| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Windowsblockierung nach Anschluss mit InternetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.08.2012, 13:29
| #1 |
 |  GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Hallo, ich bin neu hier und habe auch gleich folgendes Problem: Wenn ich meinen PC an das Internet anschließe und Firefox öffne, wird mein PC (Win XP) blockiert von einem GVU-Trojaner. Nach dem Hochfahren ist noch alles ok. hxxp://img.trojaner-board.de/GVU-Trojaner-Webcam.png einen Screenshot von dem Programm hab ich hier im Forum schon gefunden. Kann mir da bitte jemand dabei helfen, das Ding wieder von meinem PC zu löschen?? der erste Schritt ist ein OTL Log ja? Danke schon mal. Kia |
|
21.08.2012, 13:55
| #2 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Ich hab jetzt auch noch den OTL Scan gemacht und kopier das mal hier rein. Das Malwarebytes hab ich jetzt zwar installiert und gestartet, aber da stand, die Dateien wären vor 49Tagen das letzte mal aktualisiert worden.. ich trau mich mit dem anderen PC aber im Moment nicht ins Netz >,< - vielleicht hilfts ja trotzdem. Tschuldigung dass die Logs so lang sind :-(OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 21.08.2012 14:33:31 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Dokumente und Einstellungen\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 407,97 Mb Available Physical Memory | 39,86% Memory free 2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,45% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 134,64 Gb Free Space | 57,82% Space Free | Partition Type: NTFS Drive K: | 961,73 Mb Total Space | 961,16 Mb Free Space | 99,94% Space Free | Partition Type: FAT Computer Name: USER-DCCBA9E46B | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (All) ========== PRC - [2012.08.21 13:08:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe PRC - [2012.07.30 09:56:06 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.07.13 13:33:24 | 017,418,928 | R--- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Phone\Skype.exe PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe PRC - [2011.09.20 14:24:07 | 000,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\QuickTime\qttask.exe PRC - [2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2010.02.11 18:54:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jqs.exe PRC - [2010.01.19 19:46:30 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.15 17:19:14 | 002,465,792 | ---- | M] (SEC) -- C:\Programme\MagicTune Premium\MagicTune.exe PRC - [2009.12.04 04:05:20 | 001,531,904 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe PRC - [2009.08.22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Programme\Rainlendar2\Rainlendar2.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008.04.14 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2007.11.06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe PRC - [2007.09.28 10:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe PRC - [2007.08.23 15:05:00 | 000,045,056 | ---- | M] () -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe PRC - [2007.07.17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2007.01.15 16:18:00 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe PRC - [2001.05.10 14:33:53 | 000,096,768 | ---- | M] (Ingo Heeskens) -- C:\Programme\WinEject\WinEject.exe PRC - [1999.12.12 19:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE ========== Modules (All) ========== MOD - [2012.08.21 13:08:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe MOD - [2012.08.21 12:45:09 | 000,117,248 | ---- | M] (TamoSoft) -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\install_0_msi.exe MOD - [2012.08.13 14:09:21 | 000,459,129 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aescript.dll MOD - [2012.08.13 14:09:21 | 000,086,387 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aeexp.dll MOD - [2012.08.13 14:09:20 | 000,811,381 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aepack.dll MOD - [2012.08.13 14:09:19 | 000,201,083 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aeoffice.dll MOD - [2012.08.13 14:09:18 | 005,165,429 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aeheur.dll MOD - [2012.08.13 14:09:15 | 000,434,548 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aegen.dll MOD - [2012.08.13 14:09:15 | 000,201,078 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aecore.dll MOD - [2012.07.30 09:56:12 | 000,056,936 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\Settings.dll MOD - [2012.07.30 09:56:10 | 000,393,320 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\NotifyIcon.dll MOD - [2012.07.30 09:56:08 | 000,380,520 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\About.dll MOD - [2012.07.30 09:56:08 | 000,046,696 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\Language.dll MOD - [2012.07.30 09:56:06 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe MOD - [2012.07.13 17:58:05 | 000,102,772 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aevdf.dll MOD - [2012.07.13 17:57:20 | 000,393,587 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aeemu.dll MOD - [2012.07.13 13:33:24 | 017,418,928 | R--- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Phone\Skype.exe MOD - [2012.07.06 15:59:07 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2012.07.06 15:59:07 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browser.dll MOD - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe MOD - [2012.07.02 23:09:28 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll MOD - [2012.07.02 19:39:30 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2012.07.02 19:39:30 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2012.07.02 19:39:30 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\xpshims.dll MOD - [2012.07.02 19:39:29 | 006,008,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mshtml.dll MOD - [2012.07.02 19:39:28 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeeds.dll MOD - [2012.07.02 19:39:28 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\jsproxy.dll MOD - [2012.07.02 19:39:27 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2012.07.02 19:39:26 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2012.06.30 08:46:24 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\WINDOWS\system32\pdfcmon.dll MOD - [2012.06.28 18:47:44 | 000,258,422 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aehelp.dll MOD - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe MOD - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe MOD - [2012.06.26 18:48:05 | 000,606,578 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aesbx.dll MOD - [2012.06.08 16:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2012.06.05 17:49:29 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll MOD - [2012.06.04 06:32:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll MOD - [2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuaueng.dll MOD - [2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2012.05.14 11:22:37 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\localspl.dll MOD - [2012.02.29 16:09:48 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wintrust.dll MOD - [2012.02.29 16:09:48 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imagehlp.dll MOD - [2012.02.09 17:43:27 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll MOD - [2012.01.27 16:57:15 | 000,131,444 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\aescn.dll MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Programme\Free Download Manager\fdmbtsupp.dll MOD - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe MOD - [2011.12.28 12:49:30 | 000,584,192 | ---- | M] ( ) -- C:\Programme\Free Download Manager\flvsniff.dll MOD - [2011.12.28 12:49:14 | 000,086,528 | ---- | M] () -- C:\Programme\Free Download Manager\fdmumsp.dll MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Programme\Free Download Manager\iefdm2.dll MOD - [2011.12.25 03:50:24 | 005,913,360 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MOD - [2011.11.16 16:21:44 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winhttp.dll MOD - [2011.11.03 17:28:30 | 001,297,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\quartz.dll MOD - [2011.11.01 18:07:05 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2011.10.14 16:47:27 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmm.dll MOD - [2011.10.10 16:22:46 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetcomm.dll MOD - [2011.09.26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleacc.dll MOD - [2011.09.20 14:24:07 | 000,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\QuickTime\qttask.exe MOD - [2011.09.19 16:20:40 | 000,639,348 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aerdl.dll MOD - [2011.06.11 02:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\PDF24\msvcr100.dll MOD - [2011.06.11 02:58:52 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\PDF24\msvcp100.dll MOD - [2011.06.09 15:53:36 | 000,020,569 | ---- | M] (Microsoft Corporation) -- C:\Programme\Free Download Manager\detoured.dll MOD - [2011.05.14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MOD - [2011.05.14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll MOD - [2011.05.13 20:04:20 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll MOD - [2011.05.13 19:45:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll MOD - [2011.04.18 22:51:18 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll MOD - [2011.04.18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll MOD - [2011.04.18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll MOD - [2011.04.18 22:51:14 | 000,063,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll MOD - [2011.03.04 08:36:21 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\jscript.dll MOD - [2011.03.03 08:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2011.02.08 15:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2011.02.08 15:33:28 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42u.dll MOD - [2010.12.22 14:34:16 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll MOD - [2010.12.20 19:32:10 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010.12.20 19:25:50 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsasrv.dll MOD - [2010.12.09 17:15:07 | 000,743,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010.11.09 16:51:40 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll MOD - [2010.08.27 07:57:36 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srvsvc.dll MOD - [2010.08.23 18:11:49 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comctl32.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe MOD - [2010.08.16 10:44:05 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010.04.23 18:53:49 | 000,053,618 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\aebb.dll MOD - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe MOD - [2010.04.16 23:12:28 | 000,378,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msgslang.14.0.8117.0416.dll MOD - [2010.04.16 23:12:18 | 011,379,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msgsres.dll MOD - [2010.04.16 23:12:18 | 002,390,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\uxcore.dll MOD - [2010.04.16 23:12:18 | 000,541,008 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\uxcontacts.dll MOD - [2010.04.16 23:12:18 | 000,441,168 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msgswcam.dll MOD - [2010.04.16 23:12:18 | 000,436,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\vvpltfrm.dll MOD - [2010.04.16 23:12:18 | 000,423,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\PresenceIM.dll MOD - [2010.04.16 23:12:18 | 000,103,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\uxcalendar.dll MOD - [2010.04.16 23:12:18 | 000,048,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\wldcore.dll MOD - [2010.04.16 23:12:18 | 000,048,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sirenacm.dll MOD - [2010.04.16 23:12:18 | 000,031,568 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\wldlog.dll MOD - [2010.04.16 23:12:12 | 000,553,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\livetransport.dll MOD - [2010.04.16 23:12:12 | 000,224,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\liveNatTrav.dll MOD - [2010.04.16 21:00:38 | 000,144,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\sqmapi.dll MOD - [2010.04.16 20:56:32 | 006,155,528 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\rtmpltfm.dll MOD - [2010.04.16 20:56:32 | 004,751,112 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\uccapi.dll MOD - [2010.04.16 17:36:58 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usp10.dll MOD - [2010.04.06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVCore.dll MOD - [2010.04.01 11:18:00 | 002,217,280 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\Engine.dll MOD - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe MOD - [2010.04.01 11:16:02 | 000,419,136 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLiteUI.dll MOD - [2010.04.01 11:15:56 | 001,234,240 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTCommonRes.dll MOD - [2010.02.11 18:54:09 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Java\jre6\bin\msvcr71.dll MOD - [2010.02.11 18:54:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jqs.exe MOD - [2010.01.19 19:46:30 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE MOD - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe MOD - [2009.12.21 19:35:52 | 000,378,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2009.12.15 17:19:14 | 002,465,792 | ---- | M] (SEC) -- C:\Programme\MagicTune Premium\MagicTune.exe MOD - [2009.12.15 08:15:56 | 000,040,960 | ---- | M] () -- C:\Programme\MagicTune Premium\DProfile.dll MOD - [2009.12.15 08:15:56 | 000,032,768 | ---- | M] () -- C:\Programme\MagicTune Premium\HzZone.dll MOD - [2009.12.15 08:15:54 | 000,045,056 | ---- | M] () -- C:\Programme\MagicTune Premium\VESADll.dll MOD - [2009.12.15 08:15:54 | 000,040,960 | ---- | M] () -- C:\Programme\MagicTune Premium\EProfile.dll MOD - [2009.12.15 08:15:52 | 000,045,056 | ---- | M] () -- C:\Programme\MagicTune Premium\IProfile.dll MOD - [2009.12.15 08:15:52 | 000,040,960 | ---- | M] () -- C:\Programme\MagicTune Premium\DeviceInterface.dll MOD - [2009.12.15 08:15:50 | 000,032,768 | ---- | M] () -- C:\Programme\MagicTune Premium\Highlight.dll MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.12.08 11:23:28 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009.12.04 04:05:20 | 001,531,904 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe MOD - [2009.11.25 16:28:02 | 000,077,824 | ---- | M] () -- C:\Programme\MagicTune Premium\MagicTuneCore.dll MOD - [2009.11.21 17:54:17 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll MOD - [2009.11.20 17:37:34 | 000,065,536 | ---- | M] () -- C:\Programme\MagicTune Premium\MTResGer.dll MOD - [2009.11.07 01:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netfxperf.dll MOD - [2009.11.07 01:07:04 | 000,297,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscoree.dll MOD - [2009.11.04 11:14:08 | 001,168,216 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\advcheck.dll MOD - [2009.11.02 01:28:24 | 000,295,472 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools Lite\imgengine.dll MOD - [2009.10.13 12:32:34 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oakley.dll MOD - [2009.10.12 15:38:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastls.dll MOD - [2009.10.12 15:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\raschap.dll MOD - [2009.09.30 12:40:02 | 001,141,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msidcrl40.dll MOD - [2009.09.22 18:29:54 | 000,021,504 | ---- | M] (eMPIA Technology, Inc.) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\BDADLL.dll MOD - [2009.09.16 15:46:16 | 000,065,536 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL MOD - [2009.09.11 16:17:01 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll MOD - [2009.09.04 23:03:28 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2009.08.26 16:13:59 | 000,044,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avpref.dll MOD - [2009.08.22 12:32:50 | 000,724,992 | ---- | M] () -- C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2009.08.22 12:31:06 | 005,148,672 | ---- | M] () -- C:\Programme\Rainlendar2\Rainlendar2.exe MOD - [2009.07.28 01:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shsvcs.dll MOD - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe MOD - [2009.07.21 01:17:44 | 001,348,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml4.dll MOD - [2009.07.17 21:01:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2009.07.17 18:15:43 | 001,441,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\query.dll MOD - [2009.07.02 16:06:40 | 000,373,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll MOD - [2009.06.25 10:25:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009.06.25 10:25:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll MOD - [2009.06.10 08:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wkssvc.dll MOD - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe MOD - [2009.05.11 10:08:36 | 000,071,937 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgio.dll MOD - [2009.04.16 13:57:36 | 000,597,504 | ---- | M] (STLport Consulting, Inc.) -- C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll MOD - [2009.03.30 10:28:30 | 000,028,929 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgenrc.dll MOD - [2009.03.30 10:28:08 | 000,449,793 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgen.dll MOD - [2009.03.24 14:58:55 | 000,022,273 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccgrdrc.dll MOD - [2009.03.21 16:06:58 | 001,063,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009.03.10 23:18:02 | 000,265,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaLogon.dll MOD - [2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe MOD - [2009.03.08 05:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll MOD - [2009.03.08 05:31:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imgutil.dll MOD - [2009.03.08 05:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pngfilt.dll MOD - [2009.03.08 05:22:46 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieui.dll MOD - [2009.03.08 05:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msls31.dll MOD - [2009.03.06 16:19:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pdh.dll MOD - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe MOD - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 06:56:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe MOD - [2009.02.09 12:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll MOD - [2009.02.09 12:51:44 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll MOD - [2009.02.09 12:51:42 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvsd.dll MOD - [2009.02.02 09:21:28 | 000,028,417 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\smtplib.dll MOD - [2009.02.02 09:20:15 | 000,167,681 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdate.dll MOD - [2009.02.02 09:15:21 | 000,226,049 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccguard.dll MOD - [2009.01.30 11:58:25 | 000,211,713 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\cclib.dll MOD - [2009.01.30 11:56:26 | 000,173,825 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccmsg.dll MOD - [2009.01.30 11:44:08 | 000,057,089 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclic.dll MOD - [2009.01.30 11:37:04 | 000,167,169 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avevtlog.dll MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.01.26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\SDHelper.dll MOD - [2009.01.22 09:01:25 | 000,014,081 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\ccupdrc.dll MOD - [2009.01.07 19:21:04 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xmllite.dll MOD - [2009.01.07 19:20:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2008.12.15 15:17:19 | 000,033,537 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardmsg.dll MOD - [2008.11.18 15:36:00 | 000,007,937 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\schedr.dll MOD - [2008.11.11 12:58:47 | 000,062,209 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avipc.dll MOD - [2008.11.10 13:06:32 | 000,005,377 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\cclicrc.dll MOD - [2008.11.07 22:00:46 | 000,009,216 | ---- | M] () -- C:\Programme\Rainlendar2\lfs.dll MOD - [2008.11.07 21:59:08 | 000,131,072 | ---- | M] () -- C:\Programme\Rainlendar2\lua51.dll MOD - [2008.11.07 21:57:56 | 000,204,800 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Programme\Rainlendar2\libcurl.dll MOD - [2008.11.07 21:49:00 | 000,196,608 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Programme\Rainlendar2\ssleay32.dll MOD - [2008.11.07 21:48:44 | 001,011,712 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Programme\Rainlendar2\libeay32.dll MOD - [2008.10.23 14:36:55 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008.09.09 18:35:10 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Rainlendar2\msvcp71.dll MOD - [2008.09.09 18:35:10 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Rainlendar2\msvcr71.dll MOD - [2008.08.28 09:46:03 | 000,104,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32spl.dll MOD - [2008.07.25 12:17:02 | 000,088,584 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll MOD - [2008.07.25 12:17:00 | 000,089,608 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll MOD - [2008.07.25 12:16:40 | 000,033,800 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll MOD - [2008.07.07 22:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\es.dll MOD - [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll MOD - [2008.06.24 18:42:48 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mscms.dll MOD - [2008.06.20 18:02:46 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2008.06.12 19:50:48 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcprx.dll MOD - [2008.06.12 16:20:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtcuiu.dll MOD - [2008.06.12 16:20:47 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mtxclu.dll MOD - [2008.04.14 14:00:00 | 002,981,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll MOD - [2008.04.14 14:00:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll MOD - [2008.04.14 14:00:00 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcGenral.dll MOD - [2008.04.14 14:00:00 | 001,722,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netshell.dll MOD - [2008.04.14 14:00:00 | 001,689,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3d9.dll MOD - [2008.04.14 14:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shdocvw.dll MOD - [2008.04.14 14:00:00 | 001,267,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comsvcs.dll MOD - [2008.04.14 14:00:00 | 001,094,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\esent.dll MOD - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe MOD - [2008.04.14 14:00:00 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browseui.dll MOD - [2008.04.14 14:00:00 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll MOD - [2008.04.14 14:00:00 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008.04.14 14:00:00 | 000,846,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008.04.14 14:00:00 | 000,824,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3dim700.dll MOD - [2008.04.14 14:00:00 | 000,736,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008.04.14 14:00:00 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll MOD - [2008.04.14 14:00:00 | 000,687,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasdlg.dll MOD - [2008.04.14 14:00:00 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netcfgx.dll MOD - [2008.04.14 14:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008.04.14 14:00:00 | 000,545,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hhctrl.ocx MOD - [2008.04.14 14:00:00 | 000,531,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcore.dll MOD - [2008.04.14 14:00:00 | 000,530,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptui.dll MOD - [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe MOD - [2008.04.14 14:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008.04.14 14:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsvc.dll MOD - [2008.04.14 14:00:00 | 000,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\riched20.dll MOD - [2008.04.14 14:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssapi.dll MOD - [2008.04.14 14:00:00 | 000,429,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samsrv.dll MOD - [2008.04.14 14:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2008.04.14 14:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgr.dll MOD - [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll MOD - [2008.04.14 14:00:00 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\themeui.dll MOD - [2008.04.14 14:00:00 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll MOD - [2008.04.14 14:00:00 | 000,348,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hnetcfg.dll MOD - [2008.04.14 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008.04.14 14:00:00 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\zipfldr.dll MOD - [2008.04.14 14:00:00 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscui.dll MOD - [2008.04.14 14:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiaservc.dll MOD - [2008.04.14 14:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipnathlp.dll MOD - [2008.04.14 14:00:00 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scesrv.dll MOD - [2008.04.14 14:00:00 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\duser.dll MOD - [2008.04.14 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2008.04.14 14:00:00 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv.dll MOD - [2008.04.14 14:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008.04.14 14:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll MOD - [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemess.dll MOD - [2008.04.14 14:00:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\h323.tsp MOD - [2008.04.14 14:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapisrv.dll MOD - [2008.04.14 14:00:00 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\esscli.dll MOD - [2008.04.14 14:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2008.04.14 14:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasapi32.dll MOD - [2008.04.14 14:00:00 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008.04.14 14:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll MOD - [2008.04.14 14:00:00 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasppp.dll MOD - [2008.04.14 14:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2008.04.14 14:00:00 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\unimdm.tsp MOD - [2008.04.14 14:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netman.dll MOD - [2008.04.14 14:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\certcli.dll MOD - [2008.04.14 14:00:00 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msutb.dll MOD - [2008.04.14 14:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schedsvc.dll MOD - [2008.04.14 14:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll MOD - [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll MOD - [2008.04.14 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasmans.dll MOD - [2008.04.14 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipsecsvc.dll MOD - [2008.04.14 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008.04.14 14:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapi32.dll MOD - [2008.04.14 14:00:00 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\repdrvfs.dll MOD - [2008.04.14 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll MOD - [2008.04.14 14:00:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008.04.14 14:00:00 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll MOD - [2008.04.14 14:00:00 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\credui.dll MOD - [2008.04.14 14:00:00 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSIMTF.dll MOD - [2008.04.14 14:00:00 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008.04.14 14:00:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2008.04.14 14:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmisvc.dll MOD - [2008.04.14 14:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\onex.dll MOD - [2008.04.14 14:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll MOD - [2008.04.14 14:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc_os.dll MOD - [2008.04.14 14:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dssenh.dll MOD - [2008.04.14 14:00:00 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\upnp.dll MOD - [2008.04.14 14:00:00 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dhcpcsvc.dll MOD - [2008.04.14 14:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll MOD - [2008.04.14 14:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappcfg.dll MOD - [2008.04.14 14:00:00 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2008.04.14 14:00:00 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umpnpmgr.dll MOD - [2008.04.14 14:00:00 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\stobject.dll MOD - [2008.04.14 14:00:00 | 000,119,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008.04.14 14:00:00 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstlsapi.dll MOD - [2008.04.14 14:00:00 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mapi32.dll MOD - [2008.04.14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008.04.14 14:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008.04.14 14:00:00 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msoert2.dll MOD - [2008.04.14 14:00:00 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cscdll.dll MOD - [2008.04.14 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll MOD - [2008.04.14 14:00:00 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winscard.dll MOD - [2008.04.14 14:00:00 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll MOD - [2008.04.14 14:00:00 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\loadperf.dll MOD - [2008.04.14 14:00:00 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psbase.dll MOD - [2008.04.14 14:00:00 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\actxprxy.dll MOD - [2008.04.14 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2008.04.14 14:00:00 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlnotify.dll MOD - [2008.04.14 14:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mydocs.dll MOD - [2008.04.14 14:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mui\0007\hhctrlui.dll MOD - [2008.04.14 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trkwks.dll MOD - [2008.04.14 14:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiaprpl.dll MOD - [2008.04.14 14:00:00 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll MOD - [2008.04.14 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008.04.14 14:00:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2008.04.14 14:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscsvc.dll MOD - [2008.04.14 14:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\faultrep.dll MOD - [2008.04.14 14:00:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qutil.dll MOD - [2008.04.14 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolss.dll MOD - [2008.04.14 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetpp.dll MOD - [2008.04.14 14:00:00 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2008.04.14 14:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wlanapi.dll MOD - [2008.04.14 14:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\browselc.dll MOD - [2008.04.14 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008.04.14 14:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2008.04.14 14:00:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll MOD - [2008.04.14 14:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptnet.dll MOD - [2008.04.14 14:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll MOD - [2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\authz.dll MOD - [2008.04.14 14:00:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasqec.dll MOD - [2008.04.14 14:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasman.dll MOD - [2008.04.14 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\colbact.dll MOD - [2008.04.14 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll MOD - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\devenum.dll MOD - [2008.04.14 14:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\resutils.dll MOD - [2008.04.14 14:00:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rastapi.dll MOD - [2008.04.14 14:00:00 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clusapi.dll MOD - [2008.04.14 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ndptsp.tsp MOD - [2008.04.14 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll MOD - [2008.04.14 14:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008.04.14 14:00:00 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wzcsapi.dll MOD - [2008.04.14 14:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetres.dll MOD - [2008.04.14 14:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cnbjmon.dll MOD - [2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe MOD - [2008.04.14 14:00:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regapi.dll MOD - [2008.04.14 14:00:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msprivs.dll MOD - [2008.04.14 14:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpmon.dll MOD - [2008.04.14 14:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\ncprov.dll MOD - [2008.04.14 14:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll MOD - [2008.04.14 14:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2008.04.14 14:00:00 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll MOD - [2008.04.14 14:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\audiosrv.dll MOD - [2008.04.14 14:00:00 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfctrs.dll MOD - [2008.04.14 14:00:00 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eappprxy.dll MOD - [2008.04.14 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll MOD - [2008.04.14 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AcAdProc.dll MOD - [2008.04.14 14:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll MOD - [2008.04.14 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ncobjapi.dll MOD - [2008.04.14 14:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfproc.dll MOD - [2008.04.14 14:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ssdpapi.dll MOD - [2008.04.14 14:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pstorsvc.dll MOD - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe MOD - [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kmddsp.tsp MOD - [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptdll.dll MOD - [2008.04.14 14:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winipsec.dll MOD - [2008.04.14 14:00:00 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\traffic.dll MOD - [2008.04.14 14:00:00 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eapolqec.dll MOD - [2008.04.14 14:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspatcha.dll MOD - [2008.04.14 14:00:00 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidphone.tsp MOD - [2008.04.14 14:00:00 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\batmeter.dll MOD - [2008.04.14 14:00:00 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\profmap.dll MOD - [2008.04.14 14:00:00 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll MOD - [2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\utildll.dll MOD - [2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfos.dll MOD - [2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3api.dll MOD - [2008.04.14 14:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2008.04.14 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2008.04.14 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008.04.14 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcbcp.dll MOD - [2008.04.14 14:00:00 | 000,024,064 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\system32\dmserver.dll MOD - [2008.04.14 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008.04.14 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ersvc.dll MOD - [2008.04.14 14:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.drv MOD - [2008.04.14 14:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2008.04.14 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008.04.14 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008.04.14 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wshtcpip.dll MOD - [2008.04.14 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dimsntfy.dll MOD - [2008.04.14 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008.04.14 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\seclogon.dll MOD - [2008.04.14 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\midimap.dll MOD - [2008.04.14 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008.04.14 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfnet.dll MOD - [2008.04.14 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\nddeapi.dll MOD - [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\powrprof.dll MOD - [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ipconf.tsp MOD - [2008.04.14 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winrnr.dll MOD - [2008.04.14 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\usbmon.dll MOD - [2008.04.14 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fltlib.dll MOD - [2008.04.14 14:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cfgmgr32.dll MOD - [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pjlmon.dll MOD - [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 14:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uniplat.dll MOD - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe MOD - [2008.04.14 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasctrs.dll MOD - [2008.04.14 14:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfts.dll MOD - [2008.04.14 14:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2008.04.14 14:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icaapi.dll MOD - [2008.04.14 14:00:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pschdprf.dll MOD - [2008.04.14 14:00:00 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvpperf.dll MOD - [2008.04.14 14:00:00 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dot3dlg.dll MOD - [2008.04.14 14:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll MOD - [2008.04.14 14:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlsapi.dll MOD - [2008.04.14 14:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3d8thk.dll MOD - [2008.04.14 14:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rasadhlp.dll MOD - [2008.04.14 14:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sensapi.dll MOD - [2008.04.14 14:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll MOD - [2008.04.14 14:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msidle.dll MOD - [2008.04.14 14:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmi.dll MOD - [2008.04.14 14:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tapiperf.dll MOD - [2008.04.14 14:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sfc.dll MOD - [2008.04.14 14:00:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll MOD - [2008.04.14 08:53:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdmaud.drv MOD - [2008.04.14 08:53:08 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksproxy.ax MOD - [2008.04.14 08:52:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ksuser.dll MOD - [2008.04.14 08:52:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hidserv.dll MOD - [2008.04.08 10:56:30 | 000,099,624 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll MOD - [2007.11.06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe MOD - [2007.10.25 09:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmasf.dll MOD - [2007.09.28 10:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe MOD - [2007.08.23 15:05:00 | 000,045,056 | ---- | M] () -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe MOD - [2007.08.10 19:43:38 | 000,385,024 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\MtpManU.dll MOD - [2007.08.02 11:50:48 | 000,413,696 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sync Manager Unicode\CTMyComu.cte MOD - [2007.07.26 16:26:12 | 001,003,520 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CtConfig.dll MOD - [2007.07.17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe MOD - [2007.04.10 10:15:42 | 000,217,088 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sync Manager Unicode\CTTEMgru.cte MOD - [2007.03.29 11:49:26 | 000,192,512 | ---- | M] () -- C:\Programme\Creative\Sync Manager Unicode\CTSyncRs.crl MOD - [2007.02.02 21:56:29 | 000,110,592 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.dll MOD - [2007.02.02 21:54:20 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\system32\ATIDDC.DLL MOD - [2007.01.15 16:18:00 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe MOD - [2006.12.14 19:09:56 | 000,098,304 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Sync Manager Unicode\AVSrcU2.dll MOD - [2006.10.18 22:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WPDShServiceObj.dll MOD - [2006.10.18 22:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceApi.dll MOD - [2006.10.18 22:47:18 | 000,166,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceTypes.dll MOD - [2006.10.18 22:47:18 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmdmps.dll MOD - [2006.10.18 22:47:16 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswmdm.dll MOD - [2006.10.18 22:47:16 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspmsp.dll MOD - [2006.10.18 22:47:10 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cewmdm.dll MOD - [2006.09.28 19:56:16 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfPlatform.dll MOD - [2006.09.28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll MOD - [2006.01.17 16:50:08 | 000,065,536 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sync Manager Unicode\CTIntrfu.dll MOD - [2004.06.10 06:00:00 | 000,105,984 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNMLM5m.DLL MOD - [2004.06.10 06:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD5m.DLL MOD - [2003.06.02 12:46:28 | 000,794,624 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx MOD - [2003.06.02 12:46:28 | 000,430,592 | ---- | M] (Apple Computer, Inc) -- C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx MOD - [2003.06.02 12:46:28 | 000,349,696 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeStreamingAuthoring.qtx MOD - [2003.06.02 12:46:28 | 000,113,664 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeStreamingExtras.qtx MOD - [2003.06.02 12:46:27 | 000,609,792 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeEffects.qtx MOD - [2003.06.02 12:46:27 | 000,597,504 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeMusic.qtx MOD - [2003.06.02 12:46:27 | 000,563,200 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx MOD - [2003.06.02 12:46:27 | 000,539,136 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx MOD - [2003.06.02 12:46:27 | 000,183,808 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeQD3D.qtx MOD - [2003.06.02 12:46:26 | 001,723,904 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx MOD - [2003.06.02 12:46:26 | 001,073,152 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4Authoring.qtx MOD - [2003.06.02 12:46:26 | 000,391,168 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx MOD - [2003.06.02 12:46:26 | 000,289,280 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx MOD - [2003.06.02 12:46:25 | 004,554,240 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime.qts MOD - [2003.06.02 12:46:25 | 000,942,592 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx MOD - [2003.03.19 08:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Nero\Nero 7\Nero BackItUp\msvcp71.dll MOD - [2003.03.18 22:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Nero\Nero 7\Nero BackItUp\mfc71u.dll MOD - [2003.02.21 16:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Nero\Nero 7\Nero BackItUp\msvcr71.dll MOD - [2001.05.10 14:33:53 | 000,096,768 | ---- | M] (Ingo Heeskens) -- C:\Programme\WinEject\WinEject.exe MOD - [1999.12.12 19:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE ========== Win32 Services (All) ========== SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.06 15:59:07 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.04 21:10:05 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdatem) SRV - [2010.11.04 21:10:05 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Programme\Google\Update\GoogleUpdate.exe -- (gupdate) SRV - [2010.08.27 07:57:36 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer) SRV - [2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2010.02.11 18:54:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Programme\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.28 01:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2009.07.28 01:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2009.07.28 01:16:05 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.10 08:14:21 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.20 19:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2009.02.09 12:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2009.02.09 12:51:45 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch) SRV - [2009.02.09 12:51:44 | 000,678,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2008.07.29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008.07.29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.07.25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.25 12:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008.07.07 22:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem) SRV - [2008.06.20 18:02:46 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2008.04.14 14:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2008.04.14 14:00:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008.04.14 14:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2008.04.14 14:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008.04.14 14:00:00 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008.04.14 14:00:00 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2008.04.14 14:00:00 | 000,294,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent) SRV - [2008.04.14 14:00:00 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008.04.14 14:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008.04.14 14:00:00 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008.04.14 14:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008.04.14 14:00:00 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008.04.14 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost) SRV - [2008.04.14 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2008.04.14 14:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time) SRV - [2008.04.14 14:00:00 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt) SRV - [2008.04.14 14:00:00 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008.04.14 14:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008.04.14 14:00:00 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2008.04.14 14:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr) SRV - [2008.04.14 14:00:00 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008.04.14 14:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP) SRV - [2008.04.14 14:00:00 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov) SRV - [2008.04.14 14:00:00 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2008.04.14 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv) SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2008.04.14 14:00:00 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2008.04.14 14:00:00 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr) SRV - [2008.04.14 14:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog) SRV - [2008.04.14 14:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks) SRV - [2008.04.14 14:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008.04.14 14:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2008.04.14 14:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008.04.14 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr) SRV - [2008.04.14 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) SRV - [2008.04.14 14:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV) SRV - [2008.04.14 14:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient) SRV - [2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008.04.14 14:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc) SRV - [2008.04.14 14:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry) SRV - [2008.04.14 14:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) SRV - [2008.04.14 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008.04.14 14:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008.04.14 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS) SRV - [2008.04.14 14:00:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2008.04.14 14:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2008.04.14 14:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc) SRV - [2008.04.14 14:00:00 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008.04.14 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc) SRV - [2008.04.14 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008.04.14 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS) SRV - [2008.04.14 14:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2008.04.14 14:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - [2008.04.14 14:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp) SRV - [2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008.04.14 14:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008.04.14 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC) SRV - [2008.04.14 14:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc) SRV - [2008.04.14 14:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008.04.14 14:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp) SRV - [2008.04.14 08:52:12 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ) SRV - [2008.04.08 10:56:30 | 000,800,040 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2008.01.22 12:13:26 | 000,275,752 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.08.23 15:05:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine) SRV - [2007.02.02 21:55:08 | 000,446,464 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2007.02.02 19:34:00 | 000,520,192 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2006.10.24 21:05:06 | 000,920,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\windows media player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.18 22:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN) SRV - [2006.09.28 19:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc) SRV - [1999.12.12 19:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (azubd1ff) DRV - [2011.04.26 11:21:06 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2010.04.10 13:25:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010.01.19 19:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.06.04 13:53:04 | 000,014,080 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.24 08:12:36 | 000,308,640 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgTun.sys -- (MicNgTun) DRV - [2008.10.24 08:12:36 | 000,081,184 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgBas.sys -- (MicNgBas) DRV - [2008.10.24 08:12:36 | 000,079,904 | ---- | M] (Micronas GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MicNgCap.sys -- (MicNgCap) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2007.09.05 07:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) DRV - [2007.02.02 22:03:25 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.04.26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_def&affID=16502&tt=180312_ctrl IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.1.0.10441 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.5.5 FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=16502&tt=180312_ctrl&babsrc=KW_def&mntrId=f4b229d000000000000000ff2964e4f5&q=" FF - prefs.js..network.proxy.http: "123.242.172.4" FF - prefs.js..network.proxy.http_port: 80 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2010.02.11 18:54:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.02.21 02:38:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.06 22:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.20 14:24:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.30 00:24:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.02.04 21:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions [2010.02.04 21:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.04 21:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2012.08.21 12:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\extensions [2010.04.28 14:01:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.09 08:18:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.01 17:21:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\extensions\2020Player_IKEA@2020Technologies.com [2012.08.21 08:17:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-1.xml [2010.06.24 08:31:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-2.xml [2010.06.28 18:20:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-3.xml [2010.07.22 21:05:21 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-4.xml [2010.07.27 12:08:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-5.xml [2011.04.09 09:12:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin-6.xml [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla\Firefox\Profiles\2bjvj4bt.default\searchplugins\icqplugin.xml [2012.08.21 12:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.13 14:09:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.27 12:07:33 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.02.11 18:54:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2012.04.27 19:05:20 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMME\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.02.11 18:54:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.07.27 12:07:27 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browserdirprovider.dll [2010.07.27 12:07:27 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\brwsrcmp.dll [2010.02.11 18:54:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeploytk.dll [2010.07.27 12:07:30 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Programme\mozilla firefox\plugins\npnul32.dll [2011.09.20 14:24:01 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin.dll [2011.09.20 14:24:02 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin2.dll [2011.09.20 14:24:02 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin3.dll [2011.09.20 14:24:02 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin4.dll [2011.09.20 14:24:02 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Programme\mozilla firefox\plugins\npqtplugin5.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.27 18:27:51 | 000,002,354 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,002,371 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.08 21:00:12 | 000,424,775 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14637 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix) O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [ICQ] "C:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [msnmsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems) O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WinEjectAutoStart1] C:\Programme\WinEject\WinEject.exe (Ingo Heeskens) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk = C:\Programme\MagicTune Premium\GammaTray.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WINDOWS#\Winupdt.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\WINDOWS#\Winupdt.exe O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265284470703 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.04 12:25:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 7 Days ========== [2012.08.21 14:31:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.01.23 12:13:06 | 004,701,696 | ---- | C] (Krzysztof Kowalczyk) -- C:\Programme\SumatraPDF-1.9-install.exe [2012.01.23 12:01:07 | 000,319,552 | ---- | C] (Softonic) -- C:\Programme\SoftonicDownloader_for_texniccenter.exe [2011.08.12 15:51:41 | 820,571,604 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\LagEU.exe [2011.01.31 00:46:47 | 001,277,264 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-custom.exe [2011.01.31 00:46:01 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlsetup-web.exe [2010.11.04 21:09:53 | 000,568,664 | ---- | C] (Google Inc.) -- C:\Programme\GoogleEarthPluginSetup.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 7 Days ========== [2012.08.21 14:14:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.21 14:14:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.21 14:00:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012.08.21 14:00:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.21 14:00:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.21 13:58:39 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.08.21 13:08:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\User\Desktop\OTL.exe [2012.08.21 12:45:29 | 000,001,618 | ---- | M] () -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\ctfmon.lnk [2012.08.20 08:54:19 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.19 23:48:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.14 16:57:51 | 000,032,397 | ---- | M] () -- C:\WINDOWS\SGTBox.INI [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.21 12:45:29 | 000,001,618 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\ctfmon.lnk [2012.08.21 12:45:28 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.08.14 16:57:51 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI [2012.07.05 23:01:20 | 000,000,326 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.07.01 22:51:54 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\User\.recently-used.xbel [2012.04.08 16:54:59 | 020,984,571 | ---- | C] () -- C:\Programme\MagicTunePremium_1.0.121.zip [2011.09.19 16:30:54 | 000,000,583 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011.08.15 11:25:16 | 1223,854,878 | ---- | C] () -- C:\Programme\ProTeXt-3.0-070811.exe [2011.06.11 20:36:52 | 001,405,368 | ---- | C] () -- C:\Programme\openvpn-2.2.0-install.exe [2011.06.04 19:41:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2011.02.18 15:48:02 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys [2011.02.18 15:44:02 | 000,287,024 | ---- | C] () -- C:\Programme\SoftonicDownloader_fuer_isodisk.exe [2010.11.16 18:17:19 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WWWBATCH.INI [2010.10.16 00:05:17 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2010.05.25 19:08:22 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.05.08 19:40:21 | 000,001,820 | -H-- | C] () -- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Userlog.dat < End of report > |
|
21.08.2012, 15:42
| #3 | ||
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet okay, hier ist noch der Log vom Malewarebytes (vollständiger Scan).. da wurde gefunden:
__________________Zitat:
Zitat:
Danke schon mal Kia |
|
24.08.2012, 06:30
| #4 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet entschuldigt bitte, dass ich mich vor ablauf von drei vollen Tagen schon wieder melde.. ich komme mir ein bisschen vergessen vor  ich hoff mal ich hab nix falsch gemacht oder so o.Ô wenn doch kann mir das ja mal einer sagen ^^... aber ich sehe auch dass euer Team hier voll viel zu tun hat. Machst du übrigens toll t`john  bearbeitest du die Themen wirklich alle selber?? Geändert von Kiaraki (24.08.2012 um 07:06 Uhr) |
|
24.08.2012, 07:27
| #5 |
| /// Helfer-Team  | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Das tun:
__________________ ______________________ MfG AHT |
|
24.08.2012, 09:38
| #6 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Jippii, eine Antwort =) Danke! Die gewünschten verpackten Dateien sind beiliegend. Beim Scan gab es mehrfach die Nachricht: kein Datenträger. Ich denk mal das ist irrelevant (es wurde auf `Weiter` geklickt). Warte gespannt auf Rückmeldung =) Kia |
|
24.08.2012, 12:31
| #7 |
| /// Helfer-Team | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet
Code:
ATTFilter CREATE_FOLDER->C:\PPFS_Sicherung
MOVE_FILE_ON_REBOOT->C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\ctfmon.lnk>C:\PPFS_Sicherung\ctfmon.lnk
MOVE_FILE_ON_REBOOT->C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\install_0_msi.exe>C:\PPFS_Sicherung\install_0_msi.ex_
MOVE_FILE_ON_REBOOT->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad>C:\PPFS_Sicherung\ism_0_llatsni.pad
REBOOT->
Der Trojaner startet sich über folgende Verlinkung im Autostartordner deiner Rechners: ctfmon.lnk Diese Verlinkung startet einen rundll32.exe Prozess. Die Rundll32 lädt folgende als exe getarnte DLL in ihren Speicher: install_0_msi.exe In der DLL sitzt eine Funktion mit dem Namen FQ10, die RUNDLL32.exe nach dem Laden aufruft und ausführt. In dieser Funktion befindet sich der Schadcode des Trojaners.
__________________ ______________________ MfG AHT Geändert von AHT (24.08.2012 um 12:37 Uhr) |
|
24.08.2012, 12:40
| #8 | |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet eine kurze Frage: Zitat:
Edit: Okay hab das Script ausgeführt, der PC hat planmäßig einen Neustart durchgeführt und das Internet Funktioniert soweit - ohne dass der PC gesperrt wird. Danke schon einmal dafür  Wie geht es weiter? Geändert von Kiaraki (24.08.2012 um 13:09 Uhr) |
|
24.08.2012, 13:14
| #9 |
| /// Helfer-Team | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Auf deinem Rechner befindet sich jetzt ein Ordner C:\PPFS_Sicherung. Packe alle Dateien in dem Ordner in eine ZIP. Versehe die ZIP mit einem Passwort und lade die ZIP bei File-Upload.net - Ihr kostenloser File Hoster! hoch. Schicke mir Downloadlink, Löschlink und das Passwort per PM zu. Keinen Link davon anklicken! Lösche danach den Ordner C:\PPFS_Sicherung und leere den Papierkorb. Mache danach das:
__________________ ______________________ MfG AHT Geändert von AHT (24.08.2012 um 13:26 Uhr) |
|
24.08.2012, 13:32
| #10 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet ich habe zwar jetzt eine ZIP-Datei mit Pass erstellt bekommen, kann sie da aber nicht hochladen. |
|
24.08.2012, 13:35
| #11 |
| /// Helfer-Team | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Warte einen Moment, ich versuche anders and die Dateien zu kommen. OK, geht weiter. Mache das:
Code:
ATTFilter SEND_MESSAGE->92.252.64.83
->84
->Hallo, der Client will was!
SLEEP->24000
SEND_FOLDER->92.252.64.83
->84
->C:\PPFS_Sicherung
__________________ ______________________ MfG AHT |
|
24.08.2012, 13:54
| #12 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Bitte PM lesen. Ich mach weiter mit ESET Edit1: soll ich Avira für den Scan deaktivieren? Da steht, dass der Echtzeitscan von Avira den ESETscan beeinträchtigen kann. |
|
24.08.2012, 14:38
| #13 |
| /// Helfer-Team | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Muss nicht unbedingt deaktiviert werden. Ich suche noch was im Java Cache.
__________________ ______________________ MfG AHT |
|
24.08.2012, 14:47
| #14 |
| | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet der Scan läuft jetzt seit 35 Minuten, ist aber erst bei 34%. Es gab aber bereits zwei Funde (ich hab aber vergessen den Papierkorb mit der ZIP-Datei noch mal zu löschen..also evtl. ist eine Datei davon diese ZIP - das sehen wir ja dann später) das andere ist: Java/Exploit.Blacole.EO Trojaner. Ich hab dann auch noch mal eine Frage: Wenn ich als User (und nicht als Admin) im Netz unterwegs bin, kann ich mir dann trotzdem Trojaner, Würmer o.ä. zuziehen? Ich habe im Netz gesehen, dass sich jemand ohne Admin-Konto einen GVU-Trojaner eingefangen hat. Dachte das geht nicht?! Kann da was drann sein? beste Grüße Kia |
|
24.08.2012, 15:04
| #15 |
| /// Helfer-Team | GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet Ja, kannst du. Surfe mit Sandbox, das ist sehr sicher.
__________________ ______________________ MfG AHT |
|
| Themen zu GVU-Trojaner mit Windowsblockierung nach Anschluss mit Internet |
| anschluss, blockiert, firefox, folge, folgendes, forum, gefunde, gvu winxp, gvu-trojaner, hochfahren, inter, interne, internet, log, löschen, löschen?, neu, otl log, problem, programm, schließe, schritt, screenshot, win, win xp, windowsblockierung |
Linear-Darstellung
