| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN Facebook-Link VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2011, 22:06
| #1 |
 |  MSN Facebook-Link Virus Hallo leute, brauche hilfe! hab in msn einen link angeklickt der offensichtlich ein virus war. Das schlimme ist nur dass ich die exe gespeichert und ausgeführt habe  Jetz schicke ich selbst diesen link an meine freunde und mein facebook spinnt auch total. Wenn ich mich einloggen will kommt so ein werbespam der behauptet dass ich eine umfrage machen muss um wieder mein konto zu nurtzen. Habe mich in diesem forum schon zu ähnlichen themen schlau gemacht und ein Malwarebytes und OTS log gemacht. Leider ohne funde. Wäre echt dankbar für hilfe, mein pc war erst wenige tage alt.OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 18:37:04 - Run 3 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Tom_2\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 249,67 Gb Free Space | 88,10% Space Free | Partition Type: NTFS Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\DRIVERS\o2flash.exe File not found PRC - C:\Users\Tom_2\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Public\nvsvc32.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tom_2\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro ) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011.01.02 18:50:10 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101229153232.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101229153232.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-34650067-1236587136-3892751900-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-34650067-1236587136-3892751900-1003..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe () O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Tom_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WudfRd - Driver SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WudfRd - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfRd - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: mfevtp - C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfRd - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 16:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.01.02 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2011.01.02 22:22:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.02 22:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.02 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.02 22:22:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.02 22:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.02 19:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.02 19:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.29 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Meine empfangenen Dateien [2010.12.29 13:15:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2010.12.29 13:15:05 | 000,000,000 | ---D | C] -- C:\Programme\Dell Support Center [2010.12.29 13:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\PCDr [2010.12.29 12:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.12.29 12:36:58 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.29 12:36:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.29 12:36:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.29 12:36:56 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.29 12:36:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.29 12:36:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.29 12:36:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.29 12:36:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.29 12:36:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.29 12:36:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.29 12:36:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.29 12:36:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.29 12:36:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.29 12:36:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.29 00:32:37 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.12.29 00:32:37 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.12.29 00:32:37 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.12.29 00:32:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.12.29 00:32:37 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.12.29 00:32:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.12.29 00:32:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.12.29 00:32:37 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.12.29 00:32:32 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.12.29 00:27:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.29 00:27:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.29 00:27:39 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.29 00:27:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.29 00:27:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.29 00:27:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.29 00:27:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.29 00:27:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.29 00:27:32 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.29 00:27:32 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.29 00:27:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.29 00:27:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.29 00:22:58 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.12.29 00:22:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.12.29 00:22:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.12.29 00:22:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.12.29 00:22:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.12.29 00:22:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.12.29 00:22:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.12.29 00:17:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.29 00:17:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.29 00:01:09 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010.12.28 21:41:50 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.28 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.28 15:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.28 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010.12.28 00:52:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\Tracing [2010.12.28 00:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Games [2010.12.28 00:40:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Diagnostics [2010.12.28 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Reallusion [2010.12.28 00:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2010.12.27 22:49:52 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2010.12.27 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.12.27 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live [2010.12.27 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Macromedia [2010.12.27 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2010.12.27 21:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.12.27 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.12.27 21:41:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.12.27 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2010.12.27 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Help [2010.12.27 21:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.12.27 21:40:29 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.12.27 21:39:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe [2010.12.27 21:26:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\Mein Backup Datei [2010.12.27 21:07:28 | 000,000,000 | -HSD | C] -- C:\System Recovery [2010.12.27 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Dell [2010.12.27 21:06:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Stardock_Corporation [2010.12.27 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Roxio [2010.12.27 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ATI [2010.12.27 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\ATI [2010.12.27 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Creative [2010.12.27 21:05:51 | 000,000,000 | R--D | C] -- C:\Users\Tom\Searches [2010.12.27 21:05:51 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2010.12.27 21:05:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Identities [2010.12.27 21:05:34 | 000,000,000 | R--D | C] -- C:\Users\Tom\Contacts [2010.12.27 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\VirtualStore [2010.12.27 21:02:32 | 000,000,000 | --SD | C] -- C:\Users\Tom\AppData\Roaming\Microsoft [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Videos [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Saved Games [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Pictures [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Music [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Links [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Favorites [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Downloads [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Documents [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Desktop [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Vorlagen [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Verlauf [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Temporary Internet Files [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Startmenü [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\SendTo [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Recent [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Netzwerkumgebung [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Lokale Einstellungen [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Videos [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Musik [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Eigene Dateien [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Bilder [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Druckumgebung [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Cookies [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Anwendungsdaten [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Anwendungsdaten [2010.12.27 21:02:32 | 000,000,000 | -H-D | C] -- C:\Users\Tom\AppData [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Temp [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\SoftThinks [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Media Center Programs [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Programme [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.12.18 02:20:27 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics [2010.12.18 02:18:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.12.18 02:18:40 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.12.18 02:18:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.12.18 02:18:40 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.12.18 02:18:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.12.18 02:18:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.18 02:18:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.18 02:18:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.12.18 02:18:38 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.12.18 02:18:38 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.12.18 02:18:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.12.18 02:18:38 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.12.18 02:18:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.12.18 02:18:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.12.18 02:18:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.12.18 02:18:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.12.18 02:18:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.12.18 02:18:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.12.18 02:18:36 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.12.18 02:18:36 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.12.18 02:18:36 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.12.18 02:18:35 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.12.18 02:18:35 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.12.18 02:18:35 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.12.18 02:18:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.12.18 02:18:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.12.18 02:18:35 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.12.18 02:18:33 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.12.18 02:18:33 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.12.18 02:18:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.12.18 02:18:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.12.18 02:18:33 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.12.18 02:18:31 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.12.18 02:18:29 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.12.18 02:18:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.12.18 02:18:27 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.12.18 02:18:27 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.12.18 02:18:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.12.18 02:18:27 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.12.18 02:18:27 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.12.18 02:18:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.12.18 02:18:27 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.12.18 02:18:27 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.12.18 02:18:27 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.12.18 02:18:27 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.12.18 02:18:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.12.18 02:18:27 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.12.18 02:18:22 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.12.18 02:18:22 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.12.18 02:18:19 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.12.18 02:18:19 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.12.18 02:18:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.12.18 02:18:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.12.18 02:18:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.12.18 02:18:19 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.12.18 02:18:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.12.18 02:18:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.12.18 02:18:17 | 000,687,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2010.12.18 02:18:17 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2010.12.18 02:18:17 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll [2010.12.18 02:18:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2010.12.18 02:18:17 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2010.12.18 02:18:17 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2010.12.18 02:18:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe [2010.12.18 02:18:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe [2010.12.18 02:18:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2010.12.18 02:18:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2010.12.18 02:18:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll [2010.12.18 02:18:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2010.12.18 02:18:16 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll [2010.12.18 02:18:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.12.18 02:18:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2010.12.18 02:13:49 | 000,000,000 | ---D | C] -- C:\apps [2010.12.18 02:08:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2010.12.18 02:08:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.12.18 02:08:36 | 000,000,000 | ---D | C] -- C:\Drivers [2010.12.18 02:01:27 | 000,000,000 | ---D | C] -- C:\dell [2010.12.18 01:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.12.18 00:59:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238} [2010.12.18 00:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2010.12.18 00:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.12.18 00:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online [2010.12.18 00:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell [2010.12.18 00:58:48 | 000,000,000 | ---D | C] -- C:\Windows\de [2010.12.18 00:58:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2010.12.18 00:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.12.18 00:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010.12.18 00:57:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.12.18 00:56:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.12.18 00:56:26 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.12.18 00:56:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.12.18 00:56:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.12.18 00:56:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.12.18 00:56:12 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.12.18 00:56:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.12.18 00:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010.12.18 00:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.12.18 00:55:21 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll [2010.12.18 00:55:21 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll [2010.12.18 00:55:20 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll [2010.12.18 00:55:20 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll [2010.12.18 00:54:31 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2010.12.18 00:54:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2010.12.18 00:54:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2010.12.18 00:54:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2010.12.18 00:54:30 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2010.12.18 00:54:30 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2010.12.18 00:54:29 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2010.12.18 00:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.12.18 00:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam [2010.12.18 00:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2010.12.18 00:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Webcam [2010.12.18 00:50:00 | 000,224,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CtAudDrv.sys [2010.12.18 00:50:00 | 000,175,168 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CtClsFlt.sys [2010.12.18 00:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam [2010.12.18 00:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.12.18 00:47:31 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2010.12.18 00:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mcafee.com [2010.12.18 00:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\mcafee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Programme\mcafee.com [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Programme\mcafee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mcafee [2010.12.18 00:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.12.18 00:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Software [2010.12.18 00:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Software [2010.12.18 00:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2010.12.18 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2010.12.18 00:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio [2010.12.18 00:46:06 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2010.12.18 00:46:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2010.12.18 00:46:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2010.12.18 00:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio [2010.12.18 00:45:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.12.18 00:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2010.12.18 00:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.18 00:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.12.18 00:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2010.12.18 00:44:08 | 000,000,000 | ---D | C] -- C:\Temp [2010.12.18 00:44:04 | 000,151,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WimFltr.sys [2010.12.18 00:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe [2010.12.18 00:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell DataSafe Local Backup [2010.12.18 00:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.12.18 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.12.18 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.12.18 00:42:36 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.12.18 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2010.12.18 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.12.18 00:41:51 | 000,000,000 | ---D | C] -- C:\Intel [2010.12.18 00:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2010.12.18 00:40:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.12.18 00:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010.12.18 00:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.12.18 00:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2010.12.18 00:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010.12.18 00:38:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless [2010.12.18 00:38:43 | 001,114,624 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMLogon.dll [2010.12.18 00:38:36 | 000,022,520 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys [2010.12.18 00:38:35 | 007,911,424 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMWLCPL.CPL [2010.12.18 00:38:35 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe [2010.12.18 00:38:35 | 004,767,744 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\bcmttls.dll [2010.12.18 00:38:35 | 000,073,216 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll [2010.12.18 00:38:34 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe [2010.12.18 00:38:32 | 000,000,000 | ---D | C] -- C:\Programme\Dell [2010.12.18 00:37:58 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.18 00:37:58 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.18 00:37:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.18 00:37:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.12.18 00:37:55 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.12.18 00:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.12.18 00:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.12.18 00:37:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.12.18 00:37:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.18 00:37:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.18 00:37:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.18 00:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.12.18 00:37:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.12.18 00:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Dell Inc [2010.12.18 00:37:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.12.17 17:31:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.12.17 17:30:53 | 000,000,000 | ---D | C] -- C:\Programme\IDT [2010.12.17 17:30:52 | 000,601,088 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo64.dll [2010.12.17 17:30:52 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo32.dll [2010.12.17 17:30:52 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll [2010.12.17 17:30:52 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll [2010.12.17 17:30:52 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll [2010.12.17 17:30:51 | 012,572,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl [2010.12.17 17:30:51 | 003,309,568 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2010.12.17 17:30:51 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe [2010.12.17 17:30:51 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll [2010.12.17 17:30:51 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctppld64.dll [2010.12.17 17:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2010.12.17 17:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.12.17 17:28:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2011.01.03 18:33:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.01.03 17:05:08 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 17:05:08 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 16:57:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 16:57:43 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys [2011.01.02 18:50:10 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.01.02 18:50:10 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2011.01.02 12:57:57 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.02 12:57:57 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.02 12:57:57 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.02 12:57:57 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.02 12:57:57 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2010.12.29 12:33:30 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.12.29 12:32:40 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.28 16:00:12 | 000,001,782 | ---- | M] () -- C:\Users\Tom\Desktop\Counter-Strike Source.lnk [2010.12.28 15:53:41 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.27 21:06:30 | 000,001,980 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010.12.27 21:02:02 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.12.27 21:02:02 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 02:21:25 | 000,028,965 | RH-- | M] () -- C:\dell.sdr [2010.12.18 02:20:38 | 000,898,624 | ---- | M] () -- C:\Windows\SysNative\oem4.inf [2010.12.18 02:18:41 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.12.18 02:18:40 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.12.18 02:18:40 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.12.18 02:18:40 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.12.18 02:18:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.12.18 02:18:40 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.18 02:18:40 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.18 02:18:40 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.12.18 02:18:38 | 001,572,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.12.18 02:18:38 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.12.18 02:18:38 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.12.18 02:18:38 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.12.18 02:18:37 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.12.18 02:18:37 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.12.18 02:18:37 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.12.18 02:18:37 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.12.18 02:18:37 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.12.18 02:18:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.12.18 02:18:36 | 002,085,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.12.18 02:18:36 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.12.18 02:18:36 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.12.18 02:18:35 | 005,507,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.12.18 02:18:35 | 003,955,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.12.18 02:18:35 | 003,899,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.12.18 02:18:35 | 002,870,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.12.18 02:18:35 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.12.18 02:18:35 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.12.18 02:18:33 | 001,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.12.18 02:18:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.12.18 02:18:33 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.12.18 02:18:33 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.12.18 02:18:33 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.12.18 02:18:31 | 000,861,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.12.18 02:18:29 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.12.18 02:18:29 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.12.18 02:18:28 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.12.18 02:18:27 | 014,627,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.12.18 02:18:27 | 012,625,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.12.18 02:18:27 | 011,406,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.12.18 02:18:27 | 001,736,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.12.18 02:18:27 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.12.18 02:18:27 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.12.18 02:18:27 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.12.18 02:18:27 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.12.18 02:18:27 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.12.18 02:18:27 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.12.18 02:18:27 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.12.18 02:18:22 | 001,975,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.12.18 02:18:22 | 001,320,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.12.18 02:18:19 | 001,024,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.12.18 02:18:19 | 000,738,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.12.18 02:18:19 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.12.18 02:18:19 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.12.18 02:18:19 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.12.18 02:18:19 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.12.18 02:18:19 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.12.18 02:18:19 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.12.18 02:18:17 | 000,687,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2010.12.18 02:18:17 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2010.12.18 02:18:17 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll [2010.12.18 02:18:17 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2010.12.18 02:18:17 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2010.12.18 02:18:17 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2010.12.18 02:18:17 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe [2010.12.18 02:18:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe [2010.12.18 02:18:17 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2010.12.18 02:18:16 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2010.12.18 02:18:16 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll [2010.12.18 02:18:16 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2010.12.18 02:18:16 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll [2010.12.18 02:18:16 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.12.18 02:18:16 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2010.12.18 02:10:24 | 000,003,788 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_1749.mrk [2010.12.18 02:10:24 | 000,003,788 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_1749.mrk [2010.12.18 00:37:56 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.18 00:37:56 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.18 00:37:56 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.18 00:37:56 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.12.18 00:37:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.12.18 00:37:43 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.18 00:37:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.18 00:37:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.17 17:32:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.12.17 17:31:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf ========== Files Created - No Company Name ========== [2011.01.02 18:50:10 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2011.01.01 15:35:05 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2010.12.29 13:15:33 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2010.12.29 13:15:32 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2010.12.29 12:33:30 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.12.28 16:00:12 | 000,001,782 | ---- | C] () -- C:\Users\Tom\Desktop\Counter-Strike Source.lnk [2010.12.28 15:53:41 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.27 21:06:30 | 000,001,980 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010.12.18 02:21:24 | 000,028,965 | RH-- | C] () -- C:\dell.sdr [2010.12.18 02:10:24 | 000,003,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_1749.mrk [2010.12.18 02:10:23 | 000,003,788 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_1749.mrk [2010.12.18 00:50:45 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.bmp [2010.12.18 00:50:45 | 000,024,995 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.jpg [2010.12.18 00:38:36 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll [2010.12.18 00:38:36 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat [2010.12.18 00:38:35 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\bcmwlrmt.dll [2010.12.18 00:38:35 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat [2010.12.17 17:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.17 17:31:54 | 000,898,624 | ---- | C] () -- C:\Windows\SysNative\oem4.inf [2010.12.17 17:31:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.17 17:28:49 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.12.29 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PCDr [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009.07.14 06:08:49 | 000,004,914 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.03 18:33:00 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.27 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Adobe [2010.12.27 21:06:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\ATI [2010.12.27 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Creative [2010.12.27 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Dell [2010.12.27 21:05:40 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Identities [2010.12.27 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Macromedia [2011.01.02 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Media Center Programs [2010.12.28 16:00:11 | 000,000,000 | --SD | M] -- C:\Users\Tom\AppData\Roaming\Microsoft [2010.12.29 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PCDr [2010.12.28 00:14:07 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Reallusion [2010.12.27 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Roxio < %APPDATA%\*.exe /s > [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\1602b007-d0d6-46d3-a62b-a9ee9e60b9ab\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\45fe149f-0af3-4b2f-a061-6821c36d1937\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\60323e65-ec0d-470f-aa6c-fa8fff0bb6cd\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\8cdecef2-ce17-4a6d-b91a-10a6336cbb0e\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\bdecaaae-6e08-40c2-9474-68b33b575724\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Tom\AppData\Roaming\PCDr\Update\Rules\d99d0bdb-e5c7-47c9-9508-2a1c77405df4\DellSignedAppUpdaterRules\AddCertificate.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll [2010.11.04 06:48:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\iepeers.dll < End of report > |
|
04.01.2011, 12:43
| #2 |
| /// Malware-holic   | MSN Facebook-Link Virus kannst du mir mal zusätzlich den oder die links die du versendest als private nachicht zukommen lassen?
__________________
__________________ |
|
04.01.2011, 18:09
| #3 |
| /// Malware-holic | MSN Facebook-Link Virus • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Public\nvsvc32.exe () O4 - HKU\S-1-5-21-34650067-1236587136-3892751900-1003..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe () :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
04.01.2011, 20:07
| #4 |
| /// Malware-holic | MSN Facebook-Link Virus bitte das nächste mal reinschreiben wenn du hochgeladen hast, sonst dauerts immer bis ich nach sehe. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2011, 21:53
| #5 |
| | MSN Facebook-Link Virus Habe den comofix log gemacht. Es gab aba eine warnung dass eine PEV.cfxxe nicht funktioniert. Log hab ich trotzdem bekommen. [TABLE] Combofix Logfile: Code:
ATTFilter ComboFix 11-01-04.01 - Tom 04.01.2011 21:26:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3957.2684 [GMT 1:00]
ausgeführt von:: c:\users\Tom_2\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-04 bis 2011-01-04 ))))))))))))))))))))))))))))))
.
2011-01-04 20:29 . 2011-01-04 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-04 17:28 . 2011-01-04 17:36 -------- d-----w- C:\_OTL
2011-01-02 21:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-02 21:22 . 2011-01-02 21:22 -------- d-----w- c:\programdata\Malwarebytes
2011-01-02 21:22 . 2011-01-02 21:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-02 18:53 . 2011-01-03 15:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-02 18:53 . 2011-01-02 21:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-29 12:15 . 2010-12-29 12:15 -------- d-----w- c:\program files\Dell Support Center
2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\program files (x86)\Common Files\Steam
2010-12-29 11:37 . 2010-11-04 06:31 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-28 23:32 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-28 23:32 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-28 23:32 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-28 23:32 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-28 23:32 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-28 23:28 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-28 23:28 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-28 23:27 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-28 23:27 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-28 23:27 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-28 23:27 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-28 23:27 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-28 23:27 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-28 23:22 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-28 23:22 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-28 23:22 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-28 23:17 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-28 20:58 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-28 20:58 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-28 20:58 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-28 14:53 . 2011-01-03 22:48 -------- d-----w- c:\program files (x86)\Steam
2010-12-27 23:05 . 2010-12-27 23:14 -------- d-----w- c:\programdata\Creative
2010-12-27 20:41 . 2010-12-27 20:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-12-27 20:40 . 2010-12-29 11:38 -------- d-----w- c:\programdata\Microsoft Help
2010-12-27 20:40 . 2010-12-27 20:40 -------- d-----r- C:\MSOCache
2010-12-27 20:07 . 2010-12-27 20:07 -------- d-sh--w- C:\System Recovery
2010-12-18 01:20 . 2010-12-18 01:20 -------- d-----w- c:\program files\Synaptics
2010-12-18 01:13 . 2010-12-17 23:52 -------- d-----w- C:\apps
2010-12-18 01:08 . 2010-12-27 19:56 -------- d-----w- c:\windows\Panther
2010-12-18 01:08 . 2010-11-27 19:54 -------- d-----w- C:\Drivers
2010-12-18 01:01 . 2010-12-27 22:22 -------- d-----w- C:\dell
2010-12-18 00:06 . 2010-12-18 00:06 -------- d-----w- c:\programdata\ATI
2010-12-18 00:06 . 2010-12-18 00:06 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2010-12-17 23:59 . 2010-12-17 23:59 -------- dc-h--w- c:\programdata\{04A07C23-5821-4F25-BF46-1188636AE238}
2010-12-17 23:59 . 2011-01-02 12:25 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-17 23:59 . 2010-12-18 00:01 -------- d-----w- c:\program files (x86)\Dell
2010-12-17 23:58 . 2010-12-17 23:58 -------- d-----w- c:\windows\de
2010-12-17 23:58 . 2010-12-17 23:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-17 23:57 . 2010-12-29 11:43 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-17 23:57 . 2010-12-17 23:57 -------- d-----w- c:\windows\PCHEALTH
2010-12-17 23:56 . 2010-12-27 22:15 -------- d-----w- c:\program files\Windows Live
2010-12-17 23:56 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-17 23:56 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-17 23:56 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-17 23:56 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-17 23:55 . 2011-01-03 15:57 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-17 23:55 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-12-17 23:55 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-12-17 23:54 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-12-17 23:54 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-12-17 23:54 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-12-17 23:52 . 2010-12-17 23:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-17 23:50 . 2010-12-17 23:50 -------- d-----w- c:\program files (x86)\Creative
2010-12-17 23:50 . 2010-12-17 23:50 -------- d-----w- c:\program files (x86)\Dell Webcam
2010-12-17 23:49 . 2010-12-17 23:49 -------- d-----w- c:\program files (x86)\Creative Live! Cam
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----r- c:\program files (x86)\Skype
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----w- c:\programdata\Skype
2010-12-17 23:45 . 2010-12-29 12:16 -------- d-----w- c:\programdata\PCDr
2010-12-17 23:44 . 2010-12-27 20:34 -------- d-----w- C:\Temp
2010-12-17 23:43 . 2011-01-04 19:13 -------- d-----w- c:\program files (x86)\Dell DataSafe Local Backup
2010-12-17 23:42 . 2010-12-17 23:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-17 23:42 . 2010-12-17 23:42 -------- d-----w- c:\program files\Intel
2010-12-17 23:41 . 2010-12-17 23:42 -------- d-----w- c:\program files (x86)\Intel
2010-12-17 23:41 . 2010-12-17 23:41 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2010-12-17 23:41 . 2010-12-17 23:41 -------- d-----w- C:\Intel
2010-12-17 23:40 . 2010-12-17 23:49 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-12-17 23:40 . 2010-12-17 23:41 -------- d-----w- c:\program files (x86)\ATI Technologies
2010-12-17 23:40 . 2010-12-29 12:14 -------- d-----w- c:\programdata\Dell
2010-12-17 23:40 . 2010-12-17 23:40 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2010-12-17 23:39 . 2010-12-17 23:40 -------- d-----w- c:\program files (x86)\Cisco
2010-12-17 23:38 . 2009-07-17 15:06 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2010-12-17 23:38 . 2009-07-17 15:06 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2010-12-17 23:38 . 2010-12-17 23:59 -------- d-----w- c:\program files\Dell
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files\Java
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-17 23:37 . 2010-12-17 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files (x86)\Java
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\windows\SysWow64\Macromed
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files\Dell Inc
2010-12-17 23:37 . 2011-01-02 17:52 -------- d-sh--w- c:\windows\Installer
2010-12-17 16:32 . 2010-12-17 16:32 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-17 16:30 . 2010-12-17 16:30 -------- d-----w- c:\program files\IDT
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 01:18 . 2010-12-18 01:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-12-28 1242448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1484856]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
c:\users\Tom_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-18 23912]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
2011-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
2011-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
2011-01-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"MRT"="c:\windows\system32\MRT.exe" [2010-12-08 39298504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-04 21:34:22
ComboFix-quarantined-files.txt 2011-01-04 20:34
ComboFix2.txt 2011-01-04 20:15
Vor Suchlauf: 14 Verzeichnis(se), 267.212.476.416 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 267.161.010.176 Bytes frei
- - End Of File - - 2A22E5240AF30CE8BA69EA066F92EFE3
|
|
05.01.2011, 12:53
| #6 |
| /// Malware-holic | MSN Facebook-Link Virus lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. werden noch nachichten gesendet?
__________________ --> MSN Facebook-Link Virus |
|
05.01.2011, 19:32
| #7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| | MSN Facebook-Link Virus Hier meine installierten programme hab jetzt nichts dahinter geschrieben weil ich glaube dass alle programme notwendig sind.
|
|
05.01.2011, 19:40
| #8 |
| /// Malware-holic | MSN Facebook-Link Virus was hat das mit glauben zu tun, du sollst es so machen, dass du von dir aus gehst, welche du benötigst etc. und nicht als tabelle, einfach die liste reicht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2011, 19:48
| #9 |
| /// Malware-holic | MSN Facebook-Link Virus desweiteren benötige ich ne neue otl.txt und ein GMER log http://www.trojaner-board.de/74908-a...t-scanner.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2011, 21:22
| #11 |
| /// Malware-holic | MSN Facebook-Link Virus hast du nur den schnell scan von GMER gemacht, der automatisch beim start läuft, oder hast du, wie in der anleitung beschrieben, auf scan geklickt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2011, 21:23
| #12 |
| /// Malware-holic | MSN Facebook-Link Virus das ist nur extras.txt ich benötige otl.txt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2011, 21:47
| #13 |
| | MSN Facebook-Link Virus Oh Sorry. Ich habs wie in der anleitung beschrieben gemacht. Hier der OTLlog. OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2011 21:30:35 - Run 4 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Tom_2\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 248,81 Gb Free Space | 87,79% Space Free | Partition Type: NTFS Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\DRIVERS\o2flash.exe File not found PRC - C:\Users\Tom_2\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Public\nvsvc32.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tom_2\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro ) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-34650067-1236587136-3892751900-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2011.01.02 18:50:10 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101229153232.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101229153232.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-34650067-1236587136-3892751900-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-34650067-1236587136-3892751900-1003..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe () O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Tom_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.05 18:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.01.05 18:49:18 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.01.05 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.01.04 21:34:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.01.04 20:13:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.01.04 18:28:36 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.02 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2011.01.02 22:22:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.02 22:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.02 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.02 22:22:34 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.02 22:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.02 19:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.02 19:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.29 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Meine empfangenen Dateien [2010.12.29 13:15:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2010.12.29 13:15:05 | 000,000,000 | ---D | C] -- C:\Programme\Dell Support Center [2010.12.29 13:00:42 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\PCDr [2010.12.29 12:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.12.29 12:36:58 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.29 12:36:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.29 12:36:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.29 12:36:56 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.29 12:36:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.29 12:36:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.29 12:36:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.29 12:36:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.29 12:36:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.29 12:36:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.29 12:36:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.29 12:36:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.29 12:36:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.29 12:36:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.29 00:32:37 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.12.29 00:32:37 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.12.29 00:32:37 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.12.29 00:32:37 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.12.29 00:32:37 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.12.29 00:32:37 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.12.29 00:32:37 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.12.29 00:32:37 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.12.29 00:32:32 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.12.29 00:27:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.29 00:27:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.29 00:27:39 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.29 00:27:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.29 00:27:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.29 00:27:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.29 00:27:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.29 00:27:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.29 00:27:32 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.29 00:27:32 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.29 00:27:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.29 00:27:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.29 00:22:58 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.12.29 00:22:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.12.29 00:22:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.12.29 00:22:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.12.29 00:22:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.12.29 00:22:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.12.29 00:22:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.12.29 00:17:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.29 00:17:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.29 00:01:09 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010.12.28 21:41:50 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.28 16:00:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.28 15:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.28 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010.12.28 00:52:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\Tracing [2010.12.28 00:43:58 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Games [2010.12.28 00:40:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Diagnostics [2010.12.28 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Reallusion [2010.12.28 00:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2010.12.27 22:49:52 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2010.12.27 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.12.27 22:37:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Windows Live [2010.12.27 21:57:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Macromedia [2010.12.27 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2010.12.27 21:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010.12.27 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.12.27 21:41:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.12.27 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2010.12.27 21:40:57 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Help [2010.12.27 21:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.12.27 21:40:29 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.12.27 21:39:40 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Adobe [2010.12.27 21:26:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\Mein Backup Datei [2010.12.27 21:07:28 | 000,000,000 | -HSD | C] -- C:\System Recovery [2010.12.27 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Dell [2010.12.27 21:06:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Stardock_Corporation [2010.12.27 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Roxio [2010.12.27 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\ATI [2010.12.27 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\ATI [2010.12.27 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Creative [2010.12.27 21:05:51 | 000,000,000 | R--D | C] -- C:\Users\Tom\Searches [2010.12.27 21:05:51 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2010.12.27 21:05:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Identities [2010.12.27 21:05:34 | 000,000,000 | R--D | C] -- C:\Users\Tom\Contacts [2010.12.27 21:05:30 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\VirtualStore [2010.12.27 21:02:32 | 000,000,000 | --SD | C] -- C:\Users\Tom\AppData\Roaming\Microsoft [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Videos [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Saved Games [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Pictures [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Music [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Links [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Favorites [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Downloads [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Documents [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\Desktop [2010.12.27 21:02:32 | 000,000,000 | R--D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Vorlagen [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Verlauf [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Temporary Internet Files [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Startmenü [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\SendTo [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Recent [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Netzwerkumgebung [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Lokale Einstellungen [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Videos [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Musik [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Eigene Dateien [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Documents\Eigene Bilder [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Druckumgebung [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Cookies [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\AppData\Local\Anwendungsdaten [2010.12.27 21:02:32 | 000,000,000 | -HSD | C] -- C:\Users\Tom\Anwendungsdaten [2010.12.27 21:02:32 | 000,000,000 | -H-D | C] -- C:\Users\Tom\AppData [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\temp [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\SoftThinks [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft [2010.12.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Media Center Programs [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Programme [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.12.27 21:02:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.12.18 02:20:27 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics [2010.12.18 02:18:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.12.18 02:18:40 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.12.18 02:18:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.12.18 02:18:40 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.12.18 02:18:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.12.18 02:18:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.18 02:18:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.18 02:18:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.12.18 02:18:38 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.12.18 02:18:38 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.12.18 02:18:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.12.18 02:18:38 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.12.18 02:18:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.12.18 02:18:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.12.18 02:18:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.12.18 02:18:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.12.18 02:18:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.12.18 02:18:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.12.18 02:18:36 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.12.18 02:18:36 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.12.18 02:18:36 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.12.18 02:18:35 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.12.18 02:18:35 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.12.18 02:18:35 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.12.18 02:18:35 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.12.18 02:18:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.12.18 02:18:35 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.12.18 02:18:33 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.12.18 02:18:33 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.12.18 02:18:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.12.18 02:18:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.12.18 02:18:33 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.12.18 02:18:31 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.12.18 02:18:29 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.12.18 02:18:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.12.18 02:18:27 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.12.18 02:18:27 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.12.18 02:18:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.12.18 02:18:27 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.12.18 02:18:27 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.12.18 02:18:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.12.18 02:18:27 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.12.18 02:18:27 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.12.18 02:18:27 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.12.18 02:18:27 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.12.18 02:18:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.12.18 02:18:27 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.12.18 02:18:22 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.12.18 02:18:22 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.12.18 02:18:19 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.12.18 02:18:19 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.12.18 02:18:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.12.18 02:18:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.12.18 02:18:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.12.18 02:18:19 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.12.18 02:18:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.12.18 02:18:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.12.18 02:18:17 | 000,687,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2010.12.18 02:18:17 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2010.12.18 02:18:17 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll [2010.12.18 02:18:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2010.12.18 02:18:17 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2010.12.18 02:18:17 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2010.12.18 02:18:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe [2010.12.18 02:18:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe [2010.12.18 02:18:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2010.12.18 02:18:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2010.12.18 02:18:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll [2010.12.18 02:18:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2010.12.18 02:18:16 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll [2010.12.18 02:18:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.12.18 02:18:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2010.12.18 02:13:49 | 000,000,000 | ---D | C] -- C:\apps [2010.12.18 02:08:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2010.12.18 02:08:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.12.18 02:08:36 | 000,000,000 | ---D | C] -- C:\Drivers [2010.12.18 02:01:27 | 000,000,000 | ---D | C] -- C:\dell [2010.12.18 01:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.12.18 00:59:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{04A07C23-5821-4F25-BF46-1188636AE238} [2010.12.18 00:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2010.12.18 00:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.12.18 00:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online [2010.12.18 00:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell [2010.12.18 00:58:48 | 000,000,000 | ---D | C] -- C:\Windows\de [2010.12.18 00:58:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2010.12.18 00:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.12.18 00:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010.12.18 00:57:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.12.18 00:56:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.12.18 00:56:26 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.12.18 00:56:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.12.18 00:56:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.12.18 00:56:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.12.18 00:56:12 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.12.18 00:56:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.12.18 00:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010.12.18 00:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010.12.18 00:55:21 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll [2010.12.18 00:55:21 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll [2010.12.18 00:55:20 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll [2010.12.18 00:55:20 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll [2010.12.18 00:54:31 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2010.12.18 00:54:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2010.12.18 00:54:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2010.12.18 00:54:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2010.12.18 00:54:30 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2010.12.18 00:54:30 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2010.12.18 00:54:29 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2010.12.18 00:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.12.18 00:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam [2010.12.18 00:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2010.12.18 00:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Webcam [2010.12.18 00:50:00 | 000,224,768 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CtAudDrv.sys [2010.12.18 00:50:00 | 000,175,168 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\CtClsFlt.sys [2010.12.18 00:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam [2010.12.18 00:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010.12.18 00:47:31 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2010.12.18 00:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mcafee.com [2010.12.18 00:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\mcafee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Programme\mcafee.com [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Programme\mcafee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2010.12.18 00:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mcafee [2010.12.18 00:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.12.18 00:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Software [2010.12.18 00:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Software [2010.12.18 00:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall [2010.12.18 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2010.12.18 00:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio [2010.12.18 00:46:06 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2010.12.18 00:46:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2010.12.18 00:46:06 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.12.18 00:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2010.12.18 00:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio [2010.12.18 00:45:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.12.18 00:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2010.12.18 00:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.12.18 00:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.12.18 00:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2010.12.18 00:44:08 | 000,000,000 | ---D | C] -- C:\Temp [2010.12.18 00:44:04 | 000,151,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WimFltr.sys [2010.12.18 00:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe [2010.12.18 00:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell DataSafe Local Backup [2010.12.18 00:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.12.18 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.12.18 00:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.12.18 00:42:36 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2010.12.18 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2010.12.18 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2010.12.18 00:41:51 | 000,000,000 | ---D | C] -- C:\Intel [2010.12.18 00:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2010.12.18 00:40:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.12.18 00:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010.12.18 00:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.12.18 00:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell [2010.12.18 00:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2010.12.18 00:38:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless [2010.12.18 00:38:43 | 001,114,624 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMLogon.dll [2010.12.18 00:38:36 | 000,022,520 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys [2010.12.18 00:38:35 | 007,911,424 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMWLCPL.CPL [2010.12.18 00:38:35 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe [2010.12.18 00:38:35 | 004,767,744 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\bcmttls.dll [2010.12.18 00:38:35 | 000,073,216 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll [2010.12.18 00:38:34 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe [2010.12.18 00:38:32 | 000,000,000 | ---D | C] -- C:\Programme\Dell [2010.12.18 00:37:58 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.18 00:37:58 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.18 00:37:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.18 00:37:58 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.12.18 00:37:55 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.12.18 00:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.12.18 00:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.12.18 00:37:47 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.12.18 00:37:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.18 00:37:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.18 00:37:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.18 00:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.12.18 00:37:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.12.18 00:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Dell Inc [2010.12.18 00:37:29 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.12.17 17:31:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.12.17 17:30:53 | 000,000,000 | ---D | C] -- C:\Programme\IDT [2010.12.17 17:30:52 | 000,601,088 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo64.dll [2010.12.17 17:30:52 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo32.dll [2010.12.17 17:30:52 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll [2010.12.17 17:30:52 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll [2010.12.17 17:30:52 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll [2010.12.17 17:30:51 | 012,572,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl [2010.12.17 17:30:51 | 003,309,568 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2010.12.17 17:30:51 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe [2010.12.17 17:30:51 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll [2010.12.17 17:30:51 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctppld64.dll [2010.12.17 17:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2010.12.17 17:29:35 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.12.17 17:28:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2011.01.05 21:28:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.01.05 18:51:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.05 18:51:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.05 18:49:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.05 18:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.05 18:43:52 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys [2011.01.02 18:50:10 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.01.02 18:50:10 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2011.01.02 12:57:57 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.02 12:57:57 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.02 12:57:57 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.02 12:57:57 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.02 12:57:57 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2010.12.29 12:33:30 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.12.29 12:32:40 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.28 16:00:12 | 000,001,782 | ---- | M] () -- C:\Users\Tom\Desktop\Counter-Strike Source.lnk [2010.12.28 15:53:41 | 000,000,694 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.27 21:06:30 | 000,001,980 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010.12.27 21:02:02 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.12.27 21:02:02 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 02:21:25 | 000,028,965 | RH-- | M] () -- C:\dell.sdr [2010.12.18 02:20:38 | 000,898,624 | ---- | M] () -- C:\Windows\SysNative\oem4.inf [2010.12.18 02:18:41 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.12.18 02:18:40 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.12.18 02:18:40 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.12.18 02:18:40 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.12.18 02:18:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.12.18 02:18:40 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.12.18 02:18:40 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.12.18 02:18:40 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.12.18 02:18:38 | 001,572,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.12.18 02:18:38 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.12.18 02:18:38 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.12.18 02:18:38 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.12.18 02:18:37 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.12.18 02:18:37 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.12.18 02:18:37 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.12.18 02:18:37 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.12.18 02:18:37 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.12.18 02:18:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.12.18 02:18:36 | 002,085,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.12.18 02:18:36 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.12.18 02:18:36 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.12.18 02:18:35 | 005,507,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.12.18 02:18:35 | 003,955,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.12.18 02:18:35 | 003,899,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.12.18 02:18:35 | 002,870,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.12.18 02:18:35 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.12.18 02:18:35 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.12.18 02:18:35 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.12.18 02:18:33 | 001,446,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.12.18 02:18:33 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.12.18 02:18:33 | 000,612,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.12.18 02:18:33 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.12.18 02:18:33 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.12.18 02:18:31 | 000,861,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.12.18 02:18:29 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.12.18 02:18:29 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.12.18 02:18:28 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.12.18 02:18:27 | 014,627,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.12.18 02:18:27 | 012,625,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.12.18 02:18:27 | 011,406,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.12.18 02:18:27 | 001,736,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.12.18 02:18:27 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.12.18 02:18:27 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.12.18 02:18:27 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.12.18 02:18:27 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.12.18 02:18:27 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.12.18 02:18:27 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.12.18 02:18:27 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.12.18 02:18:27 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.12.18 02:18:27 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.12.18 02:18:27 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.12.18 02:18:27 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.12.18 02:18:22 | 001,975,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.12.18 02:18:22 | 001,320,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.12.18 02:18:19 | 001,024,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.12.18 02:18:19 | 000,738,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.12.18 02:18:19 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.12.18 02:18:19 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.12.18 02:18:19 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.12.18 02:18:19 | 000,132,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.12.18 02:18:19 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.12.18 02:18:19 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.12.18 02:18:17 | 000,687,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2010.12.18 02:18:17 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2010.12.18 02:18:17 | 000,488,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll [2010.12.18 02:18:17 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2010.12.18 02:18:17 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2010.12.18 02:18:17 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2010.12.18 02:18:17 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\isoburn.exe [2010.12.18 02:18:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe [2010.12.18 02:18:17 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2010.12.18 02:18:16 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2010.12.18 02:18:16 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll [2010.12.18 02:18:16 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2010.12.18 02:18:16 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll [2010.12.18 02:18:16 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.12.18 02:18:16 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2010.12.18 02:10:24 | 000,003,788 | ---- | M] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_1749.mrk [2010.12.18 02:10:24 | 000,003,788 | ---- | M] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_1749.mrk [2010.12.18 00:37:56 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2010.12.18 00:37:56 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2010.12.18 00:37:56 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2010.12.18 00:37:56 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2010.12.18 00:37:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.12.18 00:37:43 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.12.18 00:37:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.12.18 00:37:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.12.17 17:32:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.12.17 17:31:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf ========== Files Created - No Company Name ========== [2011.01.05 18:49:20 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.02 18:50:10 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2011.01.01 15:35:05 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job [2010.12.29 13:15:33 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2010.12.29 13:15:32 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2010.12.29 12:33:30 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2010.12.28 16:00:12 | 000,001,782 | ---- | C] () -- C:\Users\Tom\Desktop\Counter-Strike Source.lnk [2010.12.28 15:53:41 | 000,000,694 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.27 21:06:30 | 000,001,980 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010.12.18 02:21:24 | 000,028,965 | RH-- | C] () -- C:\dell.sdr [2010.12.18 02:10:24 | 000,003,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\1028_Dell_STU_1749.mrk [2010.12.18 02:10:23 | 000,003,788 | ---- | C] () -- C:\Windows\SysNative\drivers\1028_Dell_STU_1749.mrk [2010.12.18 00:50:45 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.bmp [2010.12.18 00:50:45 | 000,024,995 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.jpg [2010.12.18 00:38:36 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll [2010.12.18 00:38:36 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat [2010.12.18 00:38:35 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\bcmwlrmt.dll [2010.12.18 00:38:35 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat [2010.12.17 17:32:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.17 17:31:54 | 000,898,624 | ---- | C] () -- C:\Windows\SysNative\oem4.inf [2010.12.17 17:31:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2010.12.17 17:28:49 | 3111,555,072 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.12.29 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PCDr [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job [2011.01.02 00:00:16 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009.07.14 06:08:49 | 000,005,166 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.05 21:28:00 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > |
|
06.01.2011, 12:50
| #14 |
| /// Malware-holic | MSN Facebook-Link Virus er wollte nicht so wie wir! start programme zubehör editor, kopiere rein: Killall:: Rootkit:: C:\Users\Public\nvsvc32.exe Datei speichern unter, ort, dort wo sich combofix.exe befindet, dateityp alle dateien. name: cfscript.txt ziehe cfscript auf combofix, programm startet, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2011, 17:33
| #15 |
| | MSN Facebook-Link Virus Combofix Logfile: Code:
ATTFilter ComboFix 11-01-05.06 - Tom 06.01.2011 17:15:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3957.2809 [GMT 1:00]
ausgeführt von:: c:\users\Tom_2\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tom_2\Downloads\cfscript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\PCDr\5744\Downloads\5a6257cc-a15e-41eb-b891-52f7e087b40f.dll
c:\programdata\PCDr\5744\Downloads\c229b02b-4e01-43e4-9587-37961f6873bc.dll
c:\programdata\PCDr\5744\Downloads\d242df42-c817-4c92-8e27-a770772ec980.dll
c:\programdata\PCDr\5744\Downloads\ef253e79-80d5-4656-b429-008ec2e1d22e.dll
c:\users\Public\nvsvc32.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-06 bis 2011-01-06 ))))))))))))))))))))))))))))))
.
2011-01-06 16:18 . 2011-01-06 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-06 08:02 . 2011-01-06 08:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-05 17:49 . 2011-01-05 17:49 -------- d-----w- c:\program files\CCleaner
2011-01-04 17:28 . 2011-01-04 17:36 -------- d-----w- C:\_OTL
2011-01-02 21:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-02 21:22 . 2011-01-02 21:22 -------- d-----w- c:\programdata\Malwarebytes
2011-01-02 21:22 . 2011-01-02 21:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-02 18:53 . 2011-01-06 08:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-29 12:15 . 2010-12-29 12:15 -------- d-----w- c:\program files\Dell Support Center
2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\program files (x86)\Common Files\Steam
2010-12-29 11:37 . 2010-11-04 06:31 1013248 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2010-12-28 23:32 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-28 23:32 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-28 23:32 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-28 23:32 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-28 23:32 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-28 23:28 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-28 23:28 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-28 23:27 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-28 23:27 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-28 23:27 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-28 23:27 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-28 23:27 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-28 23:27 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-28 23:22 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-28 23:22 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-28 23:22 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-28 23:17 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-28 20:58 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-28 20:58 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-28 20:58 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-28 14:53 . 2011-01-05 22:00 -------- d-----w- c:\program files (x86)\Steam
2010-12-27 23:05 . 2010-12-27 23:14 -------- d-----w- c:\programdata\Creative
2010-12-27 20:41 . 2010-12-27 20:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-12-27 20:40 . 2010-12-29 11:38 -------- d-----w- c:\programdata\Microsoft Help
2010-12-27 20:40 . 2011-01-05 17:42 -------- d-----r- C:\MSOCache
2010-12-27 20:07 . 2010-12-27 20:07 -------- d-sh--w- C:\System Recovery
2010-12-18 01:20 . 2010-12-18 01:20 -------- d-----w- c:\program files\Synaptics
2010-12-18 01:13 . 2010-12-17 23:52 -------- d-----w- C:\apps
2010-12-18 01:08 . 2010-12-27 19:56 -------- d-----w- c:\windows\Panther
2010-12-18 01:08 . 2010-11-27 19:54 -------- d-----w- C:\Drivers
2010-12-18 01:01 . 2010-12-27 22:22 -------- d-----w- C:\dell
2010-12-18 00:06 . 2010-12-18 00:06 -------- d-----w- c:\programdata\ATI
2010-12-18 00:06 . 2010-12-18 00:06 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2010-12-17 23:59 . 2010-12-17 23:59 -------- dc-h--w- c:\programdata\{04A07C23-5821-4F25-BF46-1188636AE238}
2010-12-17 23:59 . 2011-01-02 12:25 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-17 23:59 . 2010-12-18 00:01 -------- d-----w- c:\program files (x86)\Dell
2010-12-17 23:58 . 2010-12-17 23:58 -------- d-----w- c:\windows\de
2010-12-17 23:58 . 2010-12-17 23:58 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-17 23:57 . 2010-12-29 11:43 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-17 23:57 . 2010-12-17 23:57 -------- d-----w- c:\windows\PCHEALTH
2010-12-17 23:56 . 2010-12-27 22:15 -------- d-----w- c:\program files\Windows Live
2010-12-17 23:56 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-17 23:56 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-17 23:56 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-17 23:56 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-17 23:55 . 2011-01-03 15:57 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-17 23:55 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2010-12-17 23:55 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2010-12-17 23:54 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-12-17 23:54 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2010-12-17 23:54 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2010-12-17 23:52 . 2010-12-17 23:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-17 23:50 . 2010-12-17 23:50 -------- d-----w- c:\program files (x86)\Creative
2010-12-17 23:50 . 2010-12-17 23:50 -------- d-----w- c:\program files (x86)\Dell Webcam
2010-12-17 23:49 . 2010-12-17 23:49 -------- d-----w- c:\program files (x86)\Creative Live! Cam
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----r- c:\program files (x86)\Skype
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-17 23:45 . 2010-12-17 23:45 -------- d-----w- c:\programdata\Skype
2010-12-17 23:45 . 2010-12-29 12:16 -------- d-----w- c:\programdata\PCDr
2010-12-17 23:44 . 2010-12-27 20:34 -------- d-----w- C:\Temp
2010-12-17 23:43 . 2011-01-06 16:14 -------- d-----w- c:\program files (x86)\Dell DataSafe Local Backup
2010-12-17 23:42 . 2010-12-17 23:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-17 23:42 . 2010-12-17 23:42 -------- d-----w- c:\program files\Intel
2010-12-17 23:41 . 2010-12-17 23:42 -------- d-----w- c:\program files (x86)\Intel
2010-12-17 23:41 . 2010-12-17 23:41 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2010-12-17 23:41 . 2010-12-17 23:41 -------- d-----w- C:\Intel
2010-12-17 23:40 . 2010-12-17 23:49 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-12-17 23:40 . 2010-12-17 23:41 -------- d-----w- c:\program files (x86)\ATI Technologies
2010-12-17 23:40 . 2010-12-29 12:14 -------- d-----w- c:\programdata\Dell
2010-12-17 23:40 . 2010-12-17 23:40 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2010-12-17 23:39 . 2010-12-17 23:40 -------- d-----w- c:\program files (x86)\Cisco
2010-12-17 23:38 . 2009-07-17 15:06 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2010-12-17 23:38 . 2009-07-17 15:06 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2010-12-17 23:38 . 2010-12-17 23:59 -------- d-----w- c:\program files\Dell
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files\Java
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-17 23:37 . 2010-12-17 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files (x86)\Java
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\windows\SysWow64\Macromed
2010-12-17 23:37 . 2010-12-17 23:37 -------- d-----w- c:\program files\Dell Inc
2010-12-17 23:37 . 2011-01-02 17:52 -------- d-sh--w- c:\windows\Installer
2010-12-17 16:32 . 2010-12-17 16:32 0 ----a-w- c:\windows\ativpsrm.bin
2010-12-17 16:30 . 2010-12-17 16:30 -------- d-----w- c:\program files\IDT
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 01:18 . 2010-12-18 01:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-12-28 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1484856]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
"STToasterLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe" [2010-08-12 120032]
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
c:\users\Tom_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-18 23912]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
2011-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
2011-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
2011-01-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-11-03 3168336]
"MRT"="c:\windows\system32\MRT.exe" [2010-12-08 39298504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2009-07-14 296960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-06 17:27:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-06 16:27
ComboFix2.txt 2011-01-04 20:34
ComboFix3.txt 2011-01-04 20:15
Vor Suchlauf: 12 Verzeichnis(se), 265.985.527.808 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 265.627.254.784 Bytes frei
- - End Of File - - 0F36BEF1321CDE5A923D61E9B37469B0
|
|
| Themen zu MSN Facebook-Link Virus |
| .dll, 4d36e972-e325-11ce-bfc1-08002be10318, adobe, analysis, autorun, bho, c:\windows\system32\rundll32.exe, desktop, document, error, exe, explorer, format, helper, home, home premium, installation, link angeklickt, location, logfile, media center, monitor, nvidia, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, realtek, registry, rundll, scan, senden, software, start menu, syswow64, vcredist, virus, webcheck, windows, wlan, wrapper |
Linear-Darstellung
