Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: winlogon

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.11.2010, 23:58   #1
fcangmar
 
winlogon - Standard

winlogon



Hallo,

versuche schon 2 Tagen meine Winlogon.exe zu "reparieren". Verwende AVG und dieser zeigt mir diese Datei als infiziert an.

Habe sie schon mit Jotti auch gescannt, 7 von 19 haben sie als infiziert erkannt.

Habe es weiters mit sfc und mit killbox versucht, beides fehlgeschlagen.

Bitte um Hilfe, will ein Neu-Aufsetzten vermeiden.

Danke

Alt 07.11.2010, 00:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.11.2010, 02:17   #3
fcangmar
 
winlogon - Standard

winlogon



Hi,

anbei Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5064

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

07.11.2010 02:01:21
mbam-log-2010-11-07 (02-01-21).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 476982
Time elapsed: 59 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________

Alt 07.11.2010, 02:17   #4
fcangmar
 
winlogon - Standard

winlogon



Und OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2010 02:03:36 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Martin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 501,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 97,65 Gb Total Space | 63,00 Gb Free Space | 64,52% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 59,54 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 97,51 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
 
Computer Name: +++ | User Name: ++++ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - E:\Program\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - E:\Program\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
PRC - E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
PRC - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Martin\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (toogmft) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (scinetu) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (oruqjr) -- C:\Program Files\Movie Maker\hqhakc.dll File not found
SRV - (oqimg) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (mlkynlqkb) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (eqkfl) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (bmljcgc) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (NMSAccess) -- E:\Program\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AVerScheduleService) -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AVerRemote) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (Microsoft Office Groove Audit Service) -- E:\Program\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (s7asysvx) -- G:\Program\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
SRV - (s7oiehsx) -- E:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
SRV - (S7TraceServiceX) -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
SRV - (almservice) -- E:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (msvsmon90) -- E:\Program\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (IGDCTRL) -- E:\Program\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xltsaaqhvemjujj) -- C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys ()
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AVerAF35) -- C:\WINDOWS\system32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (VMUVC) -- C:\WINDOWS\system32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Buzz)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (S7opcsrtx) PROFINET IO RT-Protocol (LLDP) -- C:\WINDOWS\system32\drivers\s7opcsrtx.sys (SIEMENS AG)
DRV - (vvftUVC) -- C:\WINDOWS\system32\drivers\vvftUVC.sys (Vimicro Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\WINDOWS\system32\drivers\SNTIE.SYS (SIEMENS AG)
DRV - (s7snsrtx) -- C:\WINDOWS\system32\drivers\s7snsrtx.sys (SIEMENS AG)
DRV - (Dpmtrcdd) -- C:\WINDOWS\system32\drivers\dpmtrcdd.sys (SIEMENS AG)
DRV - (AF05BDA) -- C:\WINDOWS\system32\drivers\AF05BDA.sys (AfaTech                  )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (s7oefs_x) -- C:\WINDOWS\System32\drivers\s7oefs_x.sys (SIEMENS AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010.11.05 15:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program\Mozilla Firefox\components [2010.10.29 05:38:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program\Mozilla Firefox\plugins [2010.10.29 05:38:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.09 09:45:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.01 19:20:53 | 000,000,000 | ---D | M]
 
[2010.08.29 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions
[2010.08.29 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.06 23:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\extensions
[2010.01.30 15:18:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.01.03 01:25:56 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\searchplugins\daemon-search.xml
[2010.08.10 22:02:08 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\searchplugins\web-search.xml
[2009.10.11 20:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
 
O1 HOSTS File: ([2010.01.25 22:26:16 | 000,001,210 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Software\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Software\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - E:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] E:\Program\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: &Download by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - E:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.01.02 21:50:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.08.18 11:00:00 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\Shell\AutoRun\command - "" = K:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.07 01:03:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martin\Desktop\OTL.exe
[2010.11.06 23:44:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Martin\Recent
[2010.11.06 23:43:37 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.11.06 23:43:27 | 000,092,672 | ---- | C] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Documents and Settings\Martin\Desktop\KillBox.exe
[2010.11.06 23:39:21 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010.11.06 23:39:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010.11.06 23:39:20 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010.11.06 23:39:20 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010.11.06 23:39:19 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010.11.06 23:39:19 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010.11.06 23:39:19 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010.11.06 23:39:18 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010.11.06 23:39:18 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010.11.06 23:39:18 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010.11.06 23:39:17 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010.11.06 23:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix
[2010.11.06 10:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010.11.05 23:04:29 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010.11.05 23:04:27 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010.11.05 23:04:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2010.11.05 23:04:15 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010.11.05 23:04:13 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010.11.05 23:04:12 | 000,019,455 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2010.11.05 23:04:11 | 000,012,063 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2010.11.05 23:04:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010.11.05 23:04:06 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010.11.05 23:04:06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2010.11.05 23:04:04 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010.11.05 23:03:59 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010.11.05 23:03:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2010.11.05 23:03:54 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010.11.05 23:03:51 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2010.11.05 23:03:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010.11.05 23:03:51 | 000,023,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2010.11.05 23:03:49 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010.11.05 23:03:48 | 000,033,599 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2010.11.05 23:03:48 | 000,019,551 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2010.11.05 23:03:47 | 000,029,311 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2010.11.05 23:03:46 | 000,012,127 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2010.11.05 23:03:46 | 000,011,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2010.11.05 23:03:45 | 000,012,415 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2010.11.05 23:03:43 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010.11.05 23:03:41 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010.11.05 23:03:39 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010.11.05 23:03:35 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010.11.05 23:03:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010.11.05 23:03:30 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010.11.05 23:03:28 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010.11.05 23:03:26 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2010.11.05 23:03:25 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2010.11.05 23:03:22 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2010.11.05 23:03:20 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010.11.05 23:03:18 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2010.11.05 23:03:16 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2010.11.05 23:03:14 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2010.11.05 23:03:12 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010.11.05 23:03:10 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010.11.05 23:03:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010.11.05 23:03:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010.11.05 23:03:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010.11.05 23:03:06 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2010.11.05 23:03:03 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2010.11.05 23:03:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2010.11.05 23:02:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2010.11.05 23:02:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2010.11.05 23:02:55 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010.11.05 23:02:53 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2010.11.05 23:02:50 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2010.11.05 23:02:48 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2010.11.05 23:02:46 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010.11.05 23:02:44 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010.11.05 23:02:42 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2010.11.05 23:02:40 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2010.11.05 23:02:37 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010.11.05 23:02:35 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010.11.05 23:02:33 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010.11.05 23:02:30 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010.11.05 23:02:28 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010.11.05 23:02:26 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010.11.05 23:02:24 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2010.11.05 23:02:22 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2010.11.05 23:02:22 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2010.11.05 23:02:19 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2010.11.05 23:02:17 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2010.11.05 23:02:15 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2010.11.05 23:02:13 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2010.11.05 23:02:11 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2010.11.05 23:02:08 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010.11.05 23:02:05 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010.11.05 23:02:03 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010.11.05 23:02:02 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010.11.05 23:02:00 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010.11.05 23:01:58 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010.11.05 23:01:55 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2010.11.05 23:01:52 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2010.11.05 23:01:51 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010.11.05 23:01:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010.11.05 23:01:46 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2010.11.05 23:01:44 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2010.11.05 23:01:42 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2010.11.05 23:01:40 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2010.11.05 23:01:38 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2010.11.05 23:01:36 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2010.11.05 23:01:34 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2010.11.05 23:01:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2010.11.05 23:01:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2010.11.05 23:01:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2010.11.05 23:01:26 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2010.11.05 23:01:24 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010.11.05 23:01:22 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010.11.05 23:01:20 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010.11.05 23:01:17 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010.11.05 23:01:14 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010.11.05 23:01:12 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2010.11.05 23:01:08 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2010.11.05 23:01:05 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2010.11.05 23:01:03 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2010.11.05 23:01:01 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010.11.05 23:00:59 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2010.11.05 23:00:57 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2010.11.05 23:00:55 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2010.11.05 23:00:53 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2010.11.05 23:00:51 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2010.11.05 23:00:51 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2010.11.05 23:00:49 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2010.11.05 23:00:42 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010.11.05 23:00:40 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010.11.05 23:00:37 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010.11.05 23:00:35 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010.11.05 23:00:34 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010.11.05 23:00:32 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2010.11.05 23:00:31 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2010.11.05 23:00:31 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2010.11.05 23:00:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2010.11.05 23:00:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2010.11.05 23:00:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2010.11.05 23:00:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2010.11.05 23:00:19 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010.11.05 23:00:17 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010.11.05 23:00:15 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010.11.05 23:00:13 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2010.11.05 23:00:11 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2010.11.05 23:00:11 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010.11.05 23:00:09 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2010.11.05 23:00:07 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2010.11.05 23:00:05 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2010.11.05 23:00:03 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2010.11.05 23:00:01 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2010.11.05 22:59:59 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2010.11.05 22:59:55 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010.11.05 22:59:53 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010.11.05 22:59:51 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010.11.05 22:59:49 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010.11.05 22:59:47 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2010.11.05 22:59:45 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010.11.05 22:59:43 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2010.11.05 22:59:40 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2010.11.05 22:59:40 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2010.11.05 22:59:38 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2010.11.05 22:59:36 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010.11.05 22:59:34 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2010.11.05 22:59:32 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010.11.05 22:59:30 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010.11.05 22:59:29 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2010.11.05 22:59:27 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2010.11.05 22:59:23 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2010.11.05 22:59:21 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2010.11.05 22:59:20 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010.11.05 22:59:18 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010.11.05 22:59:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010.11.05 22:59:14 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010.11.05 22:59:12 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010.11.05 22:59:11 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010.11.05 22:59:09 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010.11.05 22:59:07 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010.11.05 22:59:05 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010.11.05 22:59:03 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2010.11.05 22:59:01 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010.11.05 22:58:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010.11.05 22:58:58 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010.11.05 22:58:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010.11.05 22:58:56 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010.11.05 22:58:55 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010.11.05 22:58:53 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2010.11.05 22:58:51 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010.11.05 22:58:49 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2010.11.05 22:58:48 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010.11.05 22:58:46 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010.11.05 22:58:44 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010.11.05 22:58:40 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2010.11.05 22:58:38 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010.11.05 22:58:36 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010.11.05 22:58:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2010.11.05 22:58:32 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2010.11.05 22:58:29 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2010.11.05 22:58:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2010.11.05 22:58:26 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2010.11.05 22:58:24 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2010.11.05 22:58:22 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2010.11.05 22:58:21 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2010.11.05 22:58:19 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010.11.05 22:58:18 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010.11.05 22:58:16 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010.11.05 22:58:15 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2010.11.05 22:58:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2010.11.05 22:58:11 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2010.11.05 22:58:10 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010.11.05 22:58:08 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2010.11.05 22:58:07 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2010.11.05 22:58:06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2010.11.05 22:58:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2010.11.05 22:58:01 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2010.11.05 22:57:59 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2010.11.05 22:57:57 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2010.11.05 22:57:55 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2010.11.05 22:57:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2010.11.05 22:57:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2010.11.05 22:57:50 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2010.11.05 22:57:49 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2010.11.05 22:57:49 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2010.11.05 22:57:49 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2010.11.05 22:57:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2010.11.05 22:57:46 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2010.11.05 22:57:45 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2010.11.05 22:57:44 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010.11.05 22:57:42 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010.11.05 22:57:41 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2010.11.05 22:57:39 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2010.11.05 22:57:37 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2010.11.05 22:57:35 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010.11.05 22:57:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010.11.05 22:57:33 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010.11.05 22:57:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2010.11.05 22:57:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2010.11.05 22:57:26 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2010.11.05 22:57:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2010.11.05 22:57:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2010.11.05 22:57:21 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2010.11.05 22:57:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2010.11.05 22:57:17 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2010.11.05 22:57:16 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2010.11.05 22:57:14 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2010.11.05 22:57:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2010.11.05 22:57:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010.11.05 22:57:09 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010.11.05 22:57:07 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010.11.05 22:57:05 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010.11.05 22:57:02 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2010.11.05 22:57:00 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2010.11.05 22:56:57 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010.11.05 22:56:55 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2010.11.05 22:56:53 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010.11.05 22:56:53 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2010.11.05 22:56:50 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010.11.05 22:56:49 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010.11.05 22:56:47 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010.11.05 22:56:45 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010.11.05 22:56:43 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2010.11.05 22:56:41 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010.11.05 22:56:40 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010.11.05 22:56:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2010.11.05 22:56:36 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010.11.05 22:56:34 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010.11.05 22:56:32 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010.11.05 22:56:31 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010.11.05 22:56:29 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010.11.05 22:56:27 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010.11.05 22:56:26 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2010.11.05 22:56:24 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2010.11.05 22:56:22 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010.11.05 22:56:21 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010.11.05 22:56:19 | 000,019,968 | ---- | C] (Macronix International Co., Ltd.                                               ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010.11.05 22:56:17 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010.11.05 22:56:16 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010.11.05 22:56:14 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010.11.05 22:56:11 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010.11.05 22:56:08 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2010.11.05 22:56:06 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2010.11.05 22:56:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010.11.05 22:56:00 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2010.11.05 22:55:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010.11.05 22:55:58 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2010.11.05 22:55:55 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010.11.05 22:55:52 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2010.11.05 22:55:49 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2010.11.05 22:55:46 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2010.11.05 22:55:45 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2010.11.05 22:55:44 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010.11.05 22:55:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2010.11.05 22:55:41 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2010.11.05 22:55:38 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010.11.05 22:55:36 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2010.11.05 22:55:34 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2010.11.05 22:55:32 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2010.11.05 22:55:31 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2010.11.05 22:55:29 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2010.11.05 22:55:29 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2010.11.05 22:55:27 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010.11.05 22:55:26 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010.11.05 22:55:25 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010.11.05 22:55:25 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010.11.05 22:55:23 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010.11.05 22:55:23 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010.11.05 22:55:22 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010.11.05 22:55:20 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2010.11.05 22:55:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010.11.05 22:55:16 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010.11.05 22:55:14 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010.11.05 22:55:13 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010.11.05 22:55:12 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.11.05 22:55:11 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010.11.05 22:55:09 | 000,019,016 | ---- | C] (Kingston Technology Company                                                             ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010.11.05 22:55:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2010.11.05 22:55:03 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010.11.05 22:55:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010.11.05 22:54:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010.11.05 22:54:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010.11.05 22:54:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010.11.05 22:54:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010.11.05 22:54:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010.11.05 22:54:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010.11.05 22:54:37 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2010.11.05 22:54:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010.11.05 22:54:35 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2010.11.05 22:54:33 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010.11.05 22:54:33 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010.11.05 22:54:33 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010.11.05 22:54:30 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010.11.05 22:54:28 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2010.11.05 22:54:27 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2010.11.05 22:54:26 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2010.11.05 22:54:24 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2010.11.05 22:54:23 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2010.11.05 22:54:06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010.11.05 22:54:04 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2010.11.05 22:54:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2010.11.05 22:54:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2010.11.05 22:54:00 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2010.11.05 22:53:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2010.11.05 22:53:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2010.11.05 22:53:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010.11.05 22:53:54 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010.11.05 22:53:52 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010.11.05 22:53:51 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010.11.05 22:53:49 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2010.11.05 22:53:48 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010.11.05 22:53:47 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010.11.05 22:53:45 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010.11.05 22:53:45 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2010.11.05 22:53:44 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2010.11.05 22:53:42 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010.11.05 22:53:42 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010.11.05 22:53:41 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.11.05 22:53:08 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010.11.05 22:53:07 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010.11.05 22:53:06 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010.11.05 22:53:04 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010.11.05 22:53:03 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010.11.05 22:53:01 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010.11.05 22:53:00 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010.11.05 22:52:59 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010.11.05 22:52:57 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010.11.05 22:52:56 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010.11.05 22:52:54 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010.11.05 22:52:53 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010.11.05 22:52:52 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010.11.05 22:52:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2010.11.05 22:52:49 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010.11.05 22:52:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010.11.05 22:52:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2010.11.05 22:52:45 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2010.11.05 22:52:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010.11.05 22:52:42 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010.11.05 22:52:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010.11.05 22:52:37 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010.11.05 22:52:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010.11.05 22:52:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010.11.05 22:52:29 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010.11.05 22:52:27 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2010.11.05 22:52:26 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2010.11.05 22:52:25 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010.11.05 22:52:24 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010.11.05 22:52:23 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010.11.05 22:52:22 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010.11.05 22:52:20 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010.11.05 22:52:20 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010.11.05 22:52:19 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010.11.05 22:52:18 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2010.11.05 22:52:17 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2010.11.05 22:52:16 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2010.11.05 22:52:14 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2010.11.05 22:52:13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010.11.05 22:52:09 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2010.11.05 22:52:08 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010.11.05 22:52:06 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010.11.05 22:52:04 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010.11.05 22:52:03 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010.11.05 22:52:02 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010.11.05 22:52:01 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010.11.05 22:52:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010.11.05 22:51:58 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2010.11.05 22:51:55 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2010.11.05 22:51:52 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010.11.05 22:51:51 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010.11.05 22:51:50 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010.11.05 22:51:49 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010.11.05 22:51:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2010.11.05 22:51:46 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2010.11.05 22:48:51 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010.11.05 22:48:50 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010.11.05 22:48:49 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010.11.05 22:48:48 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010.11.05 22:48:47 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2010.11.05 22:48:46 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2010.11.05 22:48:45 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2010.11.05 22:48:44 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2010.11.05 22:48:43 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010.11.05 22:48:42 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2010.11.05 22:48:41 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010.11.05 22:48:40 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010.11.05 22:48:39 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2010.11.05 22:48:38 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2010.11.05 22:48:37 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010.11.05 22:48:35 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2010.11.05 22:48:34 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2010.11.05 22:48:33 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2010.11.05 22:48:32 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010.11.05 22:48:32 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2010.11.05 22:48:31 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010.11.05 22:48:28 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2010.11.05 22:48:28 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2010.11.05 22:48:27 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2010.11.05 22:48:26 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2010.11.05 22:48:25 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2010.11.05 22:48:25 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2010.11.05 22:48:24 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010.11.05 22:48:23 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010.11.05 22:48:22 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2010.11.05 22:48:22 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2010.11.05 22:48:21 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2010.11.05 22:48:20 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2010.11.05 22:48:20 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2010.11.05 22:48:19 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2010.11.05 22:48:18 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2010.11.05 22:48:17 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2010.11.05 22:48:17 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2010.11.05 22:48:15 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2010.11.05 22:48:14 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2010.11.05 22:48:13 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010.11.05 22:48:12 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010.11.05 22:48:11 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2010.11.05 22:48:10 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010.11.05 22:48:09 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010.11.05 22:48:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010.11.05 22:48:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2010.11.05 22:48:07 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010.11.05 22:48:06 | 000,029,696 | ---- | C] (CNet Technology, Inc.                                                    ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010.11.05 22:48:05 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010.11.05 22:48:05 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010.11.05 22:48:04 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010.11.05 22:48:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010.11.05 22:48:01 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010.11.05 22:48:00 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010.11.05 22:47:59 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010.11.05 22:47:58 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2010.11.05 22:47:58 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010.11.05 22:47:57 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2010.11.05 22:47:56 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2010.11.05 22:47:56 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2010.11.05 22:47:55 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2010.11.05 22:47:55 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2010.11.05 22:47:54 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2010.11.05 22:47:53 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2010.11.05 22:47:53 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2010.11.05 22:47:52 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2010.11.05 22:47:51 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2010.11.05 22:47:51 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2010.11.05 22:47:50 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2010.11.05 22:47:49 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2010.11.05 22:47:49 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2010.11.05 22:47:48 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010.11.05 22:47:47 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010.11.05 22:47:47 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2010.11.05 22:47:46 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2010.11.05 22:47:45 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010.11.05 22:47:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2010.11.05 22:47:44 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2010.11.05 22:47:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2010.11.05 22:47:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010.11.05 22:47:42 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2010.11.05 22:47:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010.11.05 22:47:40 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2010.11.05 22:47:39 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010.11.05 22:47:38 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2010.11.05 22:47:38 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2010.11.05 22:47:37 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2010.11.05 22:47:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010.11.05 22:47:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2010.11.05 22:47:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2010.11.05 22:47:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2010.11.05 22:47:34 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010.11.05 22:47:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010.11.05 22:47:33 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010.11.05 22:47:33 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010.11.05 22:47:32 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010.11.05 22:47:32 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010.11.05 22:47:31 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010.11.05 22:47:30 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010.11.05 22:47:30 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010.11.05 22:47:29 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010.11.05 22:47:29 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010.11.05 22:47:28 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010.11.05 22:47:28 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2010.11.05 22:47:27 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010.11.05 22:47:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2010.11.05 22:47:26 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2010.11.05 22:47:25 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010.11.05 22:47:24 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010.11.05 22:47:24 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010.11.05 22:47:23 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2010.11.05 22:47:20 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010.11.05 22:47:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010.11.05 22:47:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2010.11.05 22:47:18 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010.11.05 22:47:18 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010.11.05 22:47:18 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010.11.05 22:47:17 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2010.11.05 22:47:17 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2010.11.05 22:47:16 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2010.11.05 22:47:16 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2010.11.05 22:47:16 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2010.11.05 22:47:15 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2010.11.05 22:47:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010.11.05 22:47:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.11.05 22:47:10 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010.11.05 22:47:08 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010.11.05 22:47:08 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010.11.05 22:47:07 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010.11.05 22:47:07 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010.11.05 22:47:06 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010.11.05 22:47:06 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010.11.05 22:47:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010.11.05 22:47:05 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010.11.05 22:47:05 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010.11.05 22:47:04 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010.11.05 22:47:03 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010.11.05 22:47:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010.11.05 22:47:02 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010.11.05 22:47:02 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010.11.05 22:47:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010.11.05 22:47:01 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010.11.05 22:47:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010.11.05 22:47:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010.11.05 22:47:00 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010.11.05 22:47:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2010.11.05 22:46:47 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010.11.05 22:46:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010.11.05 22:46:47 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010.11.05 22:46:46 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010.11.05 22:46:46 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010.11.05 22:46:46 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010.11.05 22:46:45 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010.11.05 22:46:45 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010.11.05 22:46:45 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010.11.05 22:46:44 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010.11.05 22:46:44 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010.11.05 22:46:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010.11.05 22:46:43 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010.11.05 22:46:43 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010.11.05 22:46:42 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010.11.05 22:46:42 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010.11.05 22:46:42 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010.11.05 22:46:41 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010.11.05 22:46:41 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010.11.05 22:46:41 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010.11.05 22:46:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010.11.05 22:46:39 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010.11.05 22:46:39 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010.11.05 22:46:39 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010.11.05 22:46:39 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010.11.05 22:46:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010.11.05 22:46:38 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010.11.05 22:46:37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010.11.05 22:46:37 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010.11.05 22:46:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010.11.05 22:46:37 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010.11.05 22:46:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010.11.05 22:46:36 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010.11.05 22:46:36 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010.11.05 22:46:35 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010.11.05 22:46:35 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010.11.05 22:46:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010.11.05 22:46:31 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010.11.05 22:46:31 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010.11.05 22:46:30 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010.11.05 22:46:30 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010.11.05 22:46:30 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010.11.05 22:46:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010.11.05 22:46:29 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010.11.05 22:46:29 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010.11.05 22:46:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010.11.05 22:46:27 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010.11.05 22:46:27 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010.11.05 22:46:26 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010.11.05 22:46:25 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010.11.05 22:46:25 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010.11.05 22:46:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010.11.05 22:46:24 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010.11.05 22:46:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010.11.05 22:46:23 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010.11.05 22:46:23 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010.11.05 22:46:23 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010.11.05 22:46:23 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010.11.05 22:46:22 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010.11.05 22:46:22 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010.11.05 22:46:22 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010.11.05 22:46:22 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010.11.05 22:46:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010.11.05 22:46:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010.11.05 22:46:18 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010.11.05 22:46:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010.11.05 22:46:17 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010.11.05 22:46:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010.11.05 22:46:17 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010.11.05 22:46:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010.11.05 22:46:16 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010.11.05 22:46:16 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010.11.05 22:46:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010.11.05 22:46:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010.11.05 22:46:15 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010.11.05 22:46:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010.11.05 22:46:14 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010.11.05 22:46:14 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010.11.05 22:46:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010.11.05 22:46:13 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010.11.05 22:46:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010.11.05 22:46:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010.11.05 22:46:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010.11.05 22:46:12 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010.11.05 22:46:12 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010.11.05 22:46:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010.11.05 22:46:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010.11.05 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Desktop\New Folder (2)
[2010.11.05 21:45:27 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2010.11.05 15:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\AVG10
[2010.11.05 15:44:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010.11.05 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.11.05 15:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010.11.05 15:12:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.11.05 15:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010.11.05 15:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\9EFA732347A048E28F7735DB5EED500A.TMP
[2010.11.03 05:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010.11.02 19:39:51 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll
[2010.11.02 19:39:50 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010.11.02 19:39:49 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010.11.02 19:39:49 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010.11.02 19:39:46 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010.11.02 19:39:46 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010.11.02 19:39:46 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010.11.02 19:39:46 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010.11.02 19:39:46 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010.11.02 19:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010.11.02 19:39:45 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010.11.02 19:39:14 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010.11.02 19:39:14 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010.11.02 19:39:14 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010.11.02 19:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010.11.02 19:31:59 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Martin\Desktop\stinger10101096.exe
[2010.11.02 19:07:25 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.11.02 19:07:25 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2010.11.02 18:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010.11.02 17:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010.11.02 17:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010.11.02 17:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2010.11.01 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\TrojanHunter
[2010.11.01 15:54:44 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Martin\Desktop\procexp1204.exe
[2010.10.27 23:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Local Settings\Application Data\Temp
[2010.10.26 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2010.10.26 11:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Malwarebytes
[2010.10.26 11:41:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.26 11:41:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.26 11:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.10.26 11:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.10.26 10:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.10.26 10:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.10.26 10:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
[2010.10.26 10:32:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010.10.25 18:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin\Application Data\Youtube Downloader HD
[2009.03.28 23:36:11 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.07 01:41:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.11.07 01:19:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.07 01:03:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martin\Desktop\OTL.exe
[2010.11.07 00:59:40 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.07 00:59:40 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.11.07 00:52:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.06 23:45:55 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.11.06 23:45:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.06 23:43:27 | 000,092,672 | ---- | M] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Documents and Settings\Martin\Desktop\KillBox.exe
[2010.11.06 23:39:05 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix.exe
[2010.11.06 23:16:34 | 098,629,708 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.11.06 23:16:15 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.11.06 15:34:27 | 000,000,514 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\pes2011.lnk
[2010.11.06 10:21:58 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.11.06 09:06:26 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.11.05 21:26:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.11.05 15:44:17 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010.11.05 15:37:18 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\stinger10101096.opt
[2010.11.04 17:36:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.02 22:58:40 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.11.02 21:55:48 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.11.02 21:00:53 | 003,583,453 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Elme_Test.pdf
[2010.11.02 20:54:19 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Assembler_Programmieruebungen_V1.1.doc
[2010.11.02 20:54:16 | 000,908,288 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Befehlsliste_80C537.doc
[2010.11.02 20:54:11 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel4_EA-Baugruppen1_OHFolie.doc
[2010.11.02 20:54:07 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Addier-Subtrahierwerk_OHFolie.doc
[2010.11.02 20:54:04 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Zentraleinheit_OHFolie_Register.doc
[2010.11.02 20:54:01 | 000,418,816 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Kapitel2_Zahlensysteme_OHFolie.doc
[2010.11.02 20:53:59 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen_Loesungen.doc
[2010.11.02 20:53:56 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen.doc
[2010.11.02 20:53:53 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Prinzipieller_Programmablauf_OHFolie.doc
[2010.11.02 20:53:48 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Blockschaltbild_Mikrocomputer_Folie.doc
[2010.11.02 19:40:08 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.02 19:39:54 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.11.02 19:39:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\ZoneAlarm Security.lnk
[2010.11.02 19:32:20 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Martin\Desktop\stinger10101096.exe
[2010.11.02 19:23:33 | 000,476,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.02 19:23:33 | 000,083,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.02 17:34:20 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010.11.01 16:20:08 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.11.01 16:00:10 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.01 15:54:47 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Martin\Desktop\procexp1204.exe
[2010.10.29 14:05:40 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.29 13:55:41 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.10.28 18:38:18 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.28 18:37:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.27 23:13:52 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.26 21:20:54 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.10.26 21:20:51 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.10.26 11:10:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.10.26 10:57:04 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\start
[2010.10.26 10:56:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\completescan
[2010.10.26 10:49:12 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Martin\Application Data\install
[2010.10.26 10:41:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.10.20 21:51:37 | 000,016,236 | ---- | M] () -- C:\bar.emf
[2010.10.20 21:51:34 | 000,047,168 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.docx
[2010.10.20 21:51:24 | 000,036,656 | ---- | M] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.pdf
[41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 23:39:19 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010.11.06 23:39:18 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010.11.06 23:39:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010.11.06 23:39:01 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\SmitfraudFix.exe
[2010.11.06 23:16:34 | 098,629,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010.11.06 15:34:27 | 000,000,514 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\pes2011.lnk
[2010.11.05 23:04:27 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010.11.05 23:04:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010.11.05 22:52:41 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010.11.05 22:52:38 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010.11.05 22:52:35 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010.11.05 22:52:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010.11.05 22:52:30 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010.11.05 22:48:03 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010.11.05 22:48:03 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010.11.05 22:48:02 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010.11.05 22:46:33 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010.11.05 22:46:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010.11.05 22:46:33 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010.11.05 22:46:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010.11.05 22:46:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010.11.05 22:46:32 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010.11.05 22:46:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010.11.05 22:46:31 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010.11.05 22:46:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010.11.05 22:46:28 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010.11.05 15:44:17 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010.11.02 21:00:52 | 003,583,453 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Elme_Test.pdf
[2010.11.02 20:54:18 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Assembler_Programmieruebungen_V1.1.doc
[2010.11.02 20:54:15 | 000,908,288 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Befehlsliste_80C537.doc
[2010.11.02 20:54:10 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel4_EA-Baugruppen1_OHFolie.doc
[2010.11.02 20:54:07 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Addier-Subtrahierwerk_OHFolie.doc
[2010.11.02 20:54:04 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel3_Zentraleinheit_OHFolie_Register.doc
[2010.11.02 20:54:01 | 000,418,816 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Kapitel2_Zahlensysteme_OHFolie.doc
[2010.11.02 20:53:59 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen_Loesungen.doc
[2010.11.02 20:53:56 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\UEbungen_Zahlenumwandlungen.doc
[2010.11.02 20:53:52 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Prinzipieller_Programmablauf_OHFolie.doc
[2010.11.02 20:53:47 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Blockschaltbild_Mikrocomputer_Folie.doc
[2010.11.02 20:34:12 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\stinger10101096.opt
[2010.11.02 19:39:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\ZoneAlarm Security.lnk
[2010.11.02 19:39:45 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.02 17:34:20 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010.11.01 16:20:02 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2010.11.01 16:00:10 | 000,000,547 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.29 13:58:47 | 000,044,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.27 23:13:52 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.26 10:57:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\start
[2010.10.26 10:56:35 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\completescan
[2010.10.26 10:49:12 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\install
[2010.10.26 10:44:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.10.26 10:33:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.10.20 21:51:24 | 000,036,656 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.pdf
[2010.10.20 21:50:42 | 000,047,168 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\Verlorene Unterlagen.docx
[2010.10.11 18:16:55 | 003,796,094 | ---- | C] () -- C:\Documents and Settings\Martin\Desktop\s25082010_1362.jpg
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.09.02 14:19:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.09.02 14:19:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.09.02 14:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2010.08.08 16:00:06 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\WebpageIcons.db
[2010.06.18 19:57:08 | 000,000,137 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2010.06.18 19:27:28 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2010.06.18 19:27:28 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2010.06.18 19:27:02 | 000,598,016 | R--- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2010.06.18 19:27:02 | 000,307,200 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2010.06.18 19:27:02 | 000,294,912 | R--- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2010.06.18 19:27:02 | 000,290,816 | R--- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2010.06.18 19:27:02 | 000,249,856 | R--- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2010.06.18 19:27:02 | 000,225,280 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2010.06.18 19:27:02 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2010.05.30 15:46:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.03.15 21:44:03 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Scpw32a.dll
[2010.02.11 13:19:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.02.11 13:19:58 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.02.11 13:19:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\$_hpcst$.hpc
[2010.01.22 22:41:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.01.16 00:54:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\downloads.m3u
[2010.01.16 00:47:49 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Martin\Application Data\default.rss
[2009.12.06 11:56:26 | 000,000,450 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.15 19:56:24 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.19 16:15:47 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.04.25 16:56:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.28 23:40:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\MSBII.dll
[2009.03.28 23:36:14 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009.03.28 23:36:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009.03.28 23:36:14 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\WKAuxil.dll
[2009.03.28 23:36:10 | 003,782,416 | ---- | C] () -- C:\WINDOWS\System32\mso97.dll
[2009.03.28 23:25:04 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\asdrawim.ini
[2009.03.06 19:04:26 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009.03.06 16:06:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.03.06 16:05:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX585DEFGIPS.ini
[2009.01.18 14:46:03 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.01.17 23:47:35 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mix-fx.ini
[2009.01.11 13:13:35 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009.01.10 20:44:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.07 12:28:01 | 000,037,275 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.01.06 17:22:57 | 000,145,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.01.05 16:24:14 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Martin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.05 11:41:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.01.05 11:41:24 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.01.03 01:18:29 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.01.02 23:25:39 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009.01.02 22:40:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.02 22:15:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.01.02 22:15:42 | 000,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.01.02 22:15:41 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.10.25 17:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005.08.23 10:59:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\aspolyzt.dll
[2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\asdrawli.dll
[2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ASDRAWMA.DLL
[2005.06.10 08:46:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\FDT100.dll
[2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AS_SORT.DLL
[2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\ASDRAW32.DLL
[2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AS_MDB32.DLL
[1999.11.08 15:55:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\S7oformx.dll
[1999.07.16 14:37:56 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\TDCTRL.dll
[1996.12.19 15:37:38 | 000,103,360 | ---- | C] () -- C:\WINDOWS\System32\S7OSC16X.DLL
[1996.12.19 15:36:48 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\S7OSC32X.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

< End of report >
         
--- --- ---

Alt 07.11.2010, 02:21   #5
fcangmar
 
winlogon - Standard

winlogon



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.11.2010 02:03:36 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Martin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 501,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 97,65 Gb Total Space | 63,00 Gb Free Space | 64,52% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 59,54 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 97,51 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
 
Computer Name: +++ | User Name: +++ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\Program\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4547:TCP" = 4547:TCP:*:Enabled:krtyhd
"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Games\Crytek\Crysis\Bin32\Crysis.exe" = E:\Games\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found
"E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = E:\Games\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"E:\Program\BitTorrent\bittorrent.exe" = E:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"E:\Games\PRO\pes2009.exe" = E:\Games\PRO\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found
"E:\Program\AVG\AVG8\avgemc.exe" = E:\Program\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"E:\Program\AVG\AVG8\avgupd.exe" = E:\Program\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"E:\TerraTec\CinergyDvrHelper.exe" = E:\TerraTec\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found
"E:\TerraTec\tvtvSetup\tvtv_Wizard.exe" = E:\TerraTec\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- File not found
"E:\TerraTec\CinergyDvr.exe" = E:\TerraTec\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- File not found
"E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe" = E:\TerraTec\CinergyDvrUpdate\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update -- File not found
"E:\Program Files\Orbitdownloader\orbitdm.exe" = E:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"E:\Program Files\Orbitdownloader\orbitnet.exe" = E:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Documents and Settings\Martin\Desktop\PIC675799074533-JPG-www.facebook.com.exe" = C:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2b95ad22-c41a-4517-b9dc-d4ff98faeb8a}" = Nero 9
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{519F53E5-2A88-41CC-B728-64F8202DDA4D}" = OpenOffice.org 3.1 Language Pack (German)
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62D917DF-16DE-4383-9239-8C8BA06EB829}" = OpenOffice.org 3.1
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6A90C837-054E-44AE-B9BD-1B1F87986BBC}" = Folding@home-gpu
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F2120EB-3337-45DC-B5C3-D4DED4F0A0BA}" = SIMATIC  STEP 7 V5.4 + SP4 Professional 2006 SR5  
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8709DD83-A73F-46F8-BCA1-234A7E04D82C}" = Siemens Automation License Manager V4.0  
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F139DE-C33E-4FCC-A72B-684BF899F679}" = SIMATIC S7-SCL V5.3 + SP5 Professional 2006 SR5  
"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9EFA7323-47A0-48E2-8F77-35DB5EED500A}" = SpyHunter
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3C2952E-B9E6-4C3E-A1B3-8087654A15F4}" = SIMATIC S7-PLCSIM V5.4 + SP2 Professional 2006 SR5  
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}" = SIMATIC S7-GRAPH V5.3 + SP6 Professional 2006 SR5  
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3DWunschhausPlusVA.Exe" = 3D Wunschhaus Architekt 5.0 Plus
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.2
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EAGLE 5.4.0" = EAGLE 5.4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo RX585_RX610 Benutzerhandbuch" = EPSON Stylus Photo RX585_RX610 Handbuch
"Flash Saving Plugin" = Flash Saving Plugin
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"inode FTP" = inode FTP
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Streamripper" = Streamripper (Remove only)
"TrySim" = TrySim
"Unlocker" = Unlocker 1.9.0
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wubi" = Ubuntu
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.11.2010 11:02:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 11:05:44 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:26:41 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:29:51 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 16:49:26 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 05.11.2010 17:43:43 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 04:06:34 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 10:32:55 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 18:32:29 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
Error - 06.11.2010 18:46:03 | Computer Name = KYLE | Source = Automation License Manager Service | ID = 18
Description = API = Socket Server couldn't be started., os error code = 1460, os
 message = This operation returned because the timeout period expired.  .
 
[ OSession Events ]
Error - 11.01.2010 18:30:15 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12439
 seconds with 8580 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:30:36 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:31:14 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.01.2010 18:31:30 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2010 10:59:49 | Computer Name = KYLE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.11.2010 18:46:06 | Computer Name = KYLE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
 ""  in order to run the server:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Microsoft Config service terminated with the following error: 
  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Server Image service terminated with the following error:   %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Boot Security service terminated with the following error:   %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Microsoft Helper service terminated with the following error: 
  %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Windows Boot service terminated with the following error:   %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The dujxlx service terminated with the following error:   %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
   %%2
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7023
Description = The Server Task service terminated with the following error:   %%126
 
Error - 06.11.2010 18:47:19 | Computer Name = KYLE | Source = Service Control Manager | ID = 7024
Description = The Automation License Manager Service service terminated with service-specific
 error 1460 (0x5B4).
 
 
< End of report >
         
--- --- ---


Alt 07.11.2010, 02:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Wie oft hast Du schon mit Malwarebytes gescannt? Wars es das erste mal?
__________________
--> winlogon

Alt 07.11.2010, 02:35   #7
fcangmar
 
winlogon - Standard

winlogon



Nein, hatte vor ca. Wochen Thinkpoint, seit dem habe ich auc Malwarebytes.

Alt 07.11.2010, 02:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Es gibt also nur dieses Log von malwarebytes? Sry dass ich so nachfrage, aber es ist schon oft vorgekommen, dass nur das Log ohne Funde gepostet wurde und das macht ja nun wenig Sinn
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.11.2010, 02:48   #9
fcangmar
 
winlogon - Standard

winlogon



das war das erste Logfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4950

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

26.10.2010 12:02:48
mbam-log-2010-10-26 (12-02-48).txt

Scan type: Quick scan
Objects scanned: 177991
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Alt 07.11.2010, 22:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - (toogmft) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (scinetu) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (oruqjr) -- C:\Program Files\Movie Maker\hqhakc.dll File not found
SRV - (oqimg) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (mlkynlqkb) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (eqkfl) -- C:\WINDOWS\System32\hqhakc.dll File not found
SRV - (bmljcgc) -- C:\WINDOWS\System32\hqhakc.dll File not found
DRV - (xltsaaqhvemjujj) -- C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys ()
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe
O33 - MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\Shell\AutoRun\command - "" = K:\SamsungSoftware\APPInst.exe -- File not found
[2010.10.29 14:05:40 | 000,044,800 | ---- | M] () -- C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys
[2010.10.20 21:51:37 | 000,016,236 | ---- | M] () -- C:\bar.emf
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2010.09.02 14:19:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010.09.02 14:19:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010.09.02 14:19:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010.09.02 14:19:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:41484591AEF3A391
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
:Files
C:\WINDOWS\tasks\At*.job
C:\Program Files\Movie Maker\hqhakc.dll
C:\WINDOWS\System32\hqhakc.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2010, 23:02   #11
fcangmar
 
winlogon - Standard

winlogon



Hi,

anbei der neue report. Darf ich nur fragen was hier gemacht worden ist?

Danke


All processes killed
========== OTL ==========
Service toogmft stopped successfully!
Service toogmft deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service scinetu stopped successfully!
Service scinetu deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service oruqjr stopped successfully!
Service oruqjr deleted successfully!
File C:\Program Files\Movie Maker\hqhakc.dll File not found not found.
Service oqimg stopped successfully!
Service oqimg deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service mlkynlqkb stopped successfully!
Service mlkynlqkb deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service eqkfl stopped successfully!
Service eqkfl deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service bmljcgc stopped successfully!
Service bmljcgc deleted successfully!
File C:\WINDOWS\System32\hqhakc.dll File not found not found.
Service xltsaaqhvemjujj stopped successfully!
Service xltsaaqhvemjujj deleted successfully!
C:\WINDOWS\system32\drivers\vdrkdlxgsthjem.sys moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1810-dcad-11dd-b36a-002354091e0f}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdb1811-dcad-11dd-b36a-002354091e0f}\ not found.
File VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3ca953-2d55-11df-9a46-002354091e0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3ca953-2d55-11df-9a46-002354091e0f}\ not found.
File K:\SamsungSoftware\APPInst.exe not found.
File C:\WINDOWS\System32\drivers\vdrkdlxgsthjem.sys not found.
C:\bar.emf moved successfully.
C:\WINDOWS\system32\sysprs7.dll moved successfully.
C:\WINDOWS\system32\clauth2.dll moved successfully.
C:\WINDOWS\system32\clauth1.dll moved successfully.
C:\WINDOWS\system32\lsprst7.dll moved successfully.
C:\WINDOWS\system32\ssprs.dll moved successfully.
C:\WINDOWS\SurCode.INI moved successfully.
ADS C:\WINDOWS:41484591AEF3A391 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
File\Folder C:\Program Files\Movie Maker\hqhakc.dll not found.
File\Folder C:\WINDOWS\System32\hqhakc.dll not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3334016 bytes
->Temporary Internet Files folder emptied: 22336245 bytes
->FireFox cache emptied: 5473537 bytes
->Flash cache emptied: 1172 bytes

User: All Users

User: Babsi
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3176393 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: LocalService
->Temp folder emptied: 992536 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: Martin
->Temp folder emptied: 68901750 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45624972 bytes
->Flash cache emptied: 989 bytes

User: NetworkService
->Temp folder emptied: 2376632 bytes
->Temporary Internet Files folder emptied: 73387677 bytes
->Flash cache emptied: 2058 bytes

User: test
->Temp folder emptied: 4229843 bytes
->Temporary Internet Files folder emptied: 130845 bytes
->FireFox cache emptied: 12648103 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20825954 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 4319680 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5658057 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 261,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11082010_225831

Files\Folders moved on Reboot...
C:\Documents and Settings\Martin\Local Settings\Temp\~DFEDFA.tmp moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Martin\Local Settings\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\XUL.mfl moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_39c.dat not found!
File\Folder C:\WINDOWS\temp\ZLT06ce9.TMP not found!

Registry entries deleted on Reboot...

Alt 09.11.2010, 01:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Wir haben schädliche Einträge gelöscht.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.11.2010, 07:30   #13
fcangmar
 
winlogon - Standard

winlogon



Hallo,

CCleaner verwende ich beinahe jeden Tag. Der Combo Report:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-11-07.A2 - Martin 09.11.2010   7:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1435 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martin\Application Data\completescan
c:\documents and settings\Martin\Application Data\install
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\winlogon.exe . . . ist infiziert!!

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt 

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Service_hwinterface


(((((((((((((((((((((((   Dateien erstellt von 2010-10-09 bis 2010-11-09  ))))))))))))))))))))))))))))))
.

2010-11-08 21:58 . 2010-11-08 21:58	--------	d-----w-	C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44	--------	d-----w-	C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28	771581	-c--a-w-	c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36	26624	-c--a-w-	c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13	37961	-c--a-w-	c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56	7552	-c--a-w-	c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50	101760	-c--a-w-	c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36	79872	-c--a-w-	c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07	19840	-c--a-w-	c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49	51552	-c--a-w-	c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16	51200	-c--a-w-	c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36	8192	-c--a-w-	c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36	61952	-c--a-w-	c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36	9759	-c--a-w-	c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13	27165	-c--a-w-	c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10	22090	-c--a-w-	c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12	24618	-c--a-w-	c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12	16074	-c--a-w-	c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11	11850	-c--a-w-	c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11	12362	-c--a-w-	c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52	7040	-c--a-w-	c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12	16998	-c--a-w-	c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36	6729	-c--a-w-	c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51	13824	-c--a-w-	c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2008-04-14 04:42	507904	------w-	c:\windows\system32\winlogon.exe
2010-11-05 14:44 . 2010-11-05 14:44	--------	d-----w-	c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-08 21:39	--------	d-----w-	c:\windows\system32\drivers\AVG
2010-11-05 14:44 . 2010-11-05 14:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44	--------	d-----w-	c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12	--------	d-----w-	c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:37 . 2010-11-02 18:37	--------	d-----w-	c:\program files\Zone Labs
2010-11-02 18:07 . 2008-04-14 04:42	1033728	----a-w-	c:\windows\explorer.exe
2010-11-02 17:58 . 2010-11-05 14:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-09 06:18	--------	d-----w-	c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34	--------	d-----w-	c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05	--------	d-----w-	c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21	--------	d-----w-	c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52	--------	d-----w-	c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35	--------	d-----w-	c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56	--------	d-----w-	c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 15:27 . 2010-09-13 15:27	25680	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 02:49 . 2010-09-07 02:49	298448	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48	34384	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48	249424	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-07 02:48 . 2010-09-07 02:48	26064	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-08-19 20:42 . 2010-08-19 20:42	30288	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 20:42 . 2010-08-19 20:42	123472	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 20:42 . 2010-08-19 20:42	26192	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 35D83FE8244BD4A242E58CDFC48FFF80 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 378B7DD8284DF7E748461C69E13D3913 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="e:\program\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35	640440	----a-w-	f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26	38840	----a-w-	f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50	2521464	----a-w-	c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14	57344	----a-w-	c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38	307200	----a-w-	c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21	1548296	----a-w-	c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39	2816520	----a-w-	c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41	358920	----a-w-	c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34	18750976	----a-w-	c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02	102453	----a-w-	e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38	98304	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02	135168	----a-w-	c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"= 4547:TCP:krtyhd

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [9/10/2010 1:45 AM 265400]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/11/2010 12:58 PM 6104656]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
toogmft
oruqjr
mlkynlqkb
oqimg
bmljcgc
scinetu
eqkfl
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
MSConfigStartUp-Java developer Script Browse - c:\windows\jusched.exe
MSConfigStartUp- Malwarebytes Anti-Malware  (reboot) - c:\program\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Microsoft Driver Setup - c:\windows\cfdrive32.exe
MSConfigStartUp-oxnrmsawec - c:\docume~1\Martin\LOCALS~1\Temp\oxnrmsawec.tmp
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-xacrnowesm - c:\docume~1\Martin\LOCALS~1\Temp\xacrnowesm.tmp



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-09 07:19
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
   ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
   55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
   91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
   91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
e:\program\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-09  07:21:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-09 06:21

Vor Suchlauf: 16.654.684.160 bytes free
Nach Suchlauf: 16.451.829.760 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D8119EA07EF3C199754A10FD62883E5B
         
--- --- ---

Alt 10.11.2010, 07:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon - Standard

winlogon



Zitat:
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
Dieses Teil bitte deinstallieren. ZoneAlarm ist wirkungslos bis kontraproduktiv...
Nach der Deinstallation bitte so weitermachen:

Diese saubere winlogon.exe direkt nach c:\ herunterladen => File-Upload.net - winlogon.exe
Anschließend kommen weitere Schritte mit CF:


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
FCopy::
c:\winlogon.exe | c:\windows\system32\winlogon.exe

Filelook::
c:\windows\explorer.exe
c:\windows\ServicePackFiles\i386\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"=-

Netsvc::
toogmft
oruqjr
mlkynlqkb
oqimg
bmljcgc
scinetu
eqkfl
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.11.2010, 22:27   #15
fcangmar
 
winlogon - Standard

winlogon



Hi,

wow, wie kann man sich so gut auskennen?

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-11-07.A2 - Martin 11.11.2010  22:18:19.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1033.18.2047.1549 [GMT 1:00]
ausgeführt von:: c:\documents and settings\Martin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\documents and settings\Martin\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winlogon.exe

c:\windows\system32\winlogon.exe . . . ist infiziert!!

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ServicePackFiles\i386\explorer.exe wurde wiederhergestellt 

.
--------------- FCopy ---------------

c:\winlogon.exe --> c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((   Dateien erstellt von 2010-10-11 bis 2010-11-11  ))))))))))))))))))))))))))))))
.

2010-11-08 21:58 . 2010-11-08 21:58	--------	d-----w-	C:\_OTL
2010-11-06 22:43 . 2010-11-06 22:44	--------	d-----w-	C:\!KillBox
2010-11-06 09:31 . 2010-11-06 09:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\KONAMI
2010-11-05 22:03 . 2001-08-17 12:28	771581	-c--a-w-	c:\windows\system32\dllcache\winacisa.sys
2010-11-05 22:02 . 2001-08-17 21:36	26624	-c--a-w-	c:\windows\system32\dllcache\umaxu22.dll
2010-11-05 22:01 . 2001-08-17 11:13	37961	-c--a-w-	c:\windows\system32\dllcache\tdk100b.sys
2010-11-05 22:00 . 2001-08-17 12:56	7552	-c--a-w-	c:\windows\system32\dllcache\sonypvu1.sys
2010-11-05 21:59 . 2001-08-17 11:50	101760	-c--a-w-	c:\windows\system32\dllcache\sis300ip.sys
2010-11-05 21:58 . 2001-08-17 21:36	79872	-c--a-w-	c:\windows\system32\dllcache\rwia430.dll
2010-11-05 21:57 . 2001-08-17 13:07	19840	-c--a-w-	c:\windows\system32\dllcache\philtune.sys
2010-11-05 21:56 . 2001-08-17 11:49	51552	-c--a-w-	c:\windows\system32\dllcache\ntgrip.sys
2010-11-05 21:55 . 2008-04-13 23:16	51200	-c--a-w-	c:\windows\system32\dllcache\msdv.sys
2010-11-05 21:54 . 2001-08-17 21:36	8192	-c--a-w-	c:\windows\system32\dllcache\kbdkor.dll
2010-11-05 21:53 . 2001-08-17 21:36	61952	-c--a-w-	c:\windows\system32\dllcache\icam4ext.dll
2010-11-05 21:52 . 2001-08-17 21:36	9759	-c--a-w-	c:\windows\system32\dllcache\hsf_inst.dll
2010-11-05 21:51 . 2001-08-17 11:13	27165	-c--a-w-	c:\windows\system32\dllcache\fetnd5.sys
2010-11-05 21:51 . 2001-08-17 11:10	22090	-c--a-w-	c:\windows\system32\dllcache\fem556n5.sys
2010-11-05 21:51 . 2001-08-17 11:12	24618	-c--a-w-	c:\windows\system32\dllcache\fa410nd5.sys
2010-11-05 21:51 . 2001-08-17 11:12	16074	-c--a-w-	c:\windows\system32\dllcache\fa312nd5.sys
2010-11-05 21:51 . 2001-08-17 11:11	11850	-c--a-w-	c:\windows\system32\dllcache\f3ab18xj.sys
2010-11-05 21:51 . 2001-08-17 11:11	12362	-c--a-w-	c:\windows\system32\dllcache\f3ab18xi.sys
2010-11-05 21:51 . 2001-08-17 12:52	7040	-c--a-w-	c:\windows\system32\dllcache\exabyte2.sys
2010-11-05 21:51 . 2001-08-17 11:12	16998	-c--a-w-	c:\windows\system32\dllcache\ex10.sys
2010-11-05 21:47 . 2001-08-17 21:36	6729	-c--a-w-	c:\windows\system32\dllcache\disrvci.dll
2010-11-05 21:46 . 2001-08-17 12:51	13824	-c--a-w-	c:\windows\system32\dllcache\bulltlp3.sys
2010-11-05 20:45 . 2010-11-11 21:10	513024	----a-w-	c:\windows\system32\winlogon.exe
2010-11-05 14:44 . 2010-11-05 14:44	--------	d-----w-	c:\documents and settings\Martin\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-11-05 14:44 . 2010-11-11 21:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-11-05 14:44 . 2010-11-05 14:44	--------	d-----w-	c:\program files\AVG
2010-11-05 14:37 . 2010-11-05 14:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2010-11-05 14:12 . 2010-11-05 14:12	--------	d-----w-	c:\program files\Enigma Software Group
2010-11-03 04:52 . 2010-11-03 04:55	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-02 18:39 . 2010-06-28 12:00	46592	----a-w-	c:\windows\system32\vsutil_loc0407.dll
2010-11-02 18:07 . 2008-04-14 04:42	1033728	----a-w-	c:\windows\explorer.exe
2010-11-02 17:58 . 2010-11-05 14:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg8
2010-11-02 16:57 . 2010-11-11 20:54	--------	d-----w-	c:\windows\Internet Logs
2010-11-02 16:41 . 2010-11-02 16:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\fssg
2010-11-02 16:38 . 2010-11-02 16:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\f-secure
2010-11-01 16:34 . 2010-11-01 16:34	--------	d-----w-	c:\documents and settings\Martin\Application Data\TrojanHunter
2010-10-27 22:04 . 2010-10-27 22:05	--------	d-----w-	c:\documents and settings\Martin\Local Settings\Application Data\Temp
2010-10-26 17:20 . 2010-10-26 17:21	--------	d-----w-	c:\program files\Graboid
2010-10-26 10:52 . 2010-10-26 10:52	--------	d-----w-	c:\documents and settings\Martin\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-10-26 10:41	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 10:41 . 2010-10-26 10:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 10:41 . 2010-04-29 14:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-26 10:36 . 2010-10-26 10:36	--------	d-----w-	c:\documents and settings\Administrator\Application Data\ProgSense
2010-10-26 10:36 . 2010-10-26 10:39	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Orbit
2010-10-26 10:33 . 2010-10-26 10:33	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-26 09:34 . 2010-10-26 09:35	--------	d-----w-	c:\documents and settings\Martin\Application Data\FCAAC60ADBD2A67431F87ADADD3EE6E0
2010-10-25 17:55 . 2010-10-25 17:56	--------	d-----w-	c:\documents and settings\Martin\Application Data\Youtube Downloader HD

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033728
Created time: 2010-11-02 18:07
Modified time: 2008-04-14 04:42
MD5: 378B7DD8284DF7E748461C69E13D3913
SHA1: 7F6BE072DDC7D9C8AD4038974BC23C26A01A9016


--- c:\windows\ServicePackFiles\i386\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.5512 (xpsp.080413-2105)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033728
Created time: 2009-01-02 21:56
Modified time: 2008-04-14 04:42
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
SHA1: 9D2BF84874ABC5B6E9A2744B7865C193C08D362F


------- Sigcheck -------

[-] 2010-11-11 . 2F1F63845DB7EB2C6BD4EAB69F2B728C . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 358F7515ABCDCBB13201A42BEADD170E . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot@2010-11-09_06.19.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-11 20:52 . 2010-11-11 20:52	16384              c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2010-11-11 21:23 . 2010-11-11 21:23	16384              c:\windows\Temp\Perflib_Perfdata_614.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22	83950              c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23	83950              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-11-09 06:22	476318              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-02 18:23	476318              c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-21 17:35	640440	----a-w-	f:\software\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-12-22 00:26	38840	----a-w-	f:\software\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2010-02-05 19:50	2521464	----a-w-	c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 09:14	57344	----a-w-	c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38	307200	----a-w-	c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	e:\program\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	e:\program\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2008-11-06 11:21	1548296	----a-w-	c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2008-11-06 11:39	2816520	----a-w-	c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDevAgt]
2008-11-06 11:41	358920	----a-w-	c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-10-06 14:34	18750976	----a-w-	c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S7UB Start]
2008-07-14 23:02	102453	----a-w-	e:\program files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 14:38	98304	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-06-16 01:02	135168	----a-w-	c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gupdate1c9dc50e11d5e64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4547:TCP"= 4547:TCP:krtyhd

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 1:18 AM 717296]
R2 almservice;Automation License Manager Service;e:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [5/20/2008 3:10 PM 1146880]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [6/18/2010 7:26 PM 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [6/18/2010 7:26 PM 389120]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 3:47 PM 28363]
R2 IGDCTRL;AVM IGD CTRL Service;e:\program\FRITZ!DSL\IGDCTRL.EXE [9/4/2007 10:14 AM 87344]
R2 s7asysvx;S7 Global Services;g:\program\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 7:02 PM 69685]
R2 s7oiehsx;SIMATIC IEPG Help Service;e:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/3/2008 1:30 PM 1571912]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [7/3/2008 1:04 PM 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [7/30/2007 12:06 PM 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [7/3/2008 1:30 PM 240712]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [4/25/2009 4:48 PM 117376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/19/2009 4:27 PM 1684736]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [6/18/2010 7:28 PM 474880]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/11/2010 1:19 PM 36608]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9/2/2010 8:00 AM 252032]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9/2/2010 8:00 AM 398720]
S4 gupdate1c9dc50e11d5e64;Google Update Service (gupdate1c9dc50e11d5e64);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2009 10:20 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-07 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.13\DriverRobot.exe [2009-10-18 20:35]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - e:\program\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save Flash - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Save YouTube Video - e:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\hag7fc90.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.at
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program\VideoLAN\VLC\npvlc.dll

---- FIREFOX Richtlinien ----
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
e:\program\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
e:\program\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-11 22:23
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,77,a7,13,4d,57,e7,e8,f0,71,d5,4e,f0,fe,81,02,ba,e8,04,20,06,f0,12,
   ff,a0,3a,e8,55,45,eb,4e,ba,69,97,3d,64,ae,00,f3,4c,ba,e1,09,ca,88,7d,80,8c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-1004336348-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,b4,35,b9,89,0b,d1,22,ec,e3,6a,6c,19,e1,c7,73,d3,d5,30,67,23,
   55,da,9f,42,e1,82,db,07,d2,9f,27,e8,e9,44,bb,dc,19,cb,aa,98,73,df,bb,29,2e,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
   91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:97,5d,d3,2c,23,ce,9f,1f,b5,4c,46,8b,97,b4,c3,aa,1e,d2,5a,0e,57,
   91,8f,44,d6,46,e1,d8,d2,fd,d3,50,fd,80,f8,fe,aa,26,03,84,3c,e9,20,1b,17,ec,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
e:\program\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-11  22:25:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-11 21:25
ComboFix2.txt  2010-11-09 06:21

Vor Suchlauf: 16.346.312.704 bytes free
Nach Suchlauf: 16.420.786.176 bytes free

- - End Of File - - 68109C4EC60BEF749E4A679B0163F9F4
         
--- --- ---

Antwort

Themen zu winlogon
avg, datei, gescannt, infiziert, jotti, killbox, logon, logon.exe, reparieren, tagen, vermeide, versucht, winlogon, winlogon.exe




Ähnliche Themen: winlogon


  1. winlogon.exe, css.exe
    Plagegeister aller Art und deren Bekämpfung - 05.09.2009 (1)
  2. Winlogon.exe infiziert
    Log-Analyse und Auswertung - 26.02.2009 (3)
  3. Winlogon Notify
    Mülltonne - 02.01.2009 (0)
  4. Trojaner winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 04.04.2008 (7)
  5. winlogon.exe infiziert?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2008 (9)
  6. winlogon.exe - Trojaner ?!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2008 (4)
  7. winlogon.exe???
    Mülltonne - 16.03.2008 (0)
  8. TR/Patchd.winlogon.b
    Log-Analyse und Auswertung - 12.03.2008 (4)
  9. winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 12.03.2008 (7)
  10. winlogon.exe Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.04.2007 (2)
  11. winlogon TR/WLHack.A
    Log-Analyse und Auswertung - 30.03.2007 (1)
  12. TR/PatchedI//winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 18.01.2007 (4)
  13. winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 06.01.2007 (2)
  14. winlogon.exe und explorer.exe
    Log-Analyse und Auswertung - 29.12.2006 (9)
  15. OLE##winlogon aus registry ?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (4)
  16. Winlogon.exe Problem
    Log-Analyse und Auswertung - 07.08.2006 (3)
  17. winlogon.exe 50 - 70 % cpu
    Log-Analyse und Auswertung - 17.02.2006 (2)

Zum Thema winlogon - Hallo, versuche schon 2 Tagen meine Winlogon.exe zu "reparieren". Verwende AVG und dieser zeigt mir diese Datei als infiziert an. Habe sie schon mit Jotti auch gescannt, 7 von 19 - winlogon...
Archiv
Du betrachtest: winlogon auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.