Hallo zusammen,
seit gestern habe ich nach kurzer Zeit diese Benachrichigung Aus Sicherheitsgründen wurde ihr Windows-System blockiert. Bitte überweisen Sie.... im Bildschirm und kann nichts mehr machen.
Was kann ich tun? Ich habe Windows Vista. Ich arbeite gerade an einem zweiten Rechner und die Log-Files dauern noh etwas - JETZT SIND ALLE SCANS KOMPLETT. Bitte helft mir !
Viele Grüße
Nadine
hier die Logfiles: 1. OTL
Code:OTL logfile created on: 22.01.2012 21:14:56 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,13% Memory free 3,74 Gb Paging File | 2,79 Gb Available in Paging File | 74,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,37 Gb Total Space | 34,87 Gb Free Space | 46,88% Space Free | Partition Type: NTFS Drive D: | 7,47 Gb Total Space | 5,97 Gb Free Space | 79,94% Space Free | Partition Type: FAT32 Drive E: | 73,21 Gb Total Space | 68,17 Gb Free Space | 93,12% Space Free | Partition Type: NTFS Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.22 20:31:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2010.09.07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.06.26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Programme\Freecorder\FLVSrvc.exe PRC - [2009.10.29 17:06:44 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.10.27 11:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe PRC - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe PRC - [2009.04.20 16:20:40 | 002,327,552 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.04.24 12:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2008.04.24 09:22:10 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe PRC - [2008.04.24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe PRC - [2008.04.16 23:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.04.08 14:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.19 13:35:42 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2008.01.25 13:33:50 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.17 16:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.03 08:08:52 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll MOD - [2012.01.03 08:07:10 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll MOD - [2012.01.03 08:06:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2011.10.15 02:44:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.15 02:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011.10.15 02:41:53 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll MOD - [2011.10.15 02:41:39 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll MOD - [2011.10.15 02:41:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.15 02:40:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.15 02:39:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.15 02:39:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.15 02:39:05 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll MOD - [2011.10.15 02:38:23 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MOD - [2011.10.15 02:38:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll MOD - [2011.10.15 02:37:57 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.15 02:37:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2010.09.01 07:39:28 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.03.03 15:33:12 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.27 12:35:02 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.05.27 12:35:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.05.27 12:35:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.05.27 12:35:00 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.05.27 12:34:45 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:45 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.05.27 12:34:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:44 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.05.27 12:34:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3034.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.05.27 12:34:43 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.05.27 12:34:43 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.05.27 12:34:43 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.05.27 12:34:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.05.27 12:34:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.05.27 12:34:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.05.27 12:34:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.05.27 12:34:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.05.27 12:34:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.05.27 12:34:42 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.05.27 12:34:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.05.27 12:34:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.05.27 12:34:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.05.27 12:34:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.05.27 12:34:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.05.27 12:34:36 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.05.27 12:34:36 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.05.27 12:34:36 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.05.27 12:34:36 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.05.27 12:34:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.05.27 12:34:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.05.27 12:34:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.05.27 12:34:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.05.27 12:34:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.05.27 12:34:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.05.27 12:34:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.05.27 12:34:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll MOD - [2008.05.27 12:34:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll MOD - [2008.05.27 12:34:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.05.27 12:34:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.05.27 12:34:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.04.22 21:05:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.06 10:14:54 | 005,121,912 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2007.12.25 12:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2007.12.14 21:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Win32 Services (SafeList) ========== SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.10.27 11:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService) SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.11.04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.04.24 09:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService) SRV - [2008.04.16 23:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.10 23:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010.09.07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009.10.27 10:53:40 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2009.04.09 12:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 12:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 12:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 12:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 12:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 12:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.11.04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.10.31 16:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2008.04.22 23:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.04.15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.10 20:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32) DRV - [2008.02.27 18:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2007.12.26 09:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV - [2007.04.23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.10.30 10:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.09.28 04:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Nadine\Program Files\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nadine\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 12:38:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.22 12:38:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Nadine\Program Files\DNA [2012.01.22 20:44:11 | 000,000,000 | ---D | M] [2010.09.10 17:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2012.01.22 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\avt343ee.default\extensions [2011.03.29 18:36:30 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\avt343ee.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011.03.29 18:36:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\avt343ee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.29 18:36:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\avt343ee.default\extensions\engine@conduit.com [2010.08.19 20:29:56 | 000,000,923 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\avt343ee.default\searchplugins\conduit.xml [2012.01.17 19:36:43 | 000,001,056 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\avt343ee.default\searchplugins\icqplugin.xml [2012.01.22 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 11:39:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.08.27 08:24:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.01.28 17:03:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2010.03.29 09:53:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.18 11:39:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.08.27 08:24:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.01.22 20:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\NADINE\PROGRAM FILES\DNA [2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.20 20:25:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.20 20:25:49 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.20 20:25:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.20 20:25:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.20 20:25:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.12.27 17:13:53 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found O4 - HKCU..\Run: [packet] "C:\Users\Nadine\AppData\Roaming\packet.exe" -autorun File not found O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found O4 - HKCU..\Run: [userdgmixer] "C:\Users\Nadine\AppData\Roaming\userdgmixer.exe" -autorun File not found O4 - HKCU..\Run: [userimvideo] C:\Users\Nadine\AppData\Roaming\userimvideo.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nadine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14926DA4-3E8C-4603-A35B-17116FDC49D8}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCBDFDBA-7E34-474A-9329-E1A106BFADE2}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{53c0d0a7-1aa0-11de-abee-822ffbb8d209}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe O33 - MountPoints2\{78978162-2a7b-11e1-b844-00225f2aaeab}\Shell - "" = AutoRun O33 - MountPoints2\{78978162-2a7b-11e1-b844-00225f2aaeab}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{a985fd51-6112-11df-ab33-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{a985fd51-6112-11df-ab33-00a0c6000000}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.22 21:07:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Steuer [2012.01.22 21:03:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Freecorder 4 [2012.01.22 20:50:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2012.01.22 20:33:50 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2012.01.22 20:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.22 20:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.22 20:33:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.22 20:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.11 16:51:12 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 16:51:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 16:51:07 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 16:50:13 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 16:50:13 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.22 21:19:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:19:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.22 21:11:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.22 21:11:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.22 21:11:14 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys [2012.01.22 20:51:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.22 20:43:12 | 000,674,924 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.22 20:43:12 | 000,610,078 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.22 20:43:12 | 000,141,256 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.22 20:43:12 | 000,117,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.22 20:41:30 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AABF7F1F-B48D-4C7E-972E-34166314B1A8}.job [2012.01.22 20:33:38 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.22 20:31:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2012.01.03 18:23:46 | 000,071,168 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Nadine\*.tmp files -> C:\Users\Nadine\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.22 20:33:38 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.01.22 20:22:49 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys [2011.01.13 17:37:43 | 000,000,016 | -H-- | C] () -- C:\Users\Nadine\AppData\Roaming\mxfilerelatedcache.mxc2 [2011.01.13 17:37:43 | 000,000,016 | -H-- | C] () -- C:\Users\Nadine\AppData\Local\mxfilerelatedcache.mxc2 [2010.08.07 17:24:44 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.07.24 16:48:31 | 000,000,245 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2010.05.23 20:20:12 | 000,006,944 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.12.20 18:46:35 | 000,000,394 | ---- | C] () -- C:\Windows\wiso.ini [2009.09.24 09:37:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 09:37:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.16 13:13:32 | 000,004,096 | -H-- | C] () -- C:\Users\Nadine\AppData\Local\keyfile3.drm [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.02.09 12:43:13 | 000,071,168 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.28 20:44:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.28 17:59:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.28 16:42:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.28 10:40:52 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2009.01.28 10:38:45 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.01.28 10:38:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.01.28 10:38:45 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.01.28 10:38:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.05.27 13:09:19 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.05.27 12:56:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.05.27 12:56:28 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.05.27 12:56:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.05.27 12:56:28 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.05.27 12:56:28 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.05.27 12:56:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.05.27 12:48:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.05.27 12:38:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.05.27 12:15:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.05.27 12:14:10 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.05.27 12:14:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.27 12:14:09 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.05.27 12:14:09 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.01.21 08:15:58 | 000,674,924 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,141,256 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.01.21 03:24:54 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\userimvideo.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,370,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,610,078 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,117,576 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.24 10:11:20 | 000,139,264 | R--- | C] () -- C:\Windows\System32\RmCard.dll [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2012.01.22 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Amazon [2009.01.29 21:10:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Auslogics [2009.12.20 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Buhl Data Service [2012.01.22 21:13:28 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Dropbox [2010.11.13 21:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\elsterformular [2011.04.10 21:07:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\ICQ [2009.12.27 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Juniper Networks [2010.09.24 19:50:19 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Queryh [2010.09.25 14:26:19 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Rexu [2010.05.16 18:51:06 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Vodafone [2011.12.22 11:03:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\XSManager [2012.01.22 21:10:06 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.22 20:41:30 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AABF7F1F-B48D-4C7E-972E-34166314B1A8}.job ========== Purity Check ========== < End of report >
2.Extras:
3. Rootkit:Code:OTL Extras logfile created on: 22.01.2012 21:14:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,13% Memory free 3,74 Gb Paging File | 2,79 Gb Available in Paging File | 74,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,37 Gb Total Space | 34,87 Gb Free Space | 46,88% Space Free | Partition Type: NTFS Drive D: | 7,47 Gb Total Space | 5,97 Gb Free Space | 79,94% Space Free | Partition Type: FAT32 Drive E: | 73,21 Gb Total Space | 68,17 Gb Free Space | 93,12% Space Free | Partition Type: NTFS Computer Name: NADINE-PC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .wsf [@ = WSFFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{142201CA-2CA7-49A7-A3D1-8226CCDC22EB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{424B432A-BCB0-49AA-B880-F028A0728BA4}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{531E5F66-90F2-4F8D-BE41-16DD58D502C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{71DCBF8A-C711-424C-BA06-607453E31AEB}" = protocol=6 | dir=in | app=c:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe | "{732ACAB2-B28A-454A-A52A-17186E56F189}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{B1223C67-A751-4891-AC0B-331D480AC9EC}" = protocol=17 | dir=in | app=c:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe | "{B37D9A9E-F392-424A-A3D2-5518D212DD41}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{E66D7FFF-A84B-49DC-8516-8771FF52AC4B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{165561D3-DC7C-4F44-BE7E-9C33136EEFBD}C:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{6849F05F-4383-49CC-BDD7-57CA7F9CBBAA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{6DB6216F-C34D-4EB4-B0A2-54BC83B1F3CE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{7BCB2ECF-7A49-4683-8C15-454D9D205B93}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{9BCFF70A-268C-4473-AC9A-822DCEE82502}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{A4E10287-E1E5-4623-A70D-772E92822AD8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AB6CBC14-7660-4501-AC5C-4FBA97F9EB41}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{AE89ABEB-D7ED-4B28-9358-2837F13895E3}C:\users\nadine\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe | "TCP Query User{D64DF99C-FA5C-4F69-9F88-6AF988B4DB87}C:\users\nadine\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe | "TCP Query User{E9736B94-34D9-49C4-8002-AEAAF7BB150D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{FFFEF9AD-B568-4BFF-B9E7-0C28DC4A0015}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{112F07B4-0074-42DB-9942-EE9210307686}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{2BD561E1-87E4-4355-9827-9351AC42DD57}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6E723F23-C653-41DE-A476-F5938A70BCF7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7AFDD2DE-9C7B-4BE9-BCCC-AEAC007BA43B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{7CBC8A04-10B0-4B02-B650-69D6C55E172C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{D252BDF8-5D36-4438-8EFF-4221078B8342}C:\users\nadine\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe | "UDP Query User{D881C6CB-351B-4E47-9744-22E7C6BE4F79}C:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nadine\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{DB1B9A91-F5F3-418F-B72D-16446DAEE3CF}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{DC4765E1-0182-4573-B586-7AE4257472AC}C:\users\nadine\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nadine\program files\dna\btdna.exe | "UDP Query User{DECF4F03-EFB3-4858-9E6A-FDEA8E11B980}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{F5BC4B6C-7CA9-4857-BED9-813916E6BF41}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009 "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree "{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher "{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26 "{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek "{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian "{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional "{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English "{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light "{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard "{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish "{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding "{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese "{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish "{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional "{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish "{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish "{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German "{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish "{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian "{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch "{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New "{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian "{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish "{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.25 "{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese "{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean "{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish "{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French "{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "7-Zip" = 7-Zip 4.64 "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast5" = avast! Free Antivirus "CCleaner" = CCleaner (remove only) "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "ElsterFormular 11.5.1.4843" = ElsterFormular "Freecorder4.02B" = Freecorder 4.02B Application "Google Desktop" = Google Desktop "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "myphotobook" = myphotobook 3.5 "Picasa 3" = Picasa 3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 0.9.8a "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "XSManager" = XSManager "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Juniper_Setup_Client" = Juniper Networks Setup Client "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.01.2012 15:36:58 | Computer Name = Nadine-PC | Source = LoadPerf | ID = 3011 Description = Error - 22.01.2012 15:43:09 | Computer Name = Nadine-PC | Source = LoadPerf | ID = 3012 Description = Error - 22.01.2012 15:43:09 | Computer Name = Nadine-PC | Source = LoadPerf | ID = 3012 Description = Error - 22.01.2012 15:43:09 | Computer Name = Nadine-PC | Source = LoadPerf | ID = 3011 Description = Error - 22.01.2012 15:51:06 | Computer Name = Nadine-PC | Source = VSS | ID = 8194 Description = Error - 22.01.2012 15:52:30 | Computer Name = Nadine-PC | Source = VSS | ID = 8194 Description = Error - 22.01.2012 16:11:41 | Computer Name = Nadine-PC | Source = WinDefendRtp | ID = 3003 Description = Vom %%827-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden. Benutzer: Nadine-PC\Nadine Prüfpunkt-ID: 57 Fehlercode: 0x80070005 Fehlerbeschreibung: Zugriff verweigert Error - 22.01.2012 16:11:44 | Computer Name = Nadine-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 22.01.2012 16:12:34 | Computer Name = Nadine-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 22.01.2012 16:12:53 | Computer Name = Nadine-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 28.01.2009 11:24:01 | Computer Name = Nadine-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 28.01.2009 11:24:01 | Computer Name = Nadine-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 28.01.2009 11:24:01 | Computer Name = Nadine-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 28.01.2009 11:24:01 | Computer Name = Nadine-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 28.01.2009 11:24:01 | Computer Name = Nadine-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 28.01.2009 12:16:53 | Computer Name = Nadine-PC | Source = HTTP | ID = 15016 Description = Error - 28.01.2009 18:04:44 | Computer Name = Nadine-PC | Source = HTTP | ID = 15016 Description = Error - 29.01.2009 04:33:29 | Computer Name = Nadine-PC | Source = HTTP | ID = 15016 Description = Error - 29.01.2009 12:32:13 | Computer Name = Nadine-PC | Source = HTTP | ID = 15016 Description = Error - 29.01.2009 14:11:56 | Computer Name = Nadine-PC | Source = HTTP | ID = 15016 Description = < End of report >
Code:GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-22 22:26:34 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1652GSX rev.LV010M Running: f8uddvrf.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\pxliqpod.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D1BEBAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D1BE9D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8D1BEB0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwLoadDriver 82BA6DEE 7 Bytes JMP 8D1BEB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C1262F 5 Bytes JMP 8D1BA5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82C6B543 5 Bytes JMP 8D1BBFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 82C6CDE5 7 Bytes JMP 8D1BE9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CCCDCA 7 Bytes JMP 8D1BEBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\drivers\agkn.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8835A000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x883A3000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8BE09000, 0x1FB52A, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 761FA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
4. hjtscanlist.txt:
Code:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ∫ ∫ hjtscanlist v2.0 ∫ ∫ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.0.6002] C: C:\hiberfil.sys --------- C:\pagefile.sys --------- 22.01.2012 21:11 C:\Program Files --------- 24576 22.01.2012 20:52 C:\System Volume Information --------- 24576 22.01.2012 20:33 C:\ProgramData --------- 8192 22.01.2012 20:33 C:\Windows --------- 28672 09.08.2010 21:28 C:\IO.SYS --------- 0 09.08.2010 21:28 C:\MSDOS.SYS --------- 0 18.04.2010 15:07 C:\Boot --------- 4096 11.04.2009 07:36 C:\bootmgr --------- 333257 28.01.2009 10:42 C:\Toshiba --------- 4096 28.01.2009 10:41 C:\$RECYCLE.BIN --------- 0 28.01.2009 10:25 C:\Users --------- 4096 28.01.2009 10:20 C:\Programme --------- 0 28.01.2009 10:20 C:\Dokumente und Einstellungen --------- 0 27.08.2008 11:14 C:\SWSTAMP.TXT --------- 176 02.06.2008 14:52 C:\_wdsuef.dmp --------- 26252 27.05.2008 12:36 C:\RHDSetup.log --------- 650 27.05.2008 12:01 C:\BOOTSECT.BAK --------- 8192 21.01.2008 03:32 C:\PerfLogs --------- 0 02.11.2006 14:02 C:\Documents and Settings --------- 0 18.09.2006 22:43 C:\config.sys --------- 10 18.09.2006 22:43 C:\autoexec.bat --------- 24 ---------------------------------------- C:\Windows 22.01.2012 21:18 C:\Windows\WindowsUpdate.log --------- 31181 22.01.2012 21:11 C:\Windows\bootstat.dat --------- 67584 22.01.2012 21:11 C:\Windows\PFRO.log --------- 4762 22.01.2012 20:33 C:\Windows\setupact.log --------- 715 22.01.2012 20:33 C:\Windows\setuperr.log --------- 0 22.01.2012 15:23 C:\Windows\ntbtlog.txt --------- 176078 05.10.2010 14:35 C:\Windows\ODBC.INI --------- 400 05.10.2010 14:34 C:\Windows\win.ini --------- 240 07.09.2010 16:12 C:\Windows\avastSS.scr --------- 38848 01.01.2010 16:26 C:\Windows\DUMP401b.tmp --------- 108231028 20.12.2009 21:26 C:\Windows\wiso.ini --------- 394 29.10.2009 17:06 C:\Windows\starter4g.exe --------- 157456 29.10.2009 17:06 C:\Windows\service4g.exe --------- 125200 11.04.2009 07:27 C:\Windows\explorer.exe --------- 2926592 03.06.2008 05:27 C:\Windows\csup.txt --------- 10 27.05.2008 13:10 C:\Windows\mgxoschk.ini --------- 6642 27.05.2008 12:48 C:\Windows\NDSTray.INI --------- 0 27.05.2008 12:38 C:\Windows\ativpsrm.bin --------- 0 27.05.2008 12:35 C:\Windows\DIFxAPI.dll --------- 319456 27.05.2008 12:35 C:\Windows\HideWin.exe --------- 315392 08.04.2008 14:14 C:\Windows\RtHDVCpl.exe --------- 6037504 02.04.2008 08:27 C:\Windows\RtlUpd.exe --------- 1196032 05.03.2008 17:07 C:\Windows\RtlExUpd.dll --------- 520192 21.01.2008 08:48 C:\Windows\atiogl.xml --------- 12477 21.01.2008 03:43 C:\Windows\WindowsShell.Manifest --------- 749 21.01.2008 03:24 C:\Windows\regedit.exe --------- 134656 21.01.2008 03:24 C:\Windows\bfsvc.exe --------- 58880 21.01.2008 03:24 C:\Windows\fveupdate.exe --------- 13312 21.01.2008 03:24 C:\Windows\HelpPane.exe --------- 498176 21.01.2008 03:23 C:\Windows\notepad.exe --------- 151040 16.01.2008 11:13 C:\Windows\Thumbs.db --------- 4096 20.11.2007 17:15 C:\Windows\SkyTel.exe --------- 1826816 14.11.2007 14:18 C:\Windows\USetup.iss --------- 553 07.11.2007 16:31 C:\Windows\RtkUpd.exe --------- 1191936 03.11.2006 13:30 C:\Windows\oemlogo.bmp --------- 43254 02.11.2006 13:35 C:\Windows\WMSysPr9.prx --------- 316640 02.11.2006 13:34 C:\Windows\twunk_16.exe --------- 49680 02.11.2006 13:34 C:\Windows\twunk_32.exe --------- 31232 02.11.2006 13:34 C:\Windows\twain_32.dll --------- 50688 02.11.2006 13:34 C:\Windows\twain.dll --------- 94784 02.11.2006 10:45 C:\Windows\winhlp32.exe --------- 9216 02.11.2006 10:45 C:\Windows\hh.exe --------- 14848 02.11.2006 08:46 C:\Windows\mib.bin --------- 43131 27.10.2006 23:34 C:\Windows\ConfigFree.scr --------- 862397 19.09.2006 12:41 C:\Windows\HomePremium.xml --------- 8328 18.09.2006 22:46 C:\Windows\system.ini --------- 219 18.09.2006 22:43 C:\Windows\_default.pif --------- 707 18.09.2006 22:43 C:\Windows\winhelp.exe --------- 256192 18.09.2006 22:30 C:\Windows\msdfmap.ini --------- 1405 01.08.1995 03:44 C:\Windows\PCDLIB32.DLL --------- 212480 ---------------------------------------- C:\Windows\System 02.04.2008 14:00 C:\Windows\System\DriveIcon.dll --------- 6428192 26.12.2007 09:20 C:\Windows\System\rtl8187B.sys --------- 290304 27.09.2007 14:32 C:\Windows\System\ms.ico --------- 34530 27.09.2007 14:17 C:\Windows\System\sm.ico --------- 37041 27.09.2007 14:12 C:\Windows\System\sd.ico --------- 38660 27.09.2007 14:04 C:\Windows\System\cf.ico --------- 37300 02.11.2006 13:34 C:\Windows\System\mciseq.drv --------- 25264 02.11.2006 13:34 C:\Windows\System\mciwave.drv --------- 28160 02.11.2006 13:34 C:\Windows\System\avifile.dll --------- 109456 02.11.2006 13:34 C:\Windows\System\avicap.dll --------- 69584 02.11.2006 13:34 C:\Windows\System\mciavi.drv --------- 73376 02.11.2006 13:34 C:\Windows\System\msvideo.dll --------- 126912 02.11.2006 08:10 C:\Windows\System\OLESVR.DLL --------- 24064 02.11.2006 08:10 C:\Windows\System\WFWNET.DRV --------- 12704 02.11.2006 08:10 C:\Windows\System\COMMDLG.DLL --------- 32816 02.11.2006 08:10 C:\Windows\System\TIMER.DRV --------- 4048 02.11.2006 08:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992 02.11.2006 08:10 C:\Windows\System\mmtask.tsk --------- 1152 02.11.2006 08:10 C:\Windows\System\mouse.drv --------- 2032 02.11.2006 08:10 C:\Windows\System\vga.drv --------- 2176 02.11.2006 08:10 C:\Windows\System\sound.drv --------- 1744 02.11.2006 08:10 C:\Windows\System\keyboard.drv --------- 2000 02.11.2006 08:10 C:\Windows\System\SHELL.DLL --------- 5120 02.11.2006 08:10 C:\Windows\System\system.drv --------- 3360 18.09.2006 22:43 C:\Windows\System\ver.dll --------- 9008 18.09.2006 22:43 C:\Windows\System\olecli.dll --------- 82944 18.09.2006 22:43 C:\Windows\System\lzexpand.dll --------- 9936 18.09.2006 22:35 C:\Windows\System\stdole.tlb --------- 5532 30.06.2004 15:24 C:\Windows\System\MyMulti.ico --------- 5430 ---------------------------------------- C:\Windows\System32 22.01.2012 22:29 C:\Windows\system32\hjtscanlist.txt --------- 7162 22.01.2012 21:19 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616 22.01.2012 21:19 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616 22.01.2012 21:11 C:\Windows\system32\drivers --------- 65536 22.01.2012 20:49 C:\Windows\system32\MAGIX --------- 4096 22.01.2012 20:43 C:\Windows\system32\perfc009.dat --------- 117576 22.01.2012 20:43 C:\Windows\system32\perfh009.dat --------- 610078 22.01.2012 20:43 C:\Windows\system32\perfc007.dat --------- 141256 22.01.2012 20:43 C:\Windows\system32\perfh007.dat --------- 674924 22.01.2012 20:43 C:\Windows\system32\PerfStringBackup.INI --------- 5548 21.01.2012 10:49 C:\Windows\system32\catroot2 --------- 4096 12.01.2012 03:25 C:\Windows\system32\catroot --------- 4096 12.01.2012 03:01 C:\Windows\system32\mrt.exe --------- 52128560 15.12.2011 03:25 C:\Windows\system32\FNTCACHE.DAT --------- 370256 15.12.2011 03:21 C:\Windows\system32\de-DE --------- 262144 15.12.2011 03:21 C:\Windows\system32\migration --------- 4096 25.11.2011 16:59 C:\Windows\system32\winsrv.dll --------- 376320 23.11.2011 14:37 C:\Windows\system32\win32k.sys --------- 2043904 18.11.2011 21:23 C:\Windows\system32\ntdll.dll --------- 1205064 18.11.2011 18:47 C:\Windows\system32\packager.dll --------- 66560 15.11.2011 14:29 C:\Windows\system32\MpSigStub.exe --------- 222080 08.11.2011 15:42 C:\Windows\system32\tzres.dll --------- 2048 03.11.2011 07:22 C:\Windows\system32\wininet.dll --------- 916992 03.11.2011 07:21 C:\Windows\system32\urlmon.dll --------- 1212416 03.11.2011 07:21 C:\Windows\system32\url.dll --------- 105984 03.11.2011 07:20 C:\Windows\system32\occache.dll --------- 206848 03.11.2011 07:18 C:\Windows\system32\mstime.dll --------- 611840 03.11.2011 07:18 C:\Windows\system32\mshtmled.dll --------- 66560 03.11.2011 07:18 C:\Windows\system32\mshtml.dll --------- 5978112 03.11.2011 07:18 C:\Windows\system32\msfeeds.dll --------- 602112 03.11.2011 07:18 C:\Windows\system32\msfeedsbs.dll --------- 55296 03.11.2011 07:17 C:\Windows\system32\licmgr10.dll --------- 43520 03.11.2011 07:17 C:\Windows\system32\jsproxy.dll --------- 25600 03.11.2011 07:17 C:\Windows\system32\inetcpl.cpl --------- 1469440 03.11.2011 07:17 C:\Windows\system32\ieui.dll --------- 164352 03.11.2011 07:17 C:\Windows\system32\iesysprep.dll --------- 109056 03.11.2011 07:17 C:\Windows\system32\iertutil.dll --------- 2000384 03.11.2011 07:17 C:\Windows\system32\iesetup.dll --------- 71680 03.11.2011 07:17 C:\Windows\system32\iernonce.dll --------- 55808 03.11.2011 07:17 C:\Windows\system32\iepeers.dll --------- 184320 03.11.2011 07:17 C:\Windows\system32\ieframe.dll --------- 11081728 03.11.2011 07:17 C:\Windows\system32\iedkcs32.dll --------- 387584 03.11.2011 06:22 C:\Windows\system32\html.iec --------- 385024 03.11.2011 05:45 C:\Windows\system32\ieUnatt.exe --------- 133632 03.11.2011 05:45 C:\Windows\system32\ie4uinit.exe --------- 174080 03.11.2011 05:44 C:\Windows\system32\msfeedssync.exe --------- 13312 03.11.2011 05:43 C:\Windows\system32\mshtml.tlb --------- 1638912 27.10.2011 09:01 C:\Windows\system32\ntoskrnl.exe --------- 3550080 27.10.2011 09:01 C:\Windows\system32\ntkrnlpa.exe --------- 3602816 25.10.2011 16:58 C:\Windows\system32\quartz.dll --------- 1314816 25.10.2011 16:58 C:\Windows\system32\qdvd.dll --------- 497152 25.10.2011 16:56 C:\Windows\system32\csrsrv.dll --------- 49152 18.10.2011 07:18 C:\Windows\system32\jscript.dll --------- 726528 14.10.2011 17:03 C:\Windows\system32\winmm.dll --------- 189952 14.10.2011 17:02 C:\Windows\system32\EncDec.dll --------- 429056 14.10.2011 17:00 C:\Windows\system32\mciseq.dll --------- 23552 27.08.2011 08:24 C:\Windows\system32\jupdate-1.6.0_26-b03.log --------- 6498 25.08.2011 17:15 C:\Windows\system32\UIAutomationCore.dll --------- 555520 25.08.2011 17:14 C:\Windows\system32\oleaut32.dll --------- 563712 25.08.2011 17:14 C:\Windows\system32\oleacc.dll --------- 238080 25.08.2011 14:31 C:\Windows\system32\oleaccrc.dll --------- 4096 29.07.2011 17:01 C:\Windows\system32\psisdecd.dll --------- 293376 29.07.2011 17:01 C:\Windows\system32\psisrndr.ax --------- 217088 29.07.2011 17:00 C:\Windows\system32\MSDvbNP.ax --------- 57856 29.07.2011 17:00 C:\Windows\system32\Mpeg2Data.ax --------- 69632 15.06.2011 17:12 C:\Windows\system32\xmllite.dll --------- 182784 04.06.2011 22:56 C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640 04.05.2011 03:52 C:\Windows\system32\javaws.exe --------- 157472 04.05.2011 03:52 C:\Windows\system32\javaw.exe --------- 145184 04.05.2011 03:52 C:\Windows\system32\java.exe --------- 145184 04.05.2011 03:52 C:\Windows\system32\deployJava1.dll --------- 472808 02.05.2011 18:16 C:\Windows\system32\inetcomm.dll --------- 739328 29.04.2011 16:59 C:\Windows\system32\schannel.dll --------- 276992 12.04.2011 17:07 C:\Windows\system32\kernel32.dll --------- 892416 12.03.2011 22:55 C:\Windows\system32\XpsPrint.dll --------- 876032 10.03.2011 18:03 C:\Windows\system32\mfc42u.dll --------- 1162240 10.03.2011 18:03 C:\Windows\system32\mfc42.dll --------- 1136640 03.03.2011 16:40 C:\Windows\system32\Apphlpdm.dll --------- 28672 03.03.2011 14:35 C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 02.03.2011 16:44 C:\Windows\system32\dnsrslvr.dll --------- 86528 02.03.2011 16:44 C:\Windows\system32\dnsapi.dll --------- 168448 24.02.2011 03:03 C:\Windows\system32\WindowsPowerShell --------- 0 22.02.2011 15:13 C:\Windows\system32\XpsGdiConverter.dll --------- 288768 22.02.2011 14:33 C:\Windows\system32\DWrite.dll --------- 1068544 22.02.2011 14:33 C:\Windows\system32\FntCache.dll --------- 797696 17.02.2011 07:23 C:\Windows\system32\vbscript.dll --------- 420864 16.02.2011 17:16 C:\Windows\system32\atmlib.dll --------- 34304 16.02.2011 15:02 C:\Windows\system32\atmfd.dll --------- 292864 25.01.2011 19:46 C:\Windows\system32\WDI --------- 8192 21.01.2011 17:35 C:\Windows\system32\shlwapi.dll --------- 353280 21.01.2011 17:35 C:\Windows\system32\shell32.dll --------- 11586048 20.01.2011 17:08 C:\Windows\system32\dxgi.dll --------- 478720 20.01.2011 17:08 C:\Windows\system32\d3d10core.dll --------- 189952 20.01.2011 17:08 C:\Windows\system32\d3d10_1core.dll --------- 219648 20.01.2011 17:08 C:\Windows\system32\d3d10_1.dll --------- 160768 20.01.2011 17:08 C:\Windows\system32\d3d10.dll --------- 1029120 20.01.2011 17:07 C:\Windows\system32\cdd.dll --------- 37376 20.01.2011 17:07 C:\Windows\system32\winspool.drv --------- 258048 20.01.2011 17:07 C:\Windows\system32\stobject.dll --------- 586240 20.01.2011 17:07 C:\Windows\system32\shdocvw.dll --------- 1075712 ---------------------------------------- C:\Windows\Prefetch 22.01.2012 22:29 C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 23774 22.01.2012 22:28 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 18528 22.01.2012 22:28 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 21950 22.01.2012 22:28 C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 70494 22.01.2012 22:28 C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 436790 22.01.2012 22:28 C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 21196 22.01.2012 22:27 C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 10642 22.01.2012 22:27 C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf --------- 17544 22.01.2012 22:26 C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf --------- 18504 22.01.2012 22:26 C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 34218 22.01.2012 22:20 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3668809864-4256648373-3923830253-1000.db --------- 885185 22.01.2012 22:20 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3668809864-4256648373-3923830253-1000.db --------- 1446694 22.01.2012 22:12 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1147279 22.01.2012 22:12 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 580518 22.01.2012 22:12 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2928084 22.01.2012 22:12 C:\Windows\Prefetch\AgRobust.db --------- 308736 22.01.2012 21:51 C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf --------- 38230 22.01.2012 21:48 C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 20230 22.01.2012 21:34 C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 29234 22.01.2012 21:34 C:\Windows\Prefetch\CTFMON.EXE-9450846B.pf --------- 17204 22.01.2012 21:33 C:\Windows\Prefetch\F8UDDVRF.EXE-D1316D8F.pf --------- 21310 22.01.2012 21:32 C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 20082 22.01.2012 21:32 C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 35034 22.01.2012 21:32 C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf --------- 65022 22.01.2012 21:26 C:\Windows\Prefetch\RUNDLL32.EXE-41CD37D2.pf --------- 25382 22.01.2012 21:24 C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf --------- 18272 22.01.2012 21:24 C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf --------- 27882 22.01.2012 21:24 C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 92254 22.01.2012 21:17 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 41886 22.01.2012 21:17 C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 35764 22.01.2012 21:16 C:\Windows\Prefetch\JAVA.EXE-E27B75C2.pf --------- 130116 22.01.2012 21:16 C:\Windows\Prefetch\MBAMSERVICE.EXE-447DC311.pf --------- 48654 22.01.2012 21:16 C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf --------- 15978 22.01.2012 21:16 C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-573BF5B7.pf --------- 23458 22.01.2012 21:15 C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 13864 22.01.2012 21:15 C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 17770 22.01.2012 21:14 C:\Windows\Prefetch\OTL.EXE-5FBBB2F5.pf --------- 32138 22.01.2012 21:14 C:\Windows\Prefetch\AVAST.SETUP-3DA1C849.pf --------- 125462 22.01.2012 21:14 C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf --------- 29108 22.01.2012 21:14 C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf --------- 11088 22.01.2012 21:14 C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf --------- 21300 22.01.2012 21:14 C:\Windows\Prefetch\CFSWMGR.EXE-B6130199.pf --------- 39090 22.01.2012 21:14 C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 43686 22.01.2012 21:13 C:\Windows\Prefetch\STARTER4G.EXE-5DE902E2.pf --------- 13136 22.01.2012 21:13 C:\Windows\Prefetch\ReadyBoot --------- 4096 22.01.2012 21:13 C:\Windows\Prefetch\MMLOADDRV.EXE-5475B7CC.pf --------- 34954 22.01.2012 21:13 C:\Windows\Prefetch\CCC.EXE-AE792174.pf --------- 112392 22.01.2012 21:12 C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 33286 22.01.2012 21:12 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2133062 22.01.2012 21:10 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 22.01.2012 21:09 C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 43032 22.01.2012 21:08 C:\Windows\Prefetch\WINWORD.EXE-71DAFA5C.pf --------- 92926 22.01.2012 21:06 C:\Windows\Prefetch\WMAIN10.DLL-51D2B61E.pf --------- 130024 22.01.2012 21:06 C:\Windows\Prefetch\TIP2010.EXE-F2F7A283.pf --------- 25268 22.01.2012 20:52 C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 98304 22.01.2012 20:52 C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf --------- 32994 22.01.2012 20:51 C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 22108 22.01.2012 20:51 C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 32240 22.01.2012 20:51 C:\Windows\Prefetch\_IS12F4.EXE-B3DE2204.pf --------- 66314 22.01.2012 20:51 C:\Windows\Prefetch\DLLHOST.EXE-7FAA2E4C.pf --------- 34020 22.01.2012 20:50 C:\Windows\Prefetch\SF.BIN-05917539.pf --------- 68136 22.01.2012 20:50 C:\Windows\Prefetch\SETUP.EXE-CBB2247F.pf --------- 28346 22.01.2012 20:50 C:\Windows\Prefetch\IKERNEL.EXE-08CF22BD.pf --------- 74322 22.01.2012 20:50 C:\Windows\Prefetch\SET7D1B.TMP-89F20A99.pf --------- 33166 22.01.2012 20:50 C:\Windows\Prefetch\RUNDLL32.EXE-8119E5A5.pf --------- 21248 22.01.2012 20:49 C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf --------- 95384 22.01.2012 20:49 C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf --------- 42516 22.01.2012 20:49 C:\Windows\Prefetch\GOOGLETOOLBARMANAGER_A0AC09CE-E36B35CF.pf --------- 42800 22.01.2012 20:49 C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-09540BCD.pf --------- 24106 22.01.2012 20:49 C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf --------- 24796 22.01.2012 20:49 C:\Windows\Prefetch\GLB1A2B.EXE-5207454B.pf --------- 16204 22.01.2012 20:49 C:\Windows\Prefetch\FABS.EXE-8453663F.pf --------- 21108 22.01.2012 20:49 C:\Windows\Prefetch\FBSERVER.EXE-2A45AD9E.pf --------- 21314 22.01.2012 20:49 C:\Windows\Prefetch\UNINSTALL.EXE-3863AE5C.pf --------- 22892 22.01.2012 20:47 C:\Windows\Prefetch\{397E31AA-0D78-4649-A01C-339D-21CD5C4D.pf --------- 19868 22.01.2012 20:47 C:\Windows\Prefetch\NSS.EXE-BA8F5D37.pf --------- 51888 22.01.2012 20:47 C:\Windows\Prefetch\INSTSTUB.EXE-72552298.pf --------- 50130 22.01.2012 20:46 C:\Windows\Prefetch\GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf --------- 35494 22.01.2012 20:46 C:\Windows\Prefetch\GLB1332.TMP-B21B4CE5.pf --------- 27174 22.01.2012 20:46 C:\Windows\Prefetch\ICQUNTOOLBAR.EXE-E52D417B.pf --------- 22500 22.01.2012 20:46 C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf --------- 45396 22.01.2012 20:46 C:\Windows\Prefetch\ICQ SERVICE.EXE-C85EADEA.pf --------- 31138 22.01.2012 20:44 C:\Windows\Prefetch\ICQ7.EXE-F7C90BCF.pf --------- 21256 22.01.2012 20:44 C:\Windows\Prefetch\ICQ7.EXE-1F5FAFFF.pf --------- 21576 22.01.2012 20:44 C:\Windows\Prefetch\PING.EXE-7E94E73E.pf --------- 12946 22.01.2012 20:44 C:\Windows\Prefetch\BTDNA.EXE-D5417E2F.pf --------- 21486 22.01.2012 20:44 C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 229080 22.01.2012 20:43 C:\Windows\Prefetch\AU_.EXE-ABB5CC68.pf --------- 36770 22.01.2012 20:43 C:\Windows\Prefetch\UNINSTALL.EXE-D24F0C6D.pf --------- 20454 22.01.2012 20:42 C:\Windows\Prefetch\UNINST.EXE-68D89DD4.pf --------- 21412 22.01.2012 20:42 C:\Windows\Prefetch\UNINSTALL.EXE-7FD1B5EB.pf --------- 23862 22.01.2012 20:41 C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf --------- 31092 22.01.2012 20:41 C:\Windows\Prefetch\IELOWUTIL.EXE-3885C25E.pf --------- 34672 22.01.2012 20:40 C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf --------- 21582 22.01.2012 20:34 C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf --------- 27808 22.01.2012 20:34 C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf --------- 68322 22.01.2012 20:33 C:\Windows\Prefetch\MBAM-SETUP-1.60.0.1800.TMP-10633457.pf --------- 30404 22.01.2012 20:33 C:\Windows\Prefetch\MBAM-SETUP-1.60.0.1800.EXE-A12CE76A.pf --------- 21610 22.01.2012 20:33 C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf --------- 61964 22.01.2012 20:32 C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf --------- 26410 22.01.2012 20:32 C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf --------- 13172 22.01.2012 20:30 C:\Windows\Prefetch\ATI2EVXX.EXE-0327F1E7.pf --------- 21196 22.01.2012 20:30 C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf --------- 29892 22.01.2012 20:30 C:\Windows\Prefetch\CSRSS.EXE-3FE41F7E.pf --------- 33036 22.01.2012 20:29 C:\Windows\Prefetch\SMSS.EXE-E9C28FC6.pf --------- 1856 22.01.2012 20:29 C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 37360 22.01.2012 01:48 C:\Windows\Prefetch\CFMAIN.EXE-169D382A.pf --------- 76092 22.01.2012 01:47 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 52402 21.01.2012 16:22 C:\Windows\Prefetch\DISKDEFRAG.EXE-1EF2B5F6.pf --------- 52194 21.01.2012 16:22 C:\Windows\Prefetch\RUNDLL32.EXE-AAB1BBB5.pf --------- 46322 21.01.2012 16:20 C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 36440 21.01.2012 12:27 C:\Windows\Prefetch\AgCx_SC1.db --------- 618949 21.01.2012 12:27 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 172600 21.01.2012 10:45 C:\Windows\Prefetch\FIREFOX.EXE-49DF4462.pf --------- 17108 21.01.2012 10:45 C:\Windows\Prefetch\0.06432036934853824.EXE-2870EEF8.pf --------- 15796 21.01.2012 10:45 C:\Windows\Prefetch\JP2LAUNCHER.EXE-7C1F11C1.pf --------- 17786 21.01.2012 10:15 C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf --------- 964 20.01.2012 23:41 C:\Windows\Prefetch\Layout.ini --------- 1428466 20.01.2012 20:31 C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf --------- 3746 20.01.2012 20:22 C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf --------- 53812 20.01.2012 20:22 C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 14938 20.01.2012 19:41 C:\Windows\Prefetch\MAGIXVIEWER.EXE-97514ACE.pf --------- 138926 20.01.2012 19:40 C:\Windows\Prefetch\ADOBEUPDATER.EXE-9A17D89B.pf --------- 53288 20.01.2012 19:39 C:\Windows\Prefetch\ACRORD32.EXE-DE3ACCC1.pf --------- 126766 20.01.2012 19:38 C:\Windows\Prefetch\CIBEPDF.EXE-1BCA76F9.pf --------- 26512 20.01.2012 15:24 C:\Windows\Prefetch\PHOTOSCREENSAVER.SCR-BE555075.pf --------- 24144 18.11.2011 23:16 C:\Windows\Prefetch\AgCx_SC2.db --------- 839768 20.08.2009 10:44 C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3668809864-4256648373-3923830253-1000.snp.db --------- 1016337 28.01.2009 10:02 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 ---------------------------------------- C:\Windows\Tasks 22.01.2012 21:51 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1098 22.01.2012 21:11 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1094 22.01.2012 21:11 C:\Windows\Tasks\SA.DAT --------- 6 22.01.2012 21:10 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32606 22.01.2012 20:41 C:\Windows\Tasks\User_Feed_Synchronization-{AABF7F1F-B48D-4C7E-972E-34166314B1A8}.job --------- 420 ---------------------------------------- C:\Windows\Temp 22.01.2012 21:34 C:\Windows\Temp\_avast5_ --------- 12288 22.01.2012 21:32 C:\Windows\Temp\_avast_ --------- 0 22.01.2012 01:48 C:\Windows\Temp\TMP0000001D7B62427F1C2252FD --------- 524288 21.01.2012 18:24 C:\Windows\Temp\TMP00000010D6BDB32C0D19DAEA --------- 524288 21.01.2012 18:24 C:\Windows\Temp\avi5B0A.tmp --------- 87262320 ---------------------------------------- C:\Users\Nadine\AppData\Local\Temp 22.01.2012 21:16 C:\Users\Nadine\AppData\Local\Temp\jusched.log --------- 2867 22.01.2012 21:16 C:\Users\Nadine\AppData\Local\Temp\au-descriptor-1.6.0_30-b12.xml --------- 7802 22.01.2012 21:15 C:\Users\Nadine\AppData\Local\Temp\Nadine.bmp --------- 31832 22.01.2012 21:14 C:\Users\Nadine\AppData\Local\Temp\WPDNSE --------- 0 22.01.2012 21:14 C:\Users\Nadine\AppData\Local\Temp\wmplog00.sqm --------- 1272 22.01.2012 21:14 C:\Users\Nadine\AppData\Local\Temp\divCCEF.tmp --------- 0 22.01.2012 21:13 C:\Users\Nadine\AppData\Local\Temp\IpAdrSet.log --------- 4183 22.01.2012 21:13 C:\Users\Nadine\AppData\Local\Temp\JET3024.tmp --------- 0 22.01.2012 21:11 C:\Users\Nadine\AppData\Local\Temp\Google Toolbar --------- 0 22.01.2012 21:08 C:\Users\Nadine\AppData\Local\Temp\VBE --------- 0 22.01.2012 21:02 C:\Users\Nadine\AppData\Local\Temp\div7B85.tmp --------- 0 22.01.2012 20:49 C:\Users\Nadine\AppData\Local\Temp\GoogleToolbarInstaller1.log --------- 2947 22.01.2012 20:45 C:\Users\Nadine\AppData\Local\Temp\{007D814B-B0F9-4484-8C95-4976E9BC1694} --------- 0 22.01.2012 20:44 C:\Users\Nadine\AppData\Local\Temp\uttDCC7.tmp.bat --------- 63 22.01.2012 20:44 C:\Users\Nadine\AppData\Local\Temp\uttDCC7.tmp --------- 0 22.01.2012 20:25 C:\Users\Nadine\AppData\Local\Temp\divABB9.tmp --------- 0 22.01.2012 20:21 C:\Users\Nadine\AppData\Local\Temp\plugtmp-2 --------- 0 22.01.2012 01:49 C:\Users\Nadine\AppData\Local\Temp\~DF8458.tmp --------- 512 22.01.2012 01:49 C:\Users\Nadine\AppData\Local\Temp\~DF8435.tmp --------- 16384 22.01.2012 01:48 C:\Users\Nadine\AppData\Local\Temp\divAEA5.tmp --------- 0 22.01.2012 01:47 C:\Users\Nadine\AppData\Local\Temp\plugtmp-1 --------- 0 22.01.2012 01:47 C:\Users\Nadine\AppData\Local\Temp\JETA073.tmp --------- 0 21.01.2012 18:24 C:\Users\Nadine\AppData\Local\Temp\divC744.tmp --------- 0 21.01.2012 18:23 C:\Users\Nadine\AppData\Local\Temp\JET5F4E.tmp --------- 0 21.01.2012 18:22 C:\Users\Nadine\AppData\Local\Temp\comtypes_cache --------- 0 21.01.2012 18:20 C:\Users\Nadine\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20120121_182045499.html --------- 75448 21.01.2012 18:20 C:\Users\Nadine\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20120121_182045499-MSI_vc_red.msi.txt --------- 1912 21.01.2012 18:20 C:\Users\Nadine\AppData\Local\Temp\RarSFX1 --------- 0 21.01.2012 18:19 C:\Users\Nadine\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20120121_181936673.html --------- 75356 21.01.2012 18:19 C:\Users\Nadine\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20120121_181936673-MSI_vc_red.msi.txt --------- 1904 21.01.2012 18:19 C:\Users\Nadine\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 --------- 0 21.01.2012 18:19 C:\Users\Nadine\AppData\Local\Temp\RarSFX0 --------- 0 21.01.2012 17:30 C:\Users\Nadine\AppData\Local\Temp\_avast_ --------- 0 21.01.2012 17:05 C:\Users\Nadine\AppData\Local\Temp\_avast5_ --------- 0 21.01.2012 16:29 C:\Users\Nadine\AppData\Local\Temp\plugtmp --------- 0 21.01.2012 16:22 C:\Users\Nadine\AppData\Local\Temp\plugtmp-24 --------- 8192 21.01.2012 16:22 C:\Users\Nadine\AppData\Local\Temp\Low --------- 0 21.01.2012 16:19 C:\Users\Nadine\AppData\Local\Temp\JET30B0.tmp --------- 0 21.01.2012 16:19 C:\Users\Nadine\AppData\Local\Temp\divC6D7.tmp --------- 0 21.01.2012 10:56 C:\Users\Nadine\AppData\Local\Temp\div2F3A.tmp --------- 0 21.01.2012 10:55 C:\Users\Nadine\AppData\Local\Temp\JET8C47.tmp --------- 0 21.01.2012 10:50 C:\Users\Nadine\AppData\Local\Temp\divE243.tmp --------- 0 21.01.2012 10:49 C:\Users\Nadine\AppData\Local\Temp\JET974F.tmp --------- 0 21.01.2012 10:48 C:\Users\Nadine\AppData\Local\Temp\EB19.tmp --------- 321184 21.01.2012 10:45 C:\Users\Nadine\AppData\Local\Temp\hsperfdata_Nadine --------- 0 16.05.2000 16:37 C:\Users\Nadine\AppData\Local\Temp\set7D1B.tmp --------- 46080 ---------------------------------------- C:\Program Files 22.01.2012 21:11 C:\Program Files\Google --------- 4096 22.01.2012 20:52 C:\Program Files\InstallShield Installation Information --------- 12288 22.01.2012 20:47 C:\Program Files\Norton Security Scan --------- 0 22.01.2012 20:43 C:\Program Files\Amazon --------- 0 22.01.2012 20:42 C:\Program Files\Azureus --------- 4096 22.01.2012 20:33 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 22.01.2012 16:25 C:\Program Files\Mozilla Firefox --------- 40960 12.01.2012 03:21 C:\Program Files\Windows Mail --------- 4096 21.12.2011 22:55 C:\Program Files\XSManager --------- 24576 15.12.2011 03:21 C:\Program Files\Internet Explorer --------- 4096 27.08.2011 08:24 C:\Program Files\Java --------- 4096 25.08.2011 21:22 C:\Program Files\MSECache --------- 0 02.08.2011 19:52 C:\Program Files\Adobe --------- 0 09.07.2011 20:30 C:\Program Files\WISO --------- 0 10.04.2011 21:05 C:\Program Files\ICQ6Toolbar --------- 4096 10.04.2011 21:05 C:\Program Files\ICQ6.5 --------- 0 13.11.2010 16:05 C:\Program Files\ElsterFormular --------- 4096 15.10.2010 21:01 C:\Program Files\Freecorder --------- 4096 15.10.2010 02:25 C:\Program Files\Windows Media Player --------- 4096 05.10.2010 14:31 C:\Program Files\Microsoft Office --------- 4096 05.10.2010 14:31 C:\Program Files\Common Files --------- 4096 05.10.2010 14:30 C:\Program Files\Microsoft.NET --------- 0 05.10.2010 12:44 C:\Program Files\Alwil Software --------- 0 10.09.2010 18:22 C:\Program Files\DivX --------- 8192 31.08.2010 20:51 C:\Program Files\Movie Maker --------- 4096 24.07.2010 16:49 C:\Program Files\Mydrv --------- 4096 16.05.2010 18:49 C:\Program Files\Vodafone --------- 0 20.04.2010 23:06 C:\Program Files\Windows Portable Devices --------- 0 18.04.2010 13:16 C:\Program Files\Windows Calendar --------- 0 18.04.2010 13:16 C:\Program Files\Windows Sidebar --------- 4096 18.04.2010 13:16 C:\Program Files\Windows Collaboration --------- 4096 18.04.2010 13:16 C:\Program Files\Windows Journal --------- 4096 18.04.2010 13:16 C:\Program Files\Windows Photo Gallery --------- 4096 18.04.2010 13:16 C:\Program Files\Windows Defender --------- 4096 05.04.2010 12:35 C:\Program Files\iTunes --------- 4096 05.04.2010 12:34 C:\Program Files\iPod --------- 0 05.04.2010 12:32 C:\Program Files\QuickTime --------- 4096 05.04.2010 12:28 C:\Program Files\Bonjour --------- 4096 05.04.2010 12:19 C:\Program Files\Safari --------- 4096 06.02.2010 03:34 C:\Program Files\AC3Filter --------- 4096 27.12.2009 17:12 C:\Program Files\Juniper Networks --------- 0 20.09.2009 11:14 C:\Program Files\Microsoft Works --------- 28672 27.03.2009 16:33 C:\Program Files\Apple Software Update --------- 4096 26.03.2009 20:11 C:\Program Files\CIB software GmbH --------- 0 28.02.2009 17:08 C:\Program Files\BitTorrent --------- 0 28.02.2009 17:08 C:\Program Files\DNA --------- 0 29.01.2009 23:09 C:\Program Files\CONEXANT --------- 0 28.01.2009 20:58 C:\Program Files\7-Zip --------- 4096 28.01.2009 20:50 C:\Program Files\VideoLAN --------- 0 28.01.2009 20:41 C:\Program Files\Auslogics --------- 0 28.01.2009 20:40 C:\Program Files\CCleaner --------- 0 28.01.2009 16:47 C:\Program Files\UniBW --------- 0 28.01.2009 10:40 C:\Program Files\Realtek --------- 0 28.01.2009 10:39 C:\Program Files\REALTEK RTL8187B Wireless LAN Driver --------- 0 28.01.2009 10:20 C:\Program Files\Gemeinsame Dateien --------- 0 28.01.2009 10:20 C:\Program Files\Windows NT --------- 4096 28.01.2009 10:10 C:\Program Files\TOSHIBA --------- 4096 02.06.2008 15:04 C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192 27.05.2008 13:10 C:\Program Files\MAGIX --------- 4096 27.05.2008 13:09 C:\Program Files\myphotobook --------- 8192 27.05.2008 13:05 C:\Program Files\Toshiba TEMPRO --------- 8192 27.05.2008 12:56 C:\Program Files\InterVideo --------- 0 27.05.2008 12:56 C:\Program Files\Windows Media-Komponenten --------- 0 27.05.2008 12:52 C:\Program Files\Ulead Systems --------- 0 27.05.2008 12:40 C:\Program Files\Synaptics --------- 0 27.05.2008 12:34 C:\Program Files\ATI Technologies --------- 0 27.05.2008 12:31 C:\Program Files\ATI --------- 0 27.05.2008 12:25 C:\Program Files\MSXML 4.0 --------- 0 21.01.2008 03:43 C:\Program Files\desktop.ini --------- 174 02.11.2006 14:01 C:\Program Files\Uninstall Information --------- 0 02.11.2006 13:37 C:\Program Files\Microsoft Games --------- 4096 02.11.2006 13:37 C:\Program Files\MSBuild --------- 0 02.11.2006 13:37 C:\Program Files\Reference Assemblies --------- 0 ---------------------------------------- C:\ProgramData\.. Nadine Public Default desktop.ini Default User All Users ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 19.504 K smss.exe 500 Services 0 1.408 K csrss.exe 568 Services 0 8.288 K csrss.exe 628 Console 1 11.504 K wininit.exe 636 Services 0 9.768 K services.exe 672 Services 0 12.676 K winlogon.exe 700 Console 1 10.076 K lsass.exe 716 Services 0 2.408 K lsm.exe 728 Services 0 10.056 K svchost.exe 884 Services 0 12.540 K PresentationFontCache.exe 948 Services 0 23.588 K svchost.exe 992 Services 0 12.124 K svchost.exe 1028 Services 0 38.820 K Ati2evxx.exe 1112 Services 0 8.332 K svchost.exe 1136 Services 0 16.284 K svchost.exe 1168 Services 0 78.204 K svchost.exe 1180 Services 0 39.056 K audiodg.exe 1300 Services 0 19.080 K svchost.exe 1328 Services 0 9.396 K SLsvc.exe 1348 Services 0 20.256 K svchost.exe 1384 Services 0 27.820 K svchost.exe 1596 Services 0 26.336 K Ati2evxx.exe 1664 Console 1 10.360 K AvastSvc.exe 1736 Services 0 44.480 K dwm.exe 336 Console 1 50.708 K explorer.exe 528 Console 1 68.924 K spoolsv.exe 1176 Services 0 24.500 K svchost.exe 1420 Services 0 17.612 K taskeng.exe 1524 Services 0 23.852 K taskeng.exe 1308 Console 1 28.068 K MSASCui.exe 2332 Console 1 23.960 K MOM.exe 2412 Console 1 22.256 K RtHDVCpl.exe 2436 Console 1 23.000 K SynTPEnh.exe 2452 Console 1 22.228 K NDSTray.exe 2540 Console 1 23.148 K Toshiba.Tempo.UI.TrayAppl 2644 Console 1 28.872 K TPwrMain.exe 2688 Console 1 22.116 K SmoothView.exe 2696 Console 1 20.268 K TCrdMain.exe 2712 Console 1 23.316 K iTunesHelper.exe 2752 Console 1 25.680 K MobileConnect.exe 2776 Console 1 37.328 K DivXUpdate.exe 2788 Console 1 26.808 K AvastUI.exe 2804 Console 1 26.048 K FLVSrvc.exe 2820 Console 1 20.316 K AppleMobileDeviceService. 2828 Services 0 9.520 K jusched.exe 2872 Console 1 25.664 K starter4g.exe 2884 Console 1 22.336 K mDNSResponder.exe 2896 Services 0 21.016 K mbamgui.exe 2904 Console 1 22.508 K CFSvcs.exe 2916 Services 0 21.788 K sidebar.exe 2932 Console 1 35.344 K dsNcService.exe 2952 Services 0 22.824 K TOSCDSPD.exe 3008 Console 1 20.136 K svchost.exe 3100 Services 0 10.724 K svchost.exe 3140 Services 0 22.648 K TempoSVC.exe 3184 Services 0 27.712 K TNaviSrv.exe 3304 Services 0 8.324 K TODDSrv.exe 3392 Services 0 9.792 K TosCoSrv.exe 3424 Services 0 19.668 K wmpnscfg.exe 3444 Console 1 21.644 K TosIPCSrv.exe 3500 Services 0 8.924 K ULCDRSvr.exe 3528 Services 0 4.140 K svchost.exe 3548 Services 0 8.932 K Dropbox.exe 3876 Console 1 28.704 K WTGService.exe 2552 Services 0 20.744 K XAudio.exe 1392 Services 0 7.740 K service4g.exe 3200 Services 0 22.048 K VMCService.exe 364 Services 0 29.116 K CCC.exe 2812 Console 1 26.884 K conime.exe 4200 Console 1 68 K wmpnetwk.exe 4752 Services 0 26.412 K CFSwMgr.exe 4836 Console 1 25.380 K iPodService.exe 4900 Services 0 10.556 K SynTPHelper.exe 5432 Console 1 8.252 K SearchIndexer.exe 5520 Services 0 32.068 K OTL.exe 4128 Console 1 33.716 K svchost.exe 6116 Services 0 8.136 K mbamservice.exe 3524 Services 0 56.164 K WUDFHost.exe 5288 Services 0 11.356 K taskeng.exe 5224 Services 0 4.252 K conime.exe 5000 Console 1 4.496 K SearchProtocolHost.exe 3700 Services 0 8.240 K SearchFilterHost.exe 220 Services 0 5.360 K cmd.exe 4152 Console 1 2.912 K tasklist.exe 5200 Console 1 4.816 K WmiPrvSE.exe 1396 Services 0 5.744 K ***** Ende des Scans 22.01.2012 um 22:29:08,08 ***
