| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.04.2011, 20:25
| #1 |
 |  TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Guten Tag, mich hat es heute auch mit einem "Trojaner" bzw Virus erwischt. Und zwar hab ich vorhin diese Meldung von meinem Antivir bekommen: Die Datei 'C:\Users\Fireball\AppData\Local\Temp\mnrcxsweao.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a09291b.qua' verschoben! Seitdem spinnt mein Laptop total! - Sachen auf dem Desktop wurden als versteckt makiert - Komische Einträge im Systemstart (Uquajaneyule - Realtek HD Audio Coinstaller usw.) Was gibts da für Möglichkeiten bzw was sollte ich tun?! Lasse gerade nochmal Antiwir + Malwarebytes drüber laufen und hoffe das die vlt noch mehr Infos preisgeben. Danke schonmal für die Hilfe |
|
18.04.2011, 20:32
| #2 | ||||
| /// Helfer-Team    | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Zitat:
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. lade Dir HijackThis 2.0.4 von *von hier* herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen" 5. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 6. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt pr
__________________ Geändert von kira (18.04.2011 um 20:40 Uhr) |
|
18.04.2011, 22:25
| #3 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Kurze Zwischeninfo:
__________________Also die SWH funktioniert nicht richtig.. Kommt immer eine Fehlermeldung von wegen ein Antivirenprogamm sei am laufen, obwohl alle deaktiviert sind. Also auf der einen Seite sind jetzt einige Einträge aus dem Autostart weg aber ich hab trotzdem immer wieder eine *.dll Datei im Autostart die sich "realtek audio coinstaller" schimpft und der Befehl von einer ewehixusoya.dll aus dem Appdata/Local Ordner kommt. (Hab die File mal per abgesichertem Modus gelöscht) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 22:38:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
Running: gmer.exe; Driver: C:\Users\Fireball\AppData\Local\Temp\kwliakow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 8308B9C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830AB512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spus.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C29000, 0x2DEB7A, 0xE8000020]
.text USBPORT.SYS!DllUnload 932A6CA0 5 Bytes JMP 872914E0
.text ar6gya0l.SYS 93E17000 12 Bytes [44, 48, 02, 83, EE, 46, 02, ...]
.text ar6gya0l.SYS 93E1700D 9 Bytes [27, 02, 83, 48, 4B, 02, 83, ...] {DAA ; ADD AL, [EBX-0x7cfdb4b8]; ADD [EAX], AL}
.text ar6gya0l.SYS 93E17017 20 Bytes [00, DE, A7, B1, 8B, E6, A5, ...]
.text ar6gya0l.SYS 93E1702C 58 Bytes [00, 00, 00, 00, 00, 68, 08, ...]
.text ar6gya0l.SYS 93E17067 90 Bytes [83, 64, AC, 08, 83, 20, 81, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\windows\system32\Dwm.exe[2444] ntdll.dll!NtCreateUserProcess 77AB5778 5 Bytes JMP 006A4B7A
.text C:\windows\system32\Dwm.exe[2444] ntdll.dll!LdrLoadDll 77AD22B8 5 Bytes JMP 006A4CA9
.text C:\windows\system32\Dwm.exe[2444] kernel32.dll!GetFileAttributesExW 770D273D 5 Bytes JMP 006A4D4B
.text C:\windows\system32\Dwm.exe[2444] USER32.dll!TranslateMessage 77BE64C7 5 Bytes JMP 006A38C4
.text C:\windows\system32\Dwm.exe[2444] USER32.dll!GetClipboardData 77BF2BA7 5 Bytes JMP 006A3A2A
.text C:\windows\system32\Dwm.exe[2444] CRYPT32.dll!PFXImportCertStore 75DE0DDC 5 Bytes JMP 006A35DE
.text C:\windows\system32\Dwm.exe[2444] WS2_32.dll!closesocket 75F73918 5 Bytes JMP 00693FA0
.text C:\windows\system32\Dwm.exe[2444] WS2_32.dll!WSASend 75F74406 5 Bytes JMP 00693FF9
.text C:\windows\system32\Dwm.exe[2444] WS2_32.dll!send 75F76F01 5 Bytes JMP 00693FD8
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpQueryInfoA 7725A33E 5 Bytes JMP 006A717F
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetCloseHandle 7725AB49 5 Bytes JMP 006A7087
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFile 7725B406 5 Bytes JMP 006A70CA
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetQueryDataAvailable 77265E5D 5 Bytes JMP 006A7153
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestW 7726BA12 5 Bytes JMP 006A6EA7
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExW 77274A3D 5 Bytes JMP 006A6F4F
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFileExA 7728AE5E 5 Bytes JMP 006A7109
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExA 772D189E 5 Bytes JMP 006A6FEB
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA 772D1984 2 Bytes JMP 006A6EFB
.text C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA + 3 772D1987 2 Bytes [3D, 89]
.text C:\windows\system32\taskhost.exe[2452] ntdll.dll!NtCreateUserProcess 77AB5778 5 Bytes JMP 017E4B7A
.text C:\windows\system32\taskhost.exe[2452] ntdll.dll!LdrLoadDll 77AD22B8 5 Bytes JMP 017E4CA9
.text C:\windows\system32\taskhost.exe[2452] kernel32.dll!GetFileAttributesExW 770D273D 5 Bytes JMP 017E4D4B
.text C:\windows\system32\taskhost.exe[2452] USER32.dll!TranslateMessage 77BE64C7 5 Bytes JMP 017E38C4
.text C:\windows\system32\taskhost.exe[2452] USER32.dll!GetClipboardData 77BF2BA7 5 Bytes JMP 017E3A2A
.text C:\windows\system32\taskhost.exe[2452] WS2_32.dll!closesocket 75F73918 5 Bytes JMP 017D3FA0
.text C:\windows\system32\taskhost.exe[2452] WS2_32.dll!WSASend 75F74406 5 Bytes JMP 017D3FF9
.text C:\windows\system32\taskhost.exe[2452] WS2_32.dll!send 75F76F01 5 Bytes JMP 017D3FD8
.text C:\windows\system32\taskhost.exe[2452] CRYPT32.dll!PFXImportCertStore 75DE0DDC 5 Bytes JMP 017E35DE
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpQueryInfoA 7725A33E 5 Bytes JMP 017E717F
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetCloseHandle 7725AB49 5 Bytes JMP 017E7087
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFile 7725B406 5 Bytes JMP 017E70CA
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetQueryDataAvailable 77265E5D 5 Bytes JMP 017E7153
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestW 7726BA12 5 Bytes JMP 017E6EA7
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExW 77274A3D 5 Bytes JMP 017E6F4F
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFileExA 7728AE5E 5 Bytes JMP 017E7109
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExA 772D189E 5 Bytes JMP 017E6FEB
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA 772D1984 2 Bytes JMP 017E6EFB
.text C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA + 3 772D1987 2 Bytes [51, 8A]
.text C:\windows\Explorer.EXE[2528] ntdll.dll!NtCreateUserProcess 77AB5778 5 Bytes JMP 02AD4B7A
.text C:\windows\Explorer.EXE[2528] ntdll.dll!LdrLoadDll 77AD22B8 5 Bytes JMP 02AD4CA9
.text C:\windows\Explorer.EXE[2528] kernel32.dll!GetFileAttributesExW 770D273D 5 Bytes JMP 02AD4D4B
.text C:\windows\Explorer.EXE[2528] USER32.dll!TranslateMessage 77BE64C7 5 Bytes JMP 02AD38C4
.text C:\windows\Explorer.EXE[2528] USER32.dll!GetClipboardData 77BF2BA7 5 Bytes JMP 02AD3A2A
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpQueryInfoA 7725A33E 5 Bytes JMP 02AD717F
.text C:\windows\Explorer.EXE[2528] WININET.dll!InternetCloseHandle 7725AB49 5 Bytes JMP 02AD7087
.text C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFile 7725B406 5 Bytes JMP 02AD70CA
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersA 7725DCD2 5 Bytes JMP 001F18D5
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersW 77264FAE 5 Bytes JMP 001F1A9D
.text C:\windows\Explorer.EXE[2528] WININET.dll!InternetQueryDataAvailable 77265E5D 5 Bytes JMP 02AD7153
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestW 7726BA12 5 Bytes JMP 02AD6EA7
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExW 77274A3D 5 Bytes JMP 02AD6F4F
.text C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFileExA 7728AE5E 5 Bytes JMP 02AD7109
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExA 772D189E 5 Bytes JMP 02AD6FEB
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA 772D1984 2 Bytes JMP 02AD6EFB
.text C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA + 3 772D1987 2 Bytes [80, 8B]
.text C:\windows\Explorer.EXE[2528] CRYPT32.dll!PFXImportCertStore 75DE0DDC 5 Bytes JMP 02AD35DE
.text C:\windows\Explorer.EXE[2528] WS2_32.dll!closesocket 75F73918 5 Bytes JMP 02AC3FA0
.text C:\windows\Explorer.EXE[2528] WS2_32.dll!WSASend 75F74406 5 Bytes JMP 02AC3FF9
.text C:\windows\Explorer.EXE[2528] WS2_32.dll!send 75F76F01 5 Bytes JMP 02AC3FD8
.text C:\Windows\System32\rundll32.exe[2844] ntdll.dll!NtCreateUserProcess 77AB5778 5 Bytes JMP 015B4B7A
.text C:\Windows\System32\rundll32.exe[2844] ntdll.dll!LdrLoadDll 77AD22B8 5 Bytes JMP 015B4CA9
.text C:\Windows\System32\rundll32.exe[2844] kernel32.dll!GetFileAttributesExW 770D273D 5 Bytes JMP 015B4D4B
.text C:\Windows\System32\rundll32.exe[2844] USER32.dll!TranslateMessage 77BE64C7 5 Bytes JMP 015B38C4
.text C:\Windows\System32\rundll32.exe[2844] USER32.dll!GetClipboardData 77BF2BA7 5 Bytes JMP 015B3A2A
.text C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!closesocket 75F73918 5 Bytes JMP 015A3FA0
.text C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!WSASend 75F74406 5 Bytes JMP 015A3FF9
.text C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!send 75F76F01 5 Bytes JMP 015A3FD8
.text C:\Windows\System32\rundll32.exe[2844] CRYPT32.dll!PFXImportCertStore 75DE0DDC 5 Bytes JMP 015B35DE
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpQueryInfoA 7725A33E 5 Bytes JMP 015B717F
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetCloseHandle 7725AB49 5 Bytes JMP 015B7087
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFile 7725B406 5 Bytes JMP 015B70CA
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetQueryDataAvailable 77265E5D 5 Bytes JMP 015B7153
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestW 7726BA12 5 Bytes JMP 015B6EA7
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExW 77274A3D 5 Bytes JMP 015B6F4F
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFileExA 7728AE5E 5 Bytes JMP 015B7109
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExA 772D189E 5 Bytes JMP 015B6FEB
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA 772D1984 2 Bytes JMP 015B6EFB
.text C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA + 3 772D1987 2 Bytes [2E, 8A]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [8BA40C4C] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8BA40CA0] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA10042] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA106D6] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA10800] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA1013E] \SystemRoot\System32\Drivers\spus.sys
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\ar6gya0l.SYS[NTOSKRNL.exe!KeTickCount] 78801875
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 863181F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 856521F8
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 872921F8
Device \Driver\usbuhci \Device\USBPDO-1 872921F8
Device \Driver\usbuhci \Device\USBPDO-2 872921F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC} 8724A1F8
Device \Driver\usbehci \Device\USBPDO-3 86372500
Device \Driver\usbuhci \Device\USBPDO-4 872921F8
Device \Driver\usbuhci \Device\USBPDO-5 872921F8
Device \Driver\usbuhci \Device\USBPDO-6 872921F8
Device \Driver\volmgr \Device\HarddiskVolume1 856521F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86372500
Device \Driver\volmgr \Device\HarddiskVolume2 856521F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 87092500
Device \Driver\NetBT \Device\NetBT_Tcpip_{757227C0-FB57-48ED-A716-ADDEAE82F2D3} 8724A1F8
Device \Driver\volmgr \Device\HarddiskVolume3 856521F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 87092500
Device \Driver\volmgr \Device\HarddiskVolume4 856521F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BC72468-10FD-4771-992B-EF2F7347F383} 8724A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8724A1F8
Device \Driver\PCI_PNP1623 \Device\0000005e spus.sys
Device \Driver\usbuhci \Device\USBFDO-0 872921F8
Device \Driver\usbuhci \Device\USBFDO-1 872921F8
Device \Driver\sptd \Device\1512981624 spus.sys
Device \Driver\usbuhci \Device\USBFDO-2 872921F8
Device \Driver\usbehci \Device\USBFDO-3 86372500
Device \Driver\usbuhci \Device\USBFDO-4 872921F8
Device \Driver\usbuhci \Device\USBFDO-5 872921F8
Device \Driver\usbuhci \Device\USBFDO-6 872921F8
Device \Driver\usbehci \Device\USBFDO-7 86372500
Device \Driver\ar6gya0l \Device\Scsi\ar6gya0l1Port1Path0Target0Lun0 873521F8
Device \Driver\ar6gya0l \Device\Scsi\ar6gya0l1 873521F8
---- Threads - GMER 1.0.15 ----
Thread System [4:300] 86F23E7A
Thread System [4:304] 86F26008
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x4C 0xA5 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0x27 0xFF 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x96 0x39 0x52 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x4C 0xA5 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0x27 0xFF 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x96 0x39 0x52 0xFC ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST950032 rev.0001 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
device: opened successfully
user: MBR read successfully
Disk trace:
kernel: MBR read successfully
user & kernel MBR OK
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:32:59, on 18.04.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE D:\Downloads\mbam-setup.exe C:\Users\Fireball\AppData\Local\Temp\is-P1NH7.tmp\mbam-setup.tmp D:\Downloads\HijackThis.exe C:\windows\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Egiqa] rundll32.exe "C:\Users\Fireball\AppData\Local\ewehixusoya.dll",Startup O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC}: NameServer = 192.168.178.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5950 bytes Code:
ATTFilter
Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7601]
C:
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
18.04.2011 23:23 C:\Windows --------- 32768
18.04.2011 23:22 C:\ProgramData --------- 8192
18.04.2011 22:46 C:\System Volume Information --------- 24576
18.04.2011 22:46 C:\mbr.log --------- 309
18.04.2011 21:42 C:\Program Files --------- 28672
14.10.2010 21:51 C:\MSOCache --------- 0
26.01.2010 17:45 C:\$Recycle.Bin --------- 4096
26.11.2009 12:03 C:\IO.SYS --------- 0
26.11.2009 12:03 C:\MSDOS.SYS --------- 0
01.11.2009 23:00 C:\Users --------- 4096
29.10.2009 13:04 C:\Recovery --------- 0
07.10.2009 11:52 C:\Intel --------- 0
14.07.2009 06:53 C:\Documents and Settings --------- 0
14.07.2009 04:37 C:\PerfLogs --------- 0
10.06.2009 23:42 C:\config.sys --------- 10
10.06.2009 23:42 C:\autoexec.bat --------- 24
----------------------------------------
C:\windows
18.04.2011 23:23 C:\windows\setupact.log --------- 168
18.04.2011 23:23 C:\windows\bootstat.dat --------- 67584
18.04.2011 23:27 C:\windows\WindowsUpdate.log --------- 1650501
18.04.2011 22:52 C:\windows\setuperr.log --------- 0
20.11.2010 14:21 C:\windows\twain_32.dll --------- 51200
20.11.2010 14:17 C:\windows\explorer.exe --------- 2616320
20.11.2010 14:16 C:\windows\bfsvc.exe --------- 65024
04.05.2010 14:15 C:\windows\wininit.ini --------- 182
04.05.2010 08:02 C:\windows\win.ini --------- 510
17.04.2010 01:45 C:\windows\WLXPGSS.SCR --------- 307056
25.11.2009 02:36 C:\windows\Sfc3ng.INI --------- 604
13.11.2009 17:09 C:\windows\hmview.ini --------- 46
08.11.2009 17:20 C:\windows\Irremote.ini --------- 4767
29.10.2009 13:22 C:\windows\HotFixList.ini --------- 2
08.10.2009 03:48 C:\windows\ativpsrm.bin --------- 0
07.10.2009 12:16 C:\windows\Csup.txt --------- 10
17.09.2009 21:00 C:\windows\SetLCDStretchMode.exe --------- 345600
18.08.2009 18:16 C:\windows\RtlExUpd.dll --------- 831488
28.07.2009 12:37 C:\windows\atiogl.xml --------- 18632
14.07.2009 06:41 C:\windows\WindowsShell.Manifest --------- 749
14.07.2009 03:14 C:\windows\write.exe --------- 9216
14.07.2009 03:14 C:\windows\winhlp32.exe --------- 9728
14.07.2009 03:14 C:\windows\twunk_32.exe --------- 31232
14.07.2009 03:14 C:\windows\regedit.exe --------- 398336
14.07.2009 03:14 C:\windows\notepad.exe --------- 179712
14.07.2009 03:14 C:\windows\hh.exe --------- 15360
14.07.2009 03:14 C:\windows\HelpPane.exe --------- 497152
14.07.2009 03:14 C:\windows\fveupdate.exe --------- 13824
14.07.2009 00:58 C:\windows\mib.bin --------- 43131
10.06.2009 23:46 C:\windows\system.ini --------- 219
10.06.2009 23:42 C:\windows\_default.pif --------- 707
10.06.2009 23:42 C:\windows\winhelp.exe --------- 256192
10.06.2009 23:41 C:\windows\twunk_16.exe --------- 49680
10.06.2009 23:41 C:\windows\twain.dll --------- 94784
10.06.2009 23:34 C:\windows\WMSysPr9.prx --------- 316640
10.06.2009 23:19 C:\windows\msdfmap.ini --------- 1405
10.06.2009 23:14 C:\windows\Starter.xml --------- 48201
10.06.2009 23:14 C:\windows\HomePremium.xml --------- 48265
09.06.2009 23:28 C:\windows\agrsmdel.exe --------- 64000
15.04.2009 04:21 C:\windows\SetDisplayResolution.exe --------- 307200
19.12.2008 21:04 C:\windows\SetDisplayResolutionNP.xml --------- 3282
19.12.2008 21:04 C:\windows\SetDisplayResolutionDT.xml --------- 3282
----------------------------------------
C:\windows\System
13.07.2009 23:41 C:\windows\System\OLESVR.DLL --------- 24064
13.07.2009 23:41 C:\windows\System\WFWNET.DRV --------- 12704
13.07.2009 23:41 C:\windows\System\COMMDLG.DLL --------- 32816
13.07.2009 23:41 C:\windows\System\TIMER.DRV --------- 4048
13.07.2009 23:41 C:\windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 23:41 C:\windows\System\mmtask.tsk --------- 1152
13.07.2009 23:41 C:\windows\System\mouse.drv --------- 2032
13.07.2009 23:41 C:\windows\System\vga.drv --------- 2176
13.07.2009 23:41 C:\windows\System\sound.drv --------- 1744
13.07.2009 23:41 C:\windows\System\keyboard.drv --------- 2000
13.07.2009 23:41 C:\windows\System\SHELL.DLL --------- 5120
13.07.2009 23:41 C:\windows\System\system.drv --------- 3360
10.06.2009 23:42 C:\windows\System\ver.dll --------- 9008
10.06.2009 23:42 C:\windows\System\olecli.dll --------- 82944
10.06.2009 23:42 C:\windows\System\lzexpand.dll --------- 9936
10.06.2009 23:25 C:\windows\System\stdole.tlb --------- 5532
10.06.2009 23:21 C:\windows\System\msvideo.dll --------- 126912
10.06.2009 23:21 C:\windows\System\mciwave.drv --------- 28160
10.06.2009 23:21 C:\windows\System\mciseq.drv --------- 25264
10.06.2009 23:21 C:\windows\System\mciavi.drv --------- 73376
10.06.2009 23:21 C:\windows\System\avifile.dll --------- 109456
10.06.2009 23:21 C:\windows\System\avicap.dll --------- 69584
----------------------------------------
C:\windows\System32
18.04.2011 23:31 C:\windows\system32\drivers --------- 65536
18.04.2011 23:30 C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14512
18.04.2011 23:30 C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14512
18.04.2011 23:23 C:\windows\system32\config --------- 24576
18.04.2011 23:23 C:\windows\system32\wbem --------- 65536
18.04.2011 23:22 C:\windows\system32\AdvancedInstallers --------- 0
18.04.2011 23:21 C:\windows\system32\Boot --------- 0
18.04.2011 23:21 C:\windows\system32\catroot2 --------- 24576
18.04.2011 23:21 C:\windows\system32\CodeIntegrity --------- 0
18.04.2011 23:21 C:\windows\system32\da-DK --------- 0
18.04.2011 23:21 C:\windows\system32\cs-CZ --------- 0
18.04.2011 23:21 C:\windows\system32\de-DE --------- 262144
18.04.2011 23:21 C:\windows\system32\Dism --------- 0
18.04.2011 23:21 C:\windows\system32\DriverStore --------- 4096
18.04.2011 23:21 C:\windows\system32\es-ES --------- 0
18.04.2011 23:21 C:\windows\system32\manifeststore --------- 0
18.04.2011 23:21 C:\windows\system32\migration --------- 0
18.04.2011 23:21 C:\windows\system32\migwiz --------- 4096
18.04.2011 23:21 C:\windows\system32\MUI --------- 0
18.04.2011 23:21 C:\windows\system32\oobe --------- 0
18.04.2011 23:21 C:\windows\system32\Setup --------- 0
18.04.2011 23:21 C:\windows\system32\Speech --------- 0
18.04.2011 23:21 C:\windows\system32\spp --------- 0
18.04.2011 23:21 C:\windows\system32\SPReview --------- 0
18.04.2011 23:21 C:\windows\system32\sppui --------- 0
18.04.2011 23:21 C:\windows\system32\sysprep --------- 0
18.04.2011 23:21 C:\windows\system32\XPSViewer --------- 0
18.04.2011 22:41 C:\windows\system32\mbr.log --------- 309
18.04.2011 21:43 C:\windows\system32\Tasks --------- 4096
18.04.2011 21:37 C:\windows\system32\mbr.exe --------- 89088
18.04.2011 21:03 C:\windows\system32\perfh009.dat --------- 708078
18.04.2011 21:03 C:\windows\system32\perfc009.dat --------- 143082
18.04.2011 21:03 C:\windows\system32\perfh007.dat --------- 764762
18.04.2011 21:03 C:\windows\system32\perfc007.dat --------- 176878
18.04.2011 21:03 C:\windows\system32\PerfStringBackup.INI --------- 1790536
16.04.2011 14:24 C:\windows\system32\catroot --------- 4096
15.04.2011 12:39 C:\windows\system32\FNTCACHE.DAT --------- 411504
15.04.2011 12:32 C:\windows\system32\msclmd.dll --------- 152576
15.04.2011 11:00 C:\windows\system32\EventProviders --------- 0
15.04.2011 10:54 C:\windows\system32\MRT.exe --------- 39828936
14.03.2011 12:18 C:\windows\system32\NDF --------- 0
11.03.2011 07:33 C:\windows\system32\mfc42u.dll --------- 1164288
11.03.2011 07:33 C:\windows\system32\mfc42.dll --------- 1137664
08.03.2011 07:28 C:\windows\system32\inetcomm.dll --------- 741376
07.03.2011 07:33 C:\windows\system32\wininet.dll --------- 981504
07.03.2011 07:33 C:\windows\system32\urlmon.dll --------- 1230336
07.03.2011 07:31 C:\windows\system32\mshtml.dll --------- 5981696
07.03.2011 07:31 C:\windows\system32\jsproxy.dll --------- 48128
07.03.2011 07:31 C:\windows\system32\ieui.dll --------- 176640
07.03.2011 07:31 C:\windows\system32\ieframe.dll --------- 10990080
07.03.2011 05:52 C:\windows\system32\mshtml.tlb --------- 1638912
03.03.2011 07:38 C:\windows\system32\dnsrslvr.dll --------- 132608
03.03.2011 07:38 C:\windows\system32\dnsapi.dll --------- 270336
03.03.2011 07:36 C:\windows\system32\dnscacheugc.exe --------- 28672
03.03.2011 05:42 C:\windows\system32\win32k.sys --------- 2333184
24.02.2011 07:38 C:\windows\system32\XpsGdiConverter.dll --------- 288256
19.02.2011 08:30 C:\windows\system32\FntCache.dll --------- 805376
19.02.2011 08:30 C:\windows\system32\DWrite.dll --------- 1076736
19.02.2011 08:30 C:\windows\system32\d2d1.dll --------- 739840
19.02.2011 08:30 C:\windows\system32\atmlib.dll --------- 34304
19.02.2011 06:34 C:\windows\system32\atmfd.dll --------- 294912
18.02.2011 07:43 C:\windows\system32\vbscript.dll --------- 428032
18.02.2011 07:41 C:\windows\system32\jscript.dll --------- 716800
13.02.2011 03:35 C:\windows\system32\en-US --------- 221184
12.02.2011 07:35 C:\windows\system32\FXSCOVER.exe --------- 191488
17.01.2011 07:47 C:\windows\system32\d3d10_1.dll --------- 161792
16.01.2011 23:48 C:\windows\system32\Setup.dll --------- 126464
07.01.2011 09:46 C:\windows\system32\XpsPrint.dll --------- 870912
23.12.2010 07:54 C:\windows\system32\sbe.dll --------- 850944
23.12.2010 07:54 C:\windows\system32\CPFilters.dll --------- 642048
23.12.2010 07:54 C:\windows\system32\EncDec.dll --------- 534528
23.12.2010 07:50 C:\windows\system32\mpg2splt.ax --------- 199680
17.12.2010 09:07 C:\windows\system32\kerberos.dll --------- 542208
10.12.2010 19:29 C:\windows\system32\sqlctr90.dll --------- 64864
10.12.2010 19:29 C:\windows\system32\sqlncli.dll --------- 2248032
06.12.2010 15:58 C:\windows\system32\abgx360.exe --------- 2496715
29.11.2010 18:38 C:\windows\system32\QuickTimeVR.qtx --------- 94208
29.11.2010 18:38 C:\windows\system32\QuickTime.qts --------- 69632
20.11.2010 14:36 C:\windows\system32\Narrator.exe --------- 1077248
20.11.2010 14:36 C:\windows\system32\NAPHLPR.DLL --------- 107008
20.11.2010 14:36 C:\windows\system32\NAPCRYPT.DLL --------- 46080
20.11.2010 14:32 C:\windows\system32\AuthFWSnapin.dll --------- 5066752
20.11.2010 14:30 C:\windows\system32\ntoskrnl.exe --------- 3911040
20.11.2010 14:30 C:\windows\system32\ntkrnlpa.exe --------- 3966848
20.11.2010 14:29 C:\windows\system32\mcupdate_GenuineIntel.dll --------- 520064
20.11.2010 14:29 C:\windows\system32\halacpi.dll --------- 137088
20.11.2010 14:29 C:\windows\system32\hal.dll --------- 194432
20.11.2010 14:29 C:\windows\system32\halmacpi.dll --------- 194432
20.11.2010 14:29 C:\windows\system32\bootres.dll --------- 2217856
20.11.2010 14:29 C:\windows\system32\consent.exe --------- 101760
20.11.2010 14:24 C:\windows\system32\ntdll.dll --------- 1288488
20.11.2010 14:24 C:\windows\system32\fveapi.dll --------- 271664
20.11.2010 14:24 C:\windows\system32\winresume.exe --------- 442720
20.11.2010 14:24 C:\windows\system32\winload.exe --------- 508904
20.11.2010 14:24 C:\windows\system32\ci.dll --------- 690680
20.11.2010 14:23 C:\windows\system32\basecsp.dll --------- 144768
20.11.2010 14:21 C:\windows\system32\zipfldr.dll --------- 327680
20.11.2010 14:21 C:\windows\system32\XpsRasterService.dll --------- 135168
20.11.2010 14:21 C:\windows\system32\xpsservices.dll --------- 1712640
20.11.2010 14:21 C:\windows\system32\wwanprotdim.dll --------- 40960
----------------------------------------
C:\windows\Prefetch
----------------------------------------
C:\windows\Tasks
18.04.2011 23:23 C:\windows\Tasks\SA.DAT --------- 6
18.04.2011 22:43 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job --------- 1078
18.04.2011 22:43 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job --------- 1130
28.02.2011 09:23 C:\windows\Tasks\SCHEDLGU.TXT --------- 32632
----------------------------------------
C:\windows\Temp
18.04.2011 23:23 C:\windows\Temp\lpksetup-20110418-232350-0.log --------- 3500
18.04.2011 23:09 C:\windows\Temp\lpksetup-20110418-230857-0.log --------- 3500
18.04.2011 22:52 C:\windows\Temp\lpksetup-20110418-225221-0.log --------- 3500
18.04.2011 21:59 C:\windows\Temp\Cookies --------- 0
18.04.2011 21:49 C:\windows\Temp\History --------- 0
18.04.2011 21:49 C:\windows\Temp\Temporary Internet Files --------- 0
18.04.2011 20:57 C:\windows\Temp\lpksetup-20110418-205713-0.log --------- 3500
18.04.2011 11:32 C:\windows\Temp\lpksetup-20110418-113220-0.log --------- 3500
----------------------------------------
C:\Users\Fireball\AppData\Local\Temp
18.04.2011 23:33 C:\Users\Fireball\AppData\Local\Temp\~DF5E823017F53DE822.TMP --------- 81920
18.04.2011 23:31 C:\Users\Fireball\AppData\Local\Temp\~DF283559A38E35B79D.TMP --------- 81920
18.04.2011 23:30 C:\Users\Fireball\AppData\Local\Temp\CVR57FE.tmp.cvr --------- 0
18.04.2011 23:24 C:\Users\Fireball\AppData\Local\Temp\WPDNSE --------- 0
18.04.2011 23:22 C:\Users\Fireball\AppData\Local\Temp\~nsu.tmp --------- 0
18.04.2011 21:39 C:\Users\Fireball\AppData\Local\Temp\utt222.tmp.bat --------- 53
18.04.2011 21:39 C:\Users\Fireball\AppData\Local\Temp\utt222.tmp --------- 0
18.04.2011 21:20 C:\Users\Fireball\AppData\Local\Temp\CVR8E2B.tmp.cvr --------- 0
18.04.2011 21:11 C:\Users\Fireball\AppData\Local\Temp\CVR4346.tmp.cvr --------- 0
18.04.2011 22:47 C:\Users\Fireball\AppData\Local\Temp\hsperfdata_Fireball --------- 0
18.04.2011 21:05 C:\Users\Fireball\AppData\Local\Temp\0.8775945902354931.exe --------- 168279
18.04.2011 20:48 C:\Users\Fireball\AppData\Local\Temp\tmpF59E.tmp --------- 569344
18.04.2011 20:48 C:\Users\Fireball\AppData\Local\Temp\tmp46AA.tmp --------- 569344
18.04.2011 20:48 C:\Users\Fireball\AppData\Local\Temp\woanecmrsx.exe --------- 89088
18.04.2011 20:48 C:\Users\Fireball\AppData\Local\Temp\err.log33402762 --------- 29184
18.04.2011 11:32 C:\Users\Fireball\AppData\Local\Temp\CVRD4EA.tmp.cvr --------- 0
12.03.2011 13:14 C:\Users\Fireball\AppData\Local\Temp\Low --------- 0
29.10.2009 13:24 C:\Users\Fireball\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
14.07.2009 03:14 C:\Users\Fireball\AppData\Local\Temp\esarncwmox.exe --------- 47104
----------------------------------------
C:\Program Files
----------------------------------------
C:\ProgramData\..
Fireball
Mcx1-FIREBALL-PC
Public
Default
All Users
Default User
desktop.ini
----------------------------------------
C:\windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com
127.0.0.1 www.123simsen.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 125sms.co.uk
127.0.0.1 www.125sms.co.uk
127.0.0.1 125sms.com
127.0.0.1 www.125sms.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 1337crew.info
127.0.0.1 www.1337crew.info
127.0.0.1 www.1337-crew.to
127.0.0.1 1337-crew.to
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 www.150freesms.de
127.0.0.1 150freesms.de
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17concepts.info
127.0.0.1 www.17concepts.info
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 181.365soft.info
127.0.0.1 www.181.365soft.info
127.0.0.1 1987324.com
127.0.0.1 www.1987324.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 www.1sexparty.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1sms.de
127.0.0.1 1sms.de
127.0.0.1 www.1spybot.com
127.0.0.1 1spybot.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 1stsearchportal.com
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 12 K
System 4 Services 0 6.400 K
smss.exe 336 Services 0 800 K
csrss.exe 472 Services 0 3.308 K
wininit.exe 544 Services 0 3.208 K
csrss.exe 568 Console 1 6.048 K
services.exe 592 Services 0 9.088 K
lsass.exe 616 Services 0 7.552 K
lsm.exe 624 Services 0 4.436 K
svchost.exe 736 Services 0 7.004 K
winlogon.exe 816 Console 1 4.608 K
svchost.exe 880 Services 0 6.132 K
atiesrxx.exe 920 Services 0 2.988 K
svchost.exe 1016 Services 0 15.416 K
svchost.exe 1064 Services 0 64.564 K
svchost.exe 1104 Services 0 33.028 K
svchost.exe 1240 Services 0 11.504 K
atieclxx.exe 1308 Console 1 4.164 K
svchost.exe 1344 Services 0 4.168 K
svchost.exe 1420 Services 0 16.744 K
spoolsv.exe 1568 Services 0 8.824 K
sched.exe 1616 Services 0 1.532 K
svchost.exe 1640 Services 0 5.408 K
agrsmsvc.exe 1760 Services 0 1.984 K
avguard.exe 1780 Services 0 11.584 K
AppleMobileDeviceService. 1808 Services 0 6.180 K
BcmSqlStartupSvc.exe 1836 Services 0 2.720 K
mDNSResponder.exe 1864 Services 0 4.568 K
svchost.exe 1896 Services 0 11.600 K
Rezip.exe 1948 Services 0 3.516 K
sqlbrowser.exe 1980 Services 0 3.136 K
sqlwriter.exe 2008 Services 0 4.736 K
svchost.exe 420 Services 0 4.024 K
avshadow.exe 2252 Services 0 3.300 K
conhost.exe 2260 Services 0 2.036 K
alg.exe 2436 Services 0 3.580 K
svchost.exe 2544 Services 0 4.088 K
TrustedInstaller.exe 2688 Services 0 6.284 K
taskeng.exe 2916 Console 1 4.644 K
taskhost.exe 2940 Console 1 49.916 K
dwm.exe 2948 Console 1 46.052 K
explorer.exe 3028 Console 1 114.284 K
SUPBackGround.exe 3060 Console 1 1.708 K
SSCKbdHk.exe 3116 Console 1 764 K
SearchIndexer.exe 3788 Services 0 27.064 K
wmpnetwk.exe 3872 Services 0 4.660 K
svchost.exe 1692 Services 0 6.568 K
firefox.exe 3964 Console 1 111.164 K
plugin-container.exe 3008 Console 1 37.844 K
OUTLOOK.EXE 2884 Console 1 123.668 K
OSPPSVC.EXE 3616 Services 0 8.948 K
WmiPrvSE.exe 1184 Services 0 5.112 K
mbam.exe 3296 Console 1 90.004 K
cmd.exe 3332 Console 1 4.180 K
conhost.exe 3632 Console 1 20.504 K
SearchProtocolHost.exe 3620 Services 0 6.408 K
SearchFilterHost.exe 2040 Services 0 4.588 K
tasklist.exe 3452 Console 1 4.360 K
***** Ende des Scans 18.04.2011 um 23:34:23,12 ***
Geändert von Floppar (18.04.2011 um 23:10 Uhr) |
|
19.04.2011, 05:27
| #4 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Falls noch nicht vorhanden lade es herunter, ansonsten Update ziehen und die Anleitung einhalten: 1. Du hast deine ersten Scanergebnisse von Malwarebytes bestimmt noch, wo alle entfernten Objekte liegen? Zeige mir bitte das Protokoll. Wenn mehrere Ergebnissen vorliegen, alle posten 2. ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
3. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (19.04.2011 um 05:34 Uhr) |
|
19.04.2011, 05:27
| #5 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartCode:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6391
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
18.04.2011 22:03:30
mbam-log-2011-04-18 (22-03-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 82397
Laufzeit: 33 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqujaneyule (Trojan.Hiloti) -> Value: Uqujaneyule -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
|
|
19.04.2011, 09:22
| #6 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartCode:
ATTFilter OTL Extras logfile created on: 4/19/2011 6:30:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/18/2011 3:05:32 PM | Computer Name = Fireball-PC | Source = ESENT | ID = 215
Description = WinMail (3184) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 4/18/2011 4:52:36 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
Error - 4/18/2011 5:09:40 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
Error - 4/18/2011 5:24:22 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
Error - 4/18/2011 5:30:37 PM | Computer Name = Fireball-PC | Source = MBAMService | ID = 131073
Description =
Error - 4/18/2011 8:58:16 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/18/2011 8:58:37 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/18/2011 9:00:17 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/18/2011 9:00:18 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/18/2011 9:00:20 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung. 11:03:50
- Serververbindung konnte nicht hergestellt werden..
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung. 11:03:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 4/18/2011 5:55:51 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 4/18/2011 5:57:02 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/18/2011 5:57:04 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 4/18/2011 5:57:33 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/19/2011 6:30:59 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 23:22:17 | 000,000,000 | ---D | M] [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/04/18 20:53:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com [2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml [2011/01/17 23:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/29 17:09:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/10/29 17:19:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009/10/29 17:19:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/05/04 11:59:05 | 000,393,182 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13576 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes [2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe [2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys [2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll [2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll [2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll [2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe [2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll [2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe [2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll [2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll [2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll [2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll [2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll [2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe [2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll [2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll [2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll [2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll [2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll [2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll [2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll [2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe [2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll [2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll [2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe [2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll [2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe [2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll [2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll [2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll [2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll [2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll [2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll [2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll [2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll [2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll [2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll [2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll [2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll [2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll [2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll [2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll [2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll [2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll [2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll [2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll [2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll [2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll [2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll [2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll [2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll [2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe [2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll [2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe [2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll [2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe [2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll [2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll [2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll [2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll [2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll [2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll [2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll [2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe [2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll [2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll [2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll [2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll [2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll [2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll [2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll [2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll [2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll [2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe [2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll [2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe [2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll [2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll [2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll [2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll [2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll [2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll [2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll [2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll [2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll [2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe [2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll [2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll [2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe [2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll [2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll [2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL [2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll [2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll [2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll [2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll [2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll [2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL [2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll [2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll [2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe [2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll [2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll [2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll [2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll [2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll [2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll [2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL [2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll [2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll [2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll [2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll [2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll [2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll [2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll [2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe [2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys [2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll [2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll [2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll [2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll [2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe [2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe [2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll [2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe [2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll [2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe [2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll [2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll [2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll [2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll [2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL [2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe [2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll [2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll [2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll [2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe [2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll [2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll [2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll [2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll [2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll [2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll [2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe [2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll [2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys [2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll [2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll [2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl [2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll [2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll [2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax [2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL [2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll [2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll [2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe [2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll [2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll [2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll [2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll [2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys [2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe [2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll [2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll [2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll [2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll [2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll [2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll [2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll [2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll [2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll [2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll [2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll [2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll [2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe [2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys [2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll [2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll [2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll [2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll [2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll [2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll [2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll [2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll [2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr [2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe [2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL [2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll [2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll [2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll [2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll [2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll [2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll [2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll [2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll [2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll [2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll [2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll [2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll [2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll [2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll [2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll [2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll [2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll [2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe [2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll [2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll [2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl [2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll [2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL [2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe [2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys [2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll [2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll [2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll [2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe [2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll [2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll [2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll [2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll [2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll [2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll [2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx [2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe [2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll [2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe [2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll [2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll [2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll [2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll [2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll [2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll [2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll [2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl [2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl [2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll [2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll [2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll [2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll [2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl [2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll [2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe [2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll [2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll [2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe [2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll [2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll [2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll [2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll [2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll [2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll [2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll [2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll [2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax [2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys [2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe [2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll [2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll [2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll [2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll [2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll [2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll [2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll [2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe [2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe [2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe [2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll [2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax [2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll [2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll [2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll [2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe [2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll [2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL [2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll [2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll [2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll [2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll [2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe [2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll [2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll [2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll [2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll [2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll [2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp [2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe [2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll [2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll [2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll [2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe [2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll [2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe [2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll [2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll [2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe [2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll [2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll [2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr [2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll [2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll [2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll [2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll [2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll [2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll [2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll [2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe [2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe [2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll [2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll [2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll [2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll [2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll [2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe [2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe [2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll [2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe [2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe [2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll [2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll [2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll [2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll [2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll [2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll [2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll [2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe [2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll [2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL [2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll [2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe [2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe [2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL [2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll [2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll [2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr [2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll [2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll [2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll [2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll [2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe [2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll [2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys [2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll [2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe [2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll [2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe [2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll [2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll [2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll [2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll [2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll [2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll [2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL [2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL [2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll [2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll [2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe [2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll [2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr [2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr [2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll [2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll [2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll [2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll [2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll [2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax [2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl [2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe [2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll [2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll [2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax [2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL [2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll [2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll [2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax [2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe [2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll [2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe [2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax [2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe [2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll [2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe [2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe [2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll [2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll [2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll [2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll [2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll [2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll [2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe [2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll [2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll [2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe [2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax [2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL [2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe [2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll [2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll [2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll [2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL [2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll [2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll [2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe [2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe [2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl [2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll [2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll [2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll [2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll [2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll [2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll [2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe [2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll [2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll [2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll [2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll [2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll [2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll [2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe [2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll [2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll [2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe [2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe [2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll [2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll [2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME [2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll [2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe [2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe [2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll [2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll [2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll [2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll [2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe [2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax [2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll [2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe [2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll [2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe [2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe [2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll [2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll [2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe [2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax [2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe [2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll [2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax [2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll [2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll [2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe [2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax [2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll [2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll [2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys [2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe [2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll [2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll [2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll [2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll [2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll [2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll [2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll [2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll [2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll [2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll [2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll [2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll [2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll [2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime [2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll [2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll [2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll [2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll [2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll [2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll [2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll [2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll [2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll [2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll [2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys [2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL [2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll [2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll [2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL [2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL [2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL [2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll [2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll [2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll [2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL [2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll [2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll [2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll [2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll [2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe [2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll [2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll [2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll [2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe [2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe [2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe [2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll [2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll [2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ========== Files - Modified Within 30 Days ========== [2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys [2011/04/19 05:43:05 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job [2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/18 23:57:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/04/18 23:56:58 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat [2011/04/18 22:43:03 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job [2011/04/18 21:37:34 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe [2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics [2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll ========== Files Created - No Company Name ========== [2011/04/19 06:22:31 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\bljcgx.sys [2011/04/18 21:37:18 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe [2011/04/18 20:50:22 | 000,000,120 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\Thobu.dat [2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd [2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml [2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml [2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe [2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat [2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini [2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys [2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI [2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini [2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll [2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe [2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe [2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2011/04/18 23:59:40 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple [2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360 [2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech [2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite [2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0 [2011/04/16 22:24:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ [2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView [2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec [2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda [2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper [2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian [2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client [2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe [2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W [2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net [2011/01/02 18:42:18 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\XBMC [2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
19.04.2011, 20:29
| #7 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Es läuft bis auf ein einzige Ausnahme ganz gut und zwar, dass Firefox mich öfters auf andere Seiten schickt, welche ich gar nicht gesucht habe per Google. Sprich Google verlinkt mich sogesehen falsch auf andere Seiten... Geändert von Floppar (19.04.2011 um 20:49 Uhr) |
|
19.04.2011, 22:11
| #8 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart 1. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 2. Fixen mit OTL
Code:
ATTFilter :OTL
PRC - C:\Windows\System32\Rezip.exe ()
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
[2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (19.04.2011 um 22:17 Uhr) |
|
19.04.2011, 22:21
| #9 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartCode:
ATTFilter abgx360 v1.0.5 18.04.2011
Adobe AIR Adobe Systems Inc. 18.04.2011 1.1.0.5790
Adobe Dreamweaver CS4 Adobe Systems Incorporated 18.04.2011 826,7MB 10.0
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.04.2011 6,00MB 10.1.102.64
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.04.2011 6,00MB 10.2.153.1
Adobe Media Player Adobe Systems Incorporated 18.04.2011 1.1
Adobe Reader 9.4.3 - Deutsch Adobe Systems Incorporated 06.04.2011 185,1MB 9.4.3
Apple Application Support Apple Inc. 10.01.2011 52,7MB 1.4.1
Apple Mobile Device Support Apple Inc. 10.01.2011 21,7MB 3.3.0.69
Apple Software Update Apple Inc. 08.11.2009 2,16MB 2.1.1.116
Atheros Client Installation Program Atheros 04.07.2010 7.0
ATI Catalyst Install Manager ATI Technologies, Inc. 06.10.2009 13,8MB 3.0.741.0
Avira AntiVir Personal - Free Antivirus Avira GmbH 18.04.2011 59,8MB 10.0.0.635
Bonjour Apple Inc. 17.10.2010 0,96MB 2.0.3.0
Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 18.04.2011 3.0.8619.1
CCleaner Piriform 18.04.2011 2.32
ChargeableUSB SAMSUNG 06.10.2009 1.0.0.0
DivX Converter DivX, Inc. 18.04.2011 7.1.0
DivX Plus DirectShow Filters DivX, Inc. 18.04.2011
DivX-Setup DivX, Inc. 18.04.2011 1.0.2.22
Easy Display Manager Samsung Electronics Co., Ltd. 06.10.2009 3.0
ffdshow v1.1.3562 [2010-09-07] 01.01.2011 16,8MB 1.1.3562.0
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 03.04.2011 36,0MB
HijackThis 2.0.2 TrendMicro 18.04.2011 2.0.2
ICQ7.2 ICQ 07.08.2010 7.2
ImgBurn LIGHTNING UK! 12.01.2011 2.5.5.0
Intel® Matrix Storage Manager Intel Corporation 18.04.2011
IrfanView (remove only) 18.04.2011
iTunes Apple Inc. 10.01.2011 144,8MB 10.1.1.4
Java DB 10.6.2.1 Oracle 18.04.2011 29,9MB 10.6.2.1
Java(TM) 6 Update 24 Oracle 18.04.2011 96,9MB 6.0.240
Java(TM) SE Development Kit 6 Update 24 Oracle 18.04.2011 151,6MB 1.6.0.240
JDownloader AppWork UG (haftungsbeschränkt) 18.04.2011 0.89
K-Lite Codec Pack 4.4.5 (Full) 28.10.2009 4.4.5
LSI HDA Modem LSI Corporation 18.04.2011 16,00KB 2.2.97
Malwarebytes' Anti-Malware Malwarebytes Corporation 17.04.2011 10,5MB
Marvell Miniport Driver Marvell 18.04.2011 10.70.3.3
Microsoft .NET Framework 1.1 18.04.2011
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.04.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 18.04.2011 52,0MB 4.0.30319
Microsoft Office Outlook Connector Microsoft Corporation 29.09.2010 3,36MB 14.0.5118.5000
Microsoft Office Professional Plus 2010 Microsoft Corporation 18.04.2011 14.0.4763.1000
Microsoft Silverlight Microsoft Corporation 20.02.2011 142,6MB 4.0.60129.0
Microsoft SQL Server 2005 Microsoft Corporation 18.04.2011
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.10.2009 1,72MB 3.1.0000
Microsoft SQL Server Native Client Microsoft Corporation 14.02.2011 2,63MB 9.00.5000.00
Microsoft SQL Server VSS Writer Microsoft Corporation 14.02.2011 0,68MB 9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.10.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03.11.2010 2,38MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.10.2009 0,20MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 27.10.2010 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.10.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.03.2010 0,58MB 9.0.30729.4148
Mozilla Firefox (3.6.16) Mozilla 18.04.2011 3.6.16 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.10.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,33MB 4.20.9876.0
Nero Lite 9.4.13.2 Build.1.0 Scheccia 18.04.2011 1.0
NVIDIA PhysX NVIDIA Corporation 27.10.2010 73,2MB 9.10.0513
Pidgin 18.04.2011 2.7.5
QuickTime Apple Inc. 10.01.2011 73,7MB 7.69.80.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.08.2010 6.0.1.5948
REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 06.10.2009 1.01.0088
Samsung Recovery Solution 4 Samsung 06.10.2009 4.0.0.3
Samsung Support Center Samsung 06.10.2009 40,8MB 1.0.1
Samsung Update Plus Samsung Electronics Co., Ltd. 06.10.2009 2.0
Spybot - Search & Destroy Safer Networking Limited 03.05.2010 1.6.2
Steam Valve Corporation 27.06.2010 1,49MB 1.0.0.0
SUPERAntiSpyware Free Edition SUPERAntiSpyware.com 03.05.2010 31,8MB 4.36.0.1006
Synaptics Pointing Device Driver Synaptics Incorporated 18.04.2011 15.0.10.0
Uninstall 1.0.0.1 03.04.2011 10,9MB
Unity Web Player Unity Technologies ApS 14.01.2010 12,0MB 2.6.1f3_31223
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 14.02.2011 36,3MB 9.00.5000.00
VLC media player 1.1.8 VideoLAN 18.04.2011 1.1.8
Winamp Nullsoft, Inc 18.04.2011 5.61
Winamp Erkennungs-Plug-in Nullsoft, Inc 15.04.2011 75,00KB 1.0.0.1
Windows Live Anmelde-Assistent Microsoft Corporation 28.10.2009 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 18.04.2011 14.0.8117.0416
Windows Live Sync Microsoft Corporation 25.06.2010 2,79MB 14.0.8117.416
Windows Live-Uploadtool Microsoft Corporation 28.10.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 06.11.2009 0,29MB 1.0.0.8
WinRAR 18.04.2011
Code:
ATTFilter All processes killed
========== OTL ==========
Process Rezip.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
File C:\windows\System32\drivers\bljcgx.sys not found.
C:\Users\Fireball\AppData\Local\Thobu.dat moved successfully.
C:\Users\Fireball\AppData\Roaming\lowsec folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fireball
->Temp folder emptied: 36189 bytes
->Temporary Internet Files folder emptied: 10183806 bytes
->Java cache emptied: 2858744 bytes
->FireFox cache emptied: 70383680 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8652 bytes
User: Mcx1-FIREBALL-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 69276 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1765032 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 81.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04192011_232227
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
20.04.2011, 08:55
| #10 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Und ich hab jetzt öfters auch noch diesen Skriptfehler mit der URL"hxxp://www2a.glam.com/mobile/detect.act?affiliateId=38198522" |
|
20.04.2011, 09:57
| #11 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Zu Punkt 1. und 2.: Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an! dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten. ► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum ► Autorun-Funktion - was ist das? 1. Malware-Scan mit Emsisoft Anti-Malware 5.0 Ohne Hintergrundwächter durchsucht Emsisoft Anti-Malware 5.0 den Computer auf Befall von Trojanern, Spyware, Adware, Würmern, Keyloggern, Rootkits, Dialern und anderen schädlichen Programmen. Das Programm ist geeignet für für Windows 98, ME, 2000, XP, 2003 Server und Vista.
2. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (20.04.2011 um 10:03 Uhr) |
|
20.04.2011, 12:28
| #12 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=18b20326dc4b98458ebb8b4c712697ec
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-20 11:25:42
# local_time=2011-04-20 01:25:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 30318252 30318252 0 0
# compatibility_mode=1797 16775165 100 94 137408 39827277 130586 0
# compatibility_mode=5893 16776574 100 94 128685 54921612 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=159926
# found=0
# cleaned=0
# scan_time=8321
Code:
ATTFilter Emsisoft Anti-Malware - Version 5.1
Letztes Update: 4/20/2011 11:11:45 AM
Scan Einstellungen:
Scan Methode: N/A
Objekte: Speicher, Traces, Cookies, C:\, D:\
Archiv Scan: Aus
Heuristik: Aus
ADS Scan: An
Scan Beginn: 4/20/2011 1:27:44 PM
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe gefunden: Gen.Variant.Buzy!IK
Gescannt
Dateien: 164229
Traces: 624765
Cookies: 2
Prozesse: 52
Gefunden
Dateien: 1
Traces: 0
Cookies: 0
Prozesse: 0
Registry Keys: 0
Scan Ende: 4/20/2011 2:59:32 PM
Scan Zeit: 1:31:48
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe Quarantäne Gen.Variant.Buzy!IK
Quarantäne
Dateien: 1
Traces: 0
Cookies: 0
|
|
20.04.2011, 21:44
| #13 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart 1. gehe bitte mal auf Dienste, ob der Service "Rezip" deaktiviert ist?:
2. kannst auch gleich auf deaktiviert setzen: Code:
ATTFilter Apple Mobile Device - Apple Inc.
Dienst "Bonjour" (Bonjour Service)
iPod-Dienst (iPod Service)
3. Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein! 4. poste erneut eun neues OTL-Log
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (20.04.2011 um 21:50 Uhr) |
|
20.04.2011, 21:58
| #14 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Hab die Dienste deaktiviert und die Wiederherstellung deaktiviert und wieder aktiviert OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/20/2011 10:53:53 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files\Winamp\Elevator.exe (Nullsoft, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (a2acc) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsi Software GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 22:19:34 | 000,000,000 | ---D | M] [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/04/20 22:32:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com [2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml [2011/04/19 22:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/04/19 22:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/04/19 23:22:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fireball\Documents\Anti-Malware [2011/04/20 08:29:50 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Local\AOL [2011/04/19 22:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/04/19 22:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/04/19 22:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sun [2011/04/19 22:19:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/04/19 22:19:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes [2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe [2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys [2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll [2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll [2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll [2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe [2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll [2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe [2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll [2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll [2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll [2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll [2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll [2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe [2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll [2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll [2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll [2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll [2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll [2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll [2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll [2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe [2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll [2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll [2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe [2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll [2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe [2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll [2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll [2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll [2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll [2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll [2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll [2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll [2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll [2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll [2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll [2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll [2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll [2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll [2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll [2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll [2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll [2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll [2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll [2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll [2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll [2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll [2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll [2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll [2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll [2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe [2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll [2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe [2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll [2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe [2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll [2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll [2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll [2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll [2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll [2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll [2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll [2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe [2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll [2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll [2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll [2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll [2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll [2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll [2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll [2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll [2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll [2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe [2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll [2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe [2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll [2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll [2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll [2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll [2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll [2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll [2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll [2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll [2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll [2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe [2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll [2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll [2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe [2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll [2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll [2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL [2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll [2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll [2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll [2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll [2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll [2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL [2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll [2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll [2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe [2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll [2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll [2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll [2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll [2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll [2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll [2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL [2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll [2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll [2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll [2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll [2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll [2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll [2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll [2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe [2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys [2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll [2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll [2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll [2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll [2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe [2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe [2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll [2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe [2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll [2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe [2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll [2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll [2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll [2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll [2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL [2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe [2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll [2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll [2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll [2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe [2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll [2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll [2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll [2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll [2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll [2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll [2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe [2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll [2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys [2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll [2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll [2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl [2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll [2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll [2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax [2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL [2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll [2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll [2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe [2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll [2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll [2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll [2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll [2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys [2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe [2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll [2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll [2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll [2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll [2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll [2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll [2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll [2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll [2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll [2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll [2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll [2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll [2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe [2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys [2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll [2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll [2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll [2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll [2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll [2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll [2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll [2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll [2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr [2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe [2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL [2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll [2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll [2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll [2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll [2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll [2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll [2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll [2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll [2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll [2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll [2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll [2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll [2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll [2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll [2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll [2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll [2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll [2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe [2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll [2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll [2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl [2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll [2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL [2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe [2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys [2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll [2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll [2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll [2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe [2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll [2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll [2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll [2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll [2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll [2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll [2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx [2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe [2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll [2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe [2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll [2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll [2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll [2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll [2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll [2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll [2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll [2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl [2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl [2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll [2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll [2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll [2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll [2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl [2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll [2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe [2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll [2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll [2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe [2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll [2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll [2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll [2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll [2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll [2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll [2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll [2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll [2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax [2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys [2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe [2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll [2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll [2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll [2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll [2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll [2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll [2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll [2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe [2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe [2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe [2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll [2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax [2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll [2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll [2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll [2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe [2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll [2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL [2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll [2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll [2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll [2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll [2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe [2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll [2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll [2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll [2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll [2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll [2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp [2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe [2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll [2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll [2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll [2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe [2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll [2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe [2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll [2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll [2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe [2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll [2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll [2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr [2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll [2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll [2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll [2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll [2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll [2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll [2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll [2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe [2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe [2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll [2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll [2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll [2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll [2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll [2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe [2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe [2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll [2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe [2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe [2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll [2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll [2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll [2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll [2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll [2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll [2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll [2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe [2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll [2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL [2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll [2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe [2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe [2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL [2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll [2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll [2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr [2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll [2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll [2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll [2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll [2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe [2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll [2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys [2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll [2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe [2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll [2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe [2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll [2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll [2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll [2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll [2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll [2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll [2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL [2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL [2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll [2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll [2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe [2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll [2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr [2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr [2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll [2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll [2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll [2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll [2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll [2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax [2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl [2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe [2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll [2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll [2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax [2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL [2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll [2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll [2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax [2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe [2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll [2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe [2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax [2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe [2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll [2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe [2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe [2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll [2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll [2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll [2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll [2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll [2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll [2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe [2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll [2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll [2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe [2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax [2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL [2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe [2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll [2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll [2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll [2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL [2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll [2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll [2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe [2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe [2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl [2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll [2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll [2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll [2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll [2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll [2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll [2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe [2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll [2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll [2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll [2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll [2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll [2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll [2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe [2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll [2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll [2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe [2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe [2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll [2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll [2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME [2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll [2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe [2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe [2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll [2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll [2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll [2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll [2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe [2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax [2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll [2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe [2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll [2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe [2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe [2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll [2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll [2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe [2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax [2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe [2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll [2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax [2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll [2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll [2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe [2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax [2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll [2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll [2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys [2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe [2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll [2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll [2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll [2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll [2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll [2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll [2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll [2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll [2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll [2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll [2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll [2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll [2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll [2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime [2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll [2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll [2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll [2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll [2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll [2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll [2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll [2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll [2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll [2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll [2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys [2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL [2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll [2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll [2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL [2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL [2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL [2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll [2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll [2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll [2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL [2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll [2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll [2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll [2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll [2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe [2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll [2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll [2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll [2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe [2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe [2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe [2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll [2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll [2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ========== Files - Modified Within 30 Days ========== [2011/04/20 22:43:01 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job [2011/04/20 22:43:00 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job [2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/20 22:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/04/20 22:20:38 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011/04/19 23:22:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts [2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/04/19 22:19:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics [2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll ========== Files Created - No Company Name ========== [2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd [2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml [2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml [2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe [2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat [2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini [2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys [2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI [2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini [2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll [2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe [2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe [2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2011/04/20 22:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple [2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360 [2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech [2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite [2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0 [2011/04/20 08:30:57 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ [2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn [2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView [2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda [2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper [2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian [2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client [2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe [2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W [2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net [2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/20/2011 10:53:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2231
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2231
Error - 4/20/2011 9:59:12 AM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x1414 Startzeit der fehlerhaften Anwendung: 0x01cbff609836e47b Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
5e7471cc-6b56-11e0-baa1-00245412e07c
Error - 4/20/2011 2:28:07 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 2:28:31 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/20/2011 2:30:25 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 2:30:26 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 4:40:10 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x13fc Startzeit der fehlerhaften Anwendung: 0x01cbff9adf75145f Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
623cd1d2-6b8e-11e0-9b09-00245412e07c
Error - 4/20/2011 4:53:40 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0x01cbff9b23e1a53a Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
44d4916b-6b90-11e0-9b09-00245412e07c
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung. 11:03:50
- Serververbindung konnte nicht hergestellt werden..
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung. 11:03:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 4/19/2011 4:22:16 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 4/19/2011 5:23:27 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/19/2011 5:24:15 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/20/2011 2:13:11 AM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/20/2011 2:14:39 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/20/2011 5:04:40 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 4/20/2011 4:20:48 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/20/2011 4:21:11 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
20.04.2011, 23:03
| #15 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart OTL mit neue Skript ausführen, genauso wie hier beschrieben (unter Punkt 2.):-> http://www.trojaner-board.de/97667-t...tml#post642948 Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
:Commands
[emptytemp]
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart |
| aktion, antivir, appdata, autostart, datei, desktop, guten, heute, infos, komische, laptop, malwarebytes, meldung, namen, programm, sache, sachen, spinnt, temp, total, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, unerwünschtes programm, virus |
.
Linear-Darstellung
