explorer.exe 100%Auslastung

torx · 19.09.2009, 16:46

hallo,
ich hab ein problem mit meinen explorer, immer wenn ich auf daten auf meinem laptop zugreife geht meine auslastung auf 100% und schwankt dann die ganze zeit bei 95-100%.
ich hab schon rausgefunden was dafür verantwortlich ist und zwar
ntdll.dll!Rtl.dll!SizeHeap, hab ich mit explorer process rausgefunden.
immer wenn ich den process beende und neu starte kommt er wieder.

bitte um schnelle hilfe ich fummel jetzt hier schon ein paar tage rum und es bringt mich zu weißglut

hier mein log-file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:16, on 19.09.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Lars\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Users\Lars\AppData\Local\saedbgm.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [saedbgm] "c:\users\lars\appdata\local\saedbgm.exe" saedbgm
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8488 bytes

danke im vorraus

john.doe · 19.09.2009, 16:59

Hallo Lars und

Entscheide dich für ein Antivirenprogramm und deinstalliere alle Anderen.

Arbeite diese Anleitung ab => http://www.trojaner-board.de/69713-e...navipromo.html

Danach diese => http://www.trojaner-board.de/95173-b...es-posten.html

Anschließend wird es deinem Rechner besser gehen, versprochen!

ciao, andreas

torx · 19.09.2009, 17:45

danke für die schnelle antwort, ich konnte die datei löschen...
aber geholfen hat es leider nicht, wie gehabt sehr hohe auslastung durch den explorer...

hier hab ich noch zwei log-filed vom rsit

info.txt logfile of random's system information tool 1.06 2009-09-19 18:24:47

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7 -removeonly
Acer Product Registration-->"C:\Program Files\InstallShield Installation Information\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
Agere Systems HDA Modem-->agrsmdel
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
Anno 1701-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x7 -removeonly
AnVir Task Manager Free-->"C:\Program Files\AnVir Task Manager Free\AnVir.exe" Uninstall
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
BearShare-->E:\PROGRA~1\BEARSH~1\UNWISE.EXE E:\PROGRA~1\BEARSH~1\INSTALL.LOG
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
CHIP System-Check-Tool 1.1.9.15-->"C:\Program Files\CHIP System-Check-Tool\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Counter-Strike: Source-->"D:\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Day of Defeat: Source-->"D:\Steam\steam.exe" steam://uninstall/300
Die Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FUSSBALL MANAGER 09-->D:\Program Files\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Half-Life 2: Deathmatch-->"D:\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast-->"D:\Steam\steam.exe" steam://uninstall/340
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Ice Age 3 Die Dinosaurier sind los(TM)-->C:\Program Files\InstallShield Installation Information\{9B0AC7ED-E425-4BD9-8196-D4D5D31FFD37}\setup.exe -runfromtemp -l0x0407
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x7 -removeonly
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PPLive 1.8-->C:\Program Files\PPLive\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Sony Ericsson PC Suite 5.009.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
SopCast 3.2.4-->D:\Neuer Ordner\SopCast\uninst.exe
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tower Gaming-->"C:\Towergaming\unins000.exe"
Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log"
TVUPlayer 2.4.7.2-->C:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->D:\Vuze\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{B5BCBD49-202F-4238-8398-D83D423A48B4}
Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917}
Windows Live Fotogalerie-->MsiExec.exe /X{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Lars-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948609-1722_neutral_LDR aus Paket KB948609(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 15741
Source Name: Microsoft-Windows-Servicing
Time Written: 20090605190712.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Lars-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948609-1721_neutral_GDR aus Paket KB948609(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 15740
Source Name: Microsoft-Windows-Servicing
Time Written: 20090605190712.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Lars-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948609-1720_neutral_LDR aus Paket KB948609(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 15739
Source Name: Microsoft-Windows-Servicing
Time Written: 20090605190712.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Lars-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948609-1719_neutral_GDR aus Paket KB948609(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 15738
Source Name: Microsoft-Windows-Servicing
Time Written: 20090605190712.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Lars-PC
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948609-1718_neutral_LDR aus Paket KB948609(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 15737
Source Name: Microsoft-Windows-Servicing
Time Written: 20090605190712.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: WIN-1LURAO5ZK9T
Event Code: 1009
Message: Die Optionsbenachrichtigung für das Programm zur Verbesserung der Benutzerfreundlichkeit wurde dem Benutzer angezeigt.
Record Number: 1025
Source Name: Microsoft-Windows-CEIP
Time Written: 20090110213229.000000-000
Event Type: Informationen
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 1024
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090110212938.000000-000
Event Type: Informationen
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 1023
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090110212938.000000-000
Event Type: Informationen
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 103
Message: Windows (1152) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 1022
Source Name: ESENT
Time Written: 20090110212606.000000-000
Event Type: Informationen
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 1021
Source Name: Microsoft-Windows-Search
Time Written: 20090110212606.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: WIN-1LURAO5ZK9T
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-1LURAO5ZK9T$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x28c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110213322.408321-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110213320.442721-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-1LURAO5ZK9T$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x28c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 1437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110213320.442721-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-1LURAO5ZK9T$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x28c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110213320.442721-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-1LURAO5ZK9T
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-1590968124-782237235-1580467535-500
Kontoname: Administrator
Domänenname: WIN-1LURAO5ZK9T
Logon-ID: 0x31fa1
Record Number: 1435
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090110212554.210321-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

torx · 19.09.2009, 17:53

das ist die 2.
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Lars\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Lars\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Lars.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7730g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8701 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-16 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-28 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-07-02 821768]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"eRecoveryService"= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-05-27 13781536]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-16 2007832]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"AnVir Task Manager Free"=C:\Program Files\AnVir Task Manager Free\AnVir.exe [2009-01-20 1566432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
E:\Program Files\BearShare\BearShare.exe [2006-07-26 3305472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Users\Lars\AppData\Local\Temp\pplA460.tmp"="C:\Users\Lars\AppData\Local\Temp\pplA460.tmp:*:Enabled:fg_ol_silent"
"$INSTDIR\FlvDetector.exe"="C:\FlashGet Network\Flashget 3\FlvDetector.exe:*:Enabled:FGFlvDetector"
"C:\FlashGet Network\Flashget 3\FlashGet3.exe"="C:\FlashGet Network\Flashget 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff4c3d9-5200-11de-97d9-806e6f6e6963}]
shell\AutoRun\command - F:\Autorun.exe

torx · 19.09.2009, 17:56

das ist noch etwas von der 2.
======List of files/folders created in the last 1 months======

2009-09-19 18:24:21 ----D---- C:\rsit
2009-09-19 18:21:56 ----D---- C:\Users\Lars\AppData\Roaming\Malwarebytes
2009-09-19 18:21:50 ----D---- C:\ProgramData\Malwarebytes
2009-09-19 18:21:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-19 18:20:04 ----D---- C:\Program Files\CCleaner
2009-09-19 17:16:41 ----D---- C:\Program Files\Trend Micro
2009-09-19 16:31:33 ----D---- C:\Program Files\AnVir Task Manager Free
2009-09-18 20:15:10 ----D---- C:\Windows\system32\eu-ES
2009-09-18 20:15:10 ----D---- C:\Windows\system32\ca-ES
2009-09-18 20:15:03 ----D---- C:\Windows\system32\vi-VN
2009-09-18 20:11:30 ----D---- C:\Windows\system32\SPReview
2009-09-18 19:55:06 ----A---- C:\Windows\system32\scavenge.dll
2009-09-18 19:54:55 ----A---- C:\Windows\system32\compcln.exe
2009-09-18 19:53:58 ----A---- C:\Windows\system32\secur32.dll
2009-09-18 19:53:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-18 19:53:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-18 19:53:58 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-18 19:53:58 ----A---- C:\Windows\system32\secproc.dll
2009-09-18 19:53:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-18 19:53:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-18 19:53:57 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-18 19:53:57 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-18 19:53:57 ----A---- C:\Windows\system32\sdclt.exe
2009-09-18 19:53:57 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-18 19:53:57 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\scrrun.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\scansetting.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\samlib.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\rtutils.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\rpcss.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-18 19:53:56 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-18 19:53:56 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-18 19:53:56 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-18 19:53:56 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-18 19:53:56 ----A---- C:\Windows\system32\riched20.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\scrobj.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\scksp.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\schannel.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\scesrv.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\scecli.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-18 19:53:55 ----A---- C:\Windows\system32\samsrv.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-18 19:53:50 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-18 19:53:50 ----A---- C:\Windows\system32\pnidui.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\pdh.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\pcaui.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-18 19:53:50 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\powercpl.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\pnpui.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-18 19:53:49 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\photowiz.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-18 19:53:49 ----A---- C:\Windows\system32\ntdll.dll
2009-09-18 19:53:49 ----A---- C:\Windows\system32\nslookup.exe
2009-09-18 19:53:49 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\osk.exe
2009-09-18 19:53:48 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\onex.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\olepro32.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\oleprn.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\ole32.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\offfilt.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\odbc32.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-18 19:53:48 ----A---- C:\Windows\system32\occache.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\ntprint.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-18 19:53:48 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rastls.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rastapi.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasppp.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasplap.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasmans.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasdial.exe
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\raschap.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\Query.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\quartz.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\qmgr.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\qedit.dll
2009-09-18 19:53:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-18 19:53:46 ----A---- C:\Windows\system32\RelMon.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-18 19:53:46 ----A---- C:\Windows\system32\regsvc.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\regapi.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\reg.exe
2009-09-18 19:53:46 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\printui.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-09-18 19:53:46 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-18 19:53:46 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-18 19:53:45 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-18 19:53:45 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-18 19:53:45 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-18 19:53:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-18 19:53:45 ----A---- C:\Windows\system32\powrprof.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\qdvd.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-18 19:53:44 ----A---- C:\Windows\system32\puiapi.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-18 19:53:44 ----A---- C:\Windows\system32\propsys.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\propdefs.dll
2009-09-18 19:53:44 ----A---- C:\Windows\system32\profsvc.dll
2009-09-18 19:53:40 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-18 19:53:40 ----A---- C:\Windows\system32\shell32.dll
2009-09-18 19:53:40 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-18 19:53:40 ----A---- C:\Windows\system32\sethc.exe
2009-09-18 19:53:40 ----A---- C:\Windows\system32\services.exe
2009-09-18 19:53:40 ----A---- C:\Windows\system32\sendmail.dll
2009-09-18 19:53:39 ----A---- C:\Windows\system32\setupapi.dll
2009-09-18 19:53:29 ----A---- C:\Windows\system32\eapphost.dll
2009-09-18 19:53:29 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-18 19:53:28 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-18 19:53:28 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-18 19:53:28 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-18 19:53:28 ----A---- C:\Windows\system32\dsprop.dll
2009-09-18 19:53:28 ----A---- C:\Windows\system32\dsound.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\extmgr.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\evr.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-18 19:53:27 ----A---- C:\Windows\system32\esent.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\EncDec.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-18 19:53:27 ----A---- C:\Windows\system32\dwm.exe
2009-09-18 19:53:27 ----A---- C:\Windows\explorer.exe
2009-09-18 19:53:26 ----A---- C:\Windows\system32\es.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\diskraid.exe
2009-09-18 19:53:26 ----A---- C:\Windows\system32\diskpart.exe
2009-09-18 19:53:26 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\diagperf.dll
2009-09-18 19:53:26 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\drvstore.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\drvinst.exe
2009-09-18 19:53:25 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dfsr.exe
2009-09-18 19:53:25 ----A---- C:\Windows\system32\dfshim.dll
2009-09-18 19:53:25 ----A---- C:\Windows\system32\devmgr.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\iasads.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\iasacct.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-18 19:53:24 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\gpresult.exe
2009-09-18 19:53:24 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\dmusic.dll
2009-09-18 19:53:24 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-18 19:53:23 ----A---- C:\Windows\system32\iasnap.dll
2009-09-18 19:53:23 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-18 19:53:23 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-18 19:53:23 ----A---- C:\Windows\system32\hidserv.dll
2009-09-18 19:53:23 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-18 19:53:23 ----A---- C:\Windows\system32\fontext.dll
2009-09-18 19:53:23 ----A---- C:\Windows\system32\findstr.exe
2009-09-18 19:53:22 ----A---- C:\Windows\system32\gpapi.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\gdi32.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\feclient.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fdBth.dll
2009-09-18 19:53:22 ----A---- C:\Windows\system32\fc.exe
2009-09-18 19:53:22 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-18 19:53:21 ----A---- C:\Windows\system32\gpedit.dll
2009-09-18 19:53:21 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-18 19:53:21 ----A---- C:\Windows\system32\fundisc.dll
2009-09-18 19:53:21 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-18 19:53:21 ----A---- C:\Windows\system32\ftp.exe
2009-09-18 19:53:20 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-18 19:53:20 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\autoplay.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\autofmt.exe
2009-09-18 19:53:20 ----A---- C:\Windows\system32\autoconv.exe
2009-09-18 19:53:20 ----A---- C:\Windows\system32\autochk.exe
2009-09-18 19:53:20 ----A---- C:\Windows\system32\authz.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\authui.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-18 19:53:20 ----A---- C:\Windows\system32\audiodg.exe
2009-09-18 19:53:18 ----A---- C:\Windows\system32\bthci.dll
2009-09-18 19:53:18 ----A---- C:\Windows\system32\browseui.dll
2009-09-18 19:53:18 ----A---- C:\Windows\system32\brcpl.dll
2009-09-18 19:53:18 ----A---- C:\Windows\system32\basecsp.dll
2009-09-18 19:53:18 ----A---- C:\Windows\system32\azroles.dll
2009-09-18 19:53:17 ----A---- C:\Windows\system32\blackbox.dll
2009-09-18 19:53:17 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-18 19:53:17 ----A---- C:\Windows\system32\BFE.DLL
2009-09-18 19:53:17 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-18 19:53:17 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-18 19:53:16 ----A---- C:\Windows\system32\apphelp.dll
2009-09-18 19:53:16 ----A---- C:\Windows\system32\apds.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\crypt32.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\conime.exe
2009-09-18 19:53:15 ----A---- C:\Windows\system32\comuid.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\advapi32.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\adtschema.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-18 19:53:15 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\davclnt.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\dataclen.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\d3d9.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\credui.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\connect.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-18 19:53:14 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-18 19:53:14 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-18 19:53:13 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-18 19:53:13 ----A---- C:\Windows\system32\csrstub.exe
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cscript.exe
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cscdll.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cscapi.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cryptui.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\certmgr.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\certcli.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\cdd.dll
2009-09-18 19:53:13 ----A---- C:\Windows\system32\bthserv.dll
2009-09-18 19:53:12 ----A---- C:\Windows\system32\cipher.exe
2009-09-18 19:53:12 ----A---- C:\Windows\system32\ci.dll
2009-09-18 19:53:12 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-18 19:53:12 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-18 19:53:12 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-18 19:53:12 ----A---- C:\Windows\system32\cbsra.exe
2009-09-18 19:53:12 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-18 19:53:11 ----A---- C:\Windows\system32\certreq.exe
2009-09-18 19:53:11 ----A---- C:\Windows\system32\certprop.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msihnd.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msiexec.exe
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msftedit.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msexch40.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-18 19:53:10 ----A---- C:\Windows\system32\certutil.exe
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msi.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msdrm.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msctfui.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msctfp.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-18 19:53:09 ----A---- C:\Windows\system32\msctf.dll
2009-09-18 19:53:08 ----A---- C:\Windows\system32\msimsg.dll
2009-09-18 19:53:08 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-18 19:53:08 ----A---- C:\Windows\system32\mprapi.dll
2009-09-18 19:53:08 ----A---- C:\Windows\system32\mpr.dll
2009-09-18 19:53:07 ----A---- C:\Windows\system32\modemui.dll
2009-09-18 19:53:07 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-18 19:53:06 ----A---- C:\Windows\system32\mscories.dll
2009-09-18 19:53:06 ----A---- C:\Windows\system32\mscorier.dll
2009-09-18 19:53:06 ----A---- C:\Windows\system32\mscoree.dll
2009-09-18 19:53:06 ----A---- C:\Windows\system32\mscms.dll
2009-09-18 19:53:06 ----A---- C:\Windows\system32\mscandui.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\NetProjW.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\netcenter.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\netapi32.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-18 19:53:05 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-18 19:53:04 ----A---- C:\Windows\system32\netlogon.dll
2009-09-18 19:53:04 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\newdev.exe
2009-09-18 19:53:03 ----A---- C:\Windows\system32\newdev.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\netshell.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\msxml6.dll
2009-09-18 19:53:03 ----A---- C:\Windows\system32\msxml3.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\networkmap.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msscb.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msrating.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msltus40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msjter40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msjint40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msjet40.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msisip.dll
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-18 19:53:02 ----A---- C:\Windows\system32\msimtf.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\mswsock.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\msv1_0.dll
2009-09-18 19:53:01 ----A---- C:\Windows\system32\msutb.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mstsc.exe
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mstime.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mstext40.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssvp.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\msstrc.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssrch.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssprxy.dll

torx · 19.09.2009, 17:58

und hier ist noch was von der 2.:
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssph.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\msshsq.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\msshooks.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\msscp.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\InkEd.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\inetppui.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\inetpp.dll
2009-09-18 19:53:00 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-18 19:52:58 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-18 19:52:58 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-18 19:52:58 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-18 19:52:58 ----A---- C:\Windows\system32\input.dll
2009-09-18 19:52:58 ----A---- C:\Windows\system32\imm32.dll
2009-09-18 19:52:57 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-18 19:52:57 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-18 19:52:57 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-18 19:52:57 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-18 19:52:57 ----A---- C:\Windows\system32\iertutil.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\ifmon.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iepeers.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\icardres.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\icardagt.exe
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iassdo.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iassam.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iasrad.dll
2009-09-18 19:52:56 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-18 19:52:55 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-18 19:52:55 ----A---- C:\Windows\system32\imapi2.dll
2009-09-18 19:52:55 ----A---- C:\Windows\system32\imapi.dll
2009-09-18 19:52:54 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-18 19:52:54 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-18 19:52:53 ----A---- C:\Windows\system32\mfplat.dll
2009-09-18 19:52:53 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-18 19:52:53 ----A---- C:\Windows\system32\mfc42.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\mmcico.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\mmci.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\mmc.exe
2009-09-18 19:52:51 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\milcore.dll
2009-09-18 19:52:51 ----A---- C:\Windows\system32\midimap.dll
2009-09-18 19:52:50 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-18 19:52:50 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-18 19:52:50 ----A---- C:\Windows\system32\kernel32.dll
2009-09-18 19:52:50 ----A---- C:\Windows\system32\kerberos.dll
2009-09-18 19:52:50 ----A---- C:\Windows\system32\kd1394.dll
2009-09-18 19:52:49 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-18 19:52:49 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-18 19:52:49 ----A---- C:\Windows\system32\mcmde.dll
2009-09-18 19:52:49 ----A---- C:\Windows\system32\mblctr.exe
2009-09-18 19:52:49 ----A---- C:\Windows\system32\Magnify.exe
2009-09-18 19:52:49 ----A---- C:\Windows\system32\logman.exe
2009-09-18 19:52:49 ----A---- C:\Windows\system32\logagent.exe
2009-09-18 19:52:49 ----A---- C:\Windows\system32\kdusb.dll
2009-09-18 19:52:49 ----A---- C:\Windows\system32\kdcom.dll
2009-09-18 19:52:48 ----A---- C:\Windows\system32\wercon.exe
2009-09-18 19:52:48 ----A---- C:\Windows\system32\wer.dll
2009-09-18 19:52:48 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-18 19:52:48 ----A---- C:\Windows\system32\webcheck.dll
2009-09-18 19:52:48 ----A---- C:\Windows\system32\shsetup.dll
2009-09-18 19:52:48 ----A---- C:\Windows\system32\lsasrv.dll
2009-09-18 19:52:47 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-18 19:52:47 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-18 19:52:47 ----A---- C:\Windows\system32\wdscore.dll
2009-09-18 19:52:47 ----A---- C:\Windows\system32\wdc.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\winhttp.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\whealogr.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-18 19:52:46 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\wersvc.dll
2009-09-18 19:52:46 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-18 19:52:46 ----A---- C:\Windows\system32\WerFault.exe
2009-09-18 19:52:45 ----A---- C:\Windows\system32\win32spl.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\version.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\vds.exe
2009-09-18 19:52:45 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-18 19:52:45 ----A---- C:\Windows\system32\vbscript.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\uxsms.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\Utilman.exe
2009-09-18 19:52:44 ----A---- C:\Windows\system32\usp10.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\userenv.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\usercpl.dll
2009-09-18 19:52:44 ----A---- C:\Windows\system32\user32.dll
2009-09-18 19:52:43 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-18 19:52:43 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-18 19:52:43 ----A---- C:\Windows\system32\w32time.dll
2009-09-18 19:52:43 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-18 19:52:43 ----A---- C:\Windows\system32\vssapi.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wscript.exe
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\wscapi.dll
2009-09-18 19:52:42 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-18 19:52:42 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-18 19:52:41 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-18 19:52:41 ----A---- C:\Windows\system32\wusa.exe
2009-09-18 19:52:41 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-18 19:52:41 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-18 19:52:41 ----A---- C:\Windows\system32\wpcao.dll
2009-09-18 19:52:41 ----A---- C:\Windows\system32\wow32.dll
2009-09-18 19:52:41 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-18 19:52:39 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-18 19:52:39 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-18 19:52:39 ----A---- C:\Windows\system32\wshext.dll
2009-09-18 19:52:39 ----A---- C:\Windows\system32\wshbth.dll
2009-09-18 19:52:39 ----A---- C:\Windows\system32\wsepno.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\wlanui.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\wisptis.exe
2009-09-18 19:52:38 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-18 19:52:38 ----A---- C:\Windows\system32\winrnr.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\winresume.exe
2009-09-18 19:52:38 ----A---- C:\Windows\system32\winmm.dll
2009-09-18 19:52:38 ----A---- C:\Windows\system32\winlogon.exe
2009-09-18 19:52:38 ----A---- C:\Windows\system32\winload.exe
2009-09-18 19:52:37 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-18 19:52:37 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-18 19:52:37 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-18 19:52:37 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-18 19:52:37 ----A---- C:\Windows\system32\winsrv.dll
2009-09-18 19:52:36 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-18 19:52:36 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-18 19:52:36 ----A---- C:\Windows\system32\sud.dll
2009-09-18 19:52:36 ----A---- C:\Windows\system32\Storprop.dll
2009-09-18 19:52:36 ----A---- C:\Windows\system32\stobject.dll
2009-09-18 19:52:35 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-18 19:52:35 ----A---- C:\Windows\system32\srcore.dll
2009-09-18 19:52:35 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-18 19:52:34 ----A---- C:\Windows\system32\sysmain.dll
2009-09-18 19:52:34 ----A---- C:\Windows\system32\sysclass.dll
2009-09-18 19:52:34 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-18 19:52:34 ----A---- C:\Windows\system32\swprv.dll
2009-09-18 19:52:32 ----A---- C:\Windows\system32\smss.exe
2009-09-18 19:52:32 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-18 19:52:32 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-09-18 19:52:32 ----A---- C:\Windows\system32\slwmi.dll
2009-09-18 19:52:31 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-18 19:52:31 ----A---- C:\Windows\system32\slcc.dll
2009-09-18 19:52:31 ----A---- C:\Windows\system32\SLC.dll
2009-09-18 19:52:31 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-18 19:52:31 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-18 19:52:30 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-18 19:52:29 ----A---- C:\Windows\system32\slwga.dll
2009-09-18 19:52:29 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-18 19:52:29 ----A---- C:\Windows\system32\SLUI.exe
2009-09-18 19:52:29 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-18 19:52:29 ----A---- C:\Windows\system32\slcinst.dll
2009-09-18 19:52:28 ----A---- C:\Windows\system32\spp.dll
2009-09-18 19:52:28 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-18 19:52:28 ----A---- C:\Windows\system32\spoolss.dll
2009-09-18 19:52:28 ----A---- C:\Windows\system32\spinstall.exe
2009-09-18 19:52:28 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-18 19:52:28 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-18 19:52:28 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-18 19:52:28 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-18 19:52:26 ----A---- C:\Windows\system32\spwizui.dll
2009-09-18 19:52:26 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-18 19:52:26 ----A---- C:\Windows\system32\sperror.dll
2009-09-18 19:52:25 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-18 19:52:25 ----A---- C:\Windows\system32\spreview.exe
2009-09-18 19:52:25 ----A---- C:\Windows\system32\SnippingTool.exe
2009-09-18 19:52:25 ----A---- C:\Windows\system32\SndVol.exe
2009-09-18 19:52:24 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-18 19:52:24 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-18 19:52:24 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-18 19:52:24 ----A---- C:\Windows\system32\softkbd.dll
2009-09-18 19:52:23 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-18 19:52:23 ----A---- C:\Windows\system32\untfs.dll
2009-09-18 19:52:22 ----A---- C:\Windows\system32\uDWM.dll
2009-09-18 19:52:21 ----A---- C:\Windows\system32\ulib.dll
2009-09-18 19:52:20 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-18 19:52:19 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\tquery.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\themeui.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\themecpl.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\termsrv.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\taskeng.exe
2009-09-18 19:52:03 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-18 19:52:03 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-18 19:49:44 ----D---- C:\Windows\system32\EventProviders
2009-09-16 16:32:35 ----HD---- C:\$AVG8.VAULT$
2009-09-16 15:45:45 ----A---- C:\Windows\system32\avgrsstx.dll
2009-09-16 15:45:27 ----D---- C:\Program Files\AVG
2009-09-16 15:45:26 ----D---- C:\ProgramData\avg8
2009-09-14 16:54:53 ----D---- C:\Program Files\CHIP System-Check-Tool
2009-09-14 16:54:53 ----A---- C:\Windows\system32\DriveInfo.dll
2009-09-14 16:54:53 ----A---- C:\Windows\system32\chipxum.dll
2009-09-14 16:40:06 ----D---- C:\Program Files\Lavalys
2009-09-09 09:06:50 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 09:06:50 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 09:06:50 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 09:06:50 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 09:06:50 ----A---- C:\Windows\system32\finger.exe
2009-09-09 09:06:50 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 09:06:49 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 09:06:49 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 09:06:49 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 09:06:36 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 09:06:35 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 09:06:35 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 09:06:35 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-09 09:06:35 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 09:06:35 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 09:06:34 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 09:06:33 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-09 09:06:33 ----A---- C:\Windows\system32\mfps.dll
2009-09-09 09:06:33 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-09 09:06:33 ----A---- C:\Windows\system32\mf.dll
2009-09-09 09:06:32 ----A---- C:\Windows\system32\mferror.dll
2009-09-09 09:06:29 ----A---- C:\Windows\system32\jscript.dll
2009-09-03 15:43:31 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-03 15:43:30 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-26 22:21:55 ----A---- C:\Windows\system32\tzres.dll
2009-08-26 17:56:40 ----A---- C:\Windows\system32\gameux.dll
2009-08-20 21:15:13 ----D---- C:\Users\Lars\AppData\Roaming\live-player
2009-08-20 21:15:01 ----D---- C:\Program Files\Live-Player
2009-08-20 21:11:53 ----A---- C:\Windows\libem.INI
2009-08-20 21:11:49 ----D---- C:\Users\Lars\AppData\Roaming\BITS
2009-08-20 21:11:45 ----D---- C:\Users\Lars\AppData\Roaming\FlashGetBHO
2009-08-20 21:11:44 ----D---- C:\FlashGet Network
2009-08-20 21:11:29 ----D---- C:\Users\Lars\AppData\Roaming\FlashgetSetup
2009-08-20 21:10:03 ----D---- C:\Users\Lars\AppData\Roaming\PPLive
2009-08-20 21:09:54 ----D---- C:\Program Files\PPLive
2009-08-20 21:07:55 ----A---- C:\Windows\struct~.ini
2009-08-20 20:55:56 ----D---- C:\ProgramData\TVU Networks
2009-08-20 20:55:44 ----D---- C:\Program Files\TVUPlayer
======List of files/folders modified in the last 1 months======

2009-09-19 18:24:43 ----D---- C:\Windows\Temp
2009-09-19 18:21:52 ----D---- C:\Windows\system32\drivers
2009-09-19 18:21:50 ----RD---- C:\Program Files
2009-09-19 18:21:50 ----HD---- C:\ProgramData
2009-09-19 18:15:24 ----D---- C:\Windows\System32
2009-09-19 18:15:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-19 18:15:23 ----D---- C:\Windows\inf
2009-09-19 18:10:34 ----D---- C:\Windows
2009-09-19 18:07:51 ----D---- C:\Users\Lars\AppData\Roaming\Azureus
2009-09-19 15:43:48 ----D---- C:\Windows\Prefetch
2009-09-19 02:21:07 ----SHD---- C:\System Volume Information
2009-09-18 21:07:45 ----D---- C:\Windows\Microsoft.NET
2009-09-18 21:07:38 ----RSD---- C:\Windows\assembly
2009-09-18 20:56:14 ----SD---- C:\Windows\Downloaded Program Files
2009-09-18 20:52:49 ----RD---- C:\Users
2009-09-18 20:40:39 ----D---- C:\Windows\rescache
2009-09-18 20:38:46 ----D---- C:\Users\Lars\AppData\Roaming\Winamp
2009-09-18 20:26:01 ----D---- C:\ProgramData\NVIDIA
2009-09-18 20:23:51 ----SHD---- C:\Boot
2009-09-18 20:23:47 ----D---- C:\Windows\system32\catroot
2009-09-18 20:22:02 ----D---- C:\Windows\system32\catroot2
2009-09-18 20:18:03 ----D---- C:\Program Files\Windows Mail
2009-09-18 20:18:03 ----D---- C:\Program Files\Windows Calendar
2009-09-18 20:18:03 ----D---- C:\Program Files\Movie Maker
2009-09-18 20:18:00 ----D---- C:\Program Files\Windows Sidebar
2009-09-18 20:18:00 ----D---- C:\Program Files\Windows Media Player
2009-09-18 20:18:00 ----D---- C:\Program Files\Internet Explorer
2009-09-18 20:17:59 ----D---- C:\Program Files\Windows Journal
2009-09-18 20:17:59 ----D---- C:\Program Files\Windows Collaboration
2009-09-18 20:17:56 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-18 20:17:56 ----D---- C:\Program Files\Common Files\System
2009-09-18 20:17:50 ----D---- C:\Windows\servicing
2009-09-18 20:17:50 ----D---- C:\Program Files\Windows Defender
2009-09-18 20:17:49 ----D---- C:\Windows\ehome
2009-09-18 20:17:18 ----D---- C:\Windows\system32\lv-LV
2009-09-18 20:17:18 ----D---- C:\Windows\IME
2009-09-18 20:17:17 ----D---- C:\Windows\system32\XPSViewer
2009-09-18 20:17:17 ----D---- C:\Windows\system32\sk-SK
2009-09-18 20:17:17 ----D---- C:\Windows\system32\ko-KR
2009-09-18 20:17:17 ----D---- C:\Windows\system32\hr-HR
2009-09-18 20:17:17 ----D---- C:\Windows\system32\et-EE
2009-09-18 20:17:17 ----D---- C:\Windows\system32\en-US
2009-09-18 20:17:17 ----D---- C:\Windows\system32\da-DK
2009-09-18 20:17:16 ----D---- C:\Windows\system32\de-DE
2009-09-18 20:17:13 ----D---- C:\Windows\system32\oobe
2009-09-18 20:17:13 ----D---- C:\Windows\system32\migration
2009-09-18 20:17:13 ----D---- C:\Windows\system32\it-IT
2009-09-18 20:17:13 ----D---- C:\Windows\system32\el-GR
2009-09-18 20:17:07 ----D---- C:\Windows\system32\sv-SE
2009-09-18 20:17:07 ----D---- C:\Windows\system32\SLUI
2009-09-18 20:17:07 ----D---- C:\Windows\system32\setup
2009-09-18 20:17:07 ----D---- C:\Windows\system32\ru-RU
2009-09-18 20:17:07 ----D---- C:\Windows\system32\pt-PT
2009-09-18 20:17:07 ----D---- C:\Windows\system32\hu-HU
2009-09-18 20:17:07 ----D---- C:\Windows\system32\he-IL
2009-09-18 20:17:07 ----D---- C:\Windows\system32\fr-FR
2009-09-18 20:17:07 ----D---- C:\Windows\system32\fi-FI
2009-09-18 20:17:07 ----D---- C:\Windows\system32\cs-CZ
2009-09-18 20:17:07 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-18 20:17:06 ----D---- C:\Windows\system32\zh-TW
2009-09-18 20:17:06 ----D---- C:\Windows\system32\zh-CN
2009-09-18 20:17:06 ----D---- C:\Windows\system32\uk-UA
2009-09-18 20:17:06 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-18 20:17:06 ----D---- C:\Windows\system32\sl-SI
2009-09-18 20:17:06 ----D---- C:\Windows\system32\pl-PL
2009-09-18 20:17:06 ----D---- C:\Windows\system32\manifeststore
2009-09-18 20:17:06 ----D---- C:\Windows\system32\es-ES
2009-09-18 20:17:05 ----D---- C:\Windows\system32\ro-RO
2009-09-18 20:17:05 ----D---- C:\Windows\system32\ja-JP
2009-09-18 20:17:05 ----D---- C:\Windows\system32\bg-BG
2009-09-18 20:17:04 ----D---- C:\Windows\system32\th-TH
2009-09-18 20:17:02 ----D---- C:\Windows\system32\wbem
2009-09-18 20:17:02 ----D---- C:\Windows\system32\tr-TR
2009-09-18 20:16:59 ----D---- C:\Windows\system32\nl-NL
2009-09-18 20:16:59 ----D---- C:\Windows\system32\nb-NO
2009-09-18 20:16:59 ----D---- C:\Windows\system32\lt-LT
2009-09-18 20:16:59 ----D---- C:\Windows\system32\ar-SA
2009-09-18 20:16:57 ----D---- C:\Windows\system32\migwiz
2009-09-18 20:16:56 ----D---- C:\Windows\system32\pt-BR
2009-09-18 20:15:16 ----RSD---- C:\Windows\Fonts
2009-09-18 20:15:16 ----D---- C:\Windows\AppPatch
2009-09-18 20:15:03 ----D---- C:\Windows\system32\Boot
2009-09-18 20:14:16 ----D---- C:\Windows\system32\RTCOM
2009-09-18 20:10:59 ----D---- C:\Windows\winsxs
2009-09-18 19:10:05 ----D---- C:\Users\Lars\AppData\Roaming\temp
2009-09-18 15:10:55 ----D---- C:\Users\Lars\AppData\Roaming\vlc
2009-09-17 21:37:55 ----D---- C:\Towergaming
2009-09-16 21:29:38 ----D---- C:\Program Files\Acer GameZone
2009-09-16 21:29:22 ----D---- C:\Windows\system32\Tasks
2009-09-16 21:28:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-16 21:28:51 ----SHD---- C:\Windows\Installer
2009-09-16 21:28:51 ----D---- C:\Program Files\Acer Arcade Deluxe
2009-09-16 21:27:43 ----D---- C:\ProgramData\CyberLink
2009-09-16 18:30:27 ----D---- C:\Program Files\Common Files\Steam
2009-09-16 15:43:17 ----SD---- C:\Users\Lars\AppData\Roaming\Microsoft
2009-09-14 17:10:52 ----D---- C:\Windows\system32\OEM
2009-09-14 17:10:52 ----D---- C:\Windows\system32\Msdtc
2009-09-14 17:10:52 ----D---- C:\Windows\system32\config
2009-09-14 17:10:51 ----D---- C:\Windows\Panther
2009-09-14 17:10:51 ----D---- C:\Windows\Logs
2009-09-14 17:10:51 ----D---- C:\Windows\Debug
2009-09-14 17:10:48 ----D---- C:\ACER
2009-08-21 16:47:28 ----D---- C:\Program Files\Common Files
2009-08-20 21:26:39 ----D---- C:\ProgramData\Google
2009-08-20 21:07:55 ----D---- C:\Users\Lars\AppData\Roaming\Google

torx · 19.09.2009, 17:59

und hier ist der rest:

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-09-16 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-09-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-09-16 108552]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-14 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-24 55656]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-14 25888]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-07-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-05-27 9850240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\Windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\Windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 asd45n7k;asd45n7k; C:\Windows\system32\drivers\asd45n7k.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-05-25 26736]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-24 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-16 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-16 297752]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-27 211488]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-08-30 316664]
bitte helft mir

torx · 19.09.2009, 18:01

ccleaner durchlaufen lassen und antimalware --> ohne befund

john.doe · 19.09.2009, 18:19

Schöne Logs. *

ist gelogen*

Wurde der Rechner erst kürzlich installiert?

Die hier vorgestellten Programme benötigt Windows nicht unbedingt.
Bitte unter Start => Systemsteuerung => Software => Ändern/Entfernen... deinstallieren.

Selbst wenn du ein sicheres P2P Programm verwendest, ist es nur das Programm, das sicher ist. Du wirst Daten von unsicheren Quellen teilen und diese sind häufig infiziert.

Also BearShare und Azureus/Vuze bitte sofort deinstallieren, ansonsten sind alle weiteren Schritte eher sinnlos.

1.) Deinstalliere:

Acer ScreenSaver
AVG Free 8.5
BearShare
Bonjour
CHIP System-Check-Tool 1.1.9.15 (das ist von 2007 und wird nicht mehr gepflegt! Zudem werden beim Chipforum meine Beiträge zensiert. Wie kann man nur ein Zitat von George Orwell zensieren? Ich muss das der Internetbehörde melden!)
Java(TM) 6 Update 13
VLC media player 0.9.9
Vuze

2.) Installiere (Toolbars immer abwählen, Haken weg):

Poste in Zukunft alle Logs vollständig. Da fehlen wichtige Zeilen von log.txt.

Von welchem Prozess wird denn ntdll.dll gestartet? In den Logs fehlt jegliches Anzeichen davon. Kann es sein, dass du den Rechner grundsätzlich nur in den Ruhezustand schickst? Führe einen Neustart durch.

ciao, andreas

explorer.exe 100%Auslastung

Log-Analyse und Auswertung: explorer.exe 100%Auslastung