, vlc media player, webcheck, windows, winhelp.exe |
Linear-Darstellung
