| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://www.google-analytics.com/ga.jsI>(gzip) = Malware ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2011, 11:16
| #1 |
 |  http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo ich hoffe mir kann jemand helfen. Ich verwende W7 Prof. und darauf Free-Virenschutz Avast wobei ich damit seit Jahren zufrieden war. Seit 1 Wo habe ich mir irgendwo eine ?? Malware Virus eingefangen die ich dann mit "Malwarebytes' Anti-Malware" reinigen konnte. Jetzt bekomme ich immer wieder (bei fast jedem Aufruf einer Google-Suche oder auch einer Firefox-Suche folgende meldung: Malware blockiert Objekt: hxxp://www.google-analytics.com/ga.jsI>(gzip) Ich habe im Internet gefunden das es sich hierbei um eine Falschmeldung handeln könnte. Deshalb meine Frage. Kann dies möglich sein oder habe ich einen Virus etc. der nicht gefunden wird. Seit kurzem sind mit diesem Fehler auch meine anderen 4 Computer (die vernetzt sind) davon befallen worauf aber auch der selbe Virenschutz verwendet wird. Vielen Dank für Eure Antwort |
|
16.03.2011, 12:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ?Zitat:
__________________ |
|
16.03.2011, 12:35
| #3 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo! Ich habe hier alle Reportdateien und Meldungen erstellt.
__________________Vielen Dank für die Hilfe! |
|
16.03.2011, 13:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Was soll man mit solchen kleinen Bildern anfangen? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2011, 13:42
| #5 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Sorry hier hoffentlich grösser! |
|
16.03.2011, 14:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Aktualisier Malwarebytes bitte übder den Update-Button und mach einen neuen Vollscan.
__________________ --> http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? |
|
16.03.2011, 14:46
| #7 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Cosinus! Ich werd verrückt, jetzt sind schon wieder 3 von diesen Viechern drauf. Hier der Report: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6075 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 16.03.2011 20:33:57 mbam-log-2011-03-16 (20-33-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 226775 Laufzeit: 23 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. Habe sie alle wieder gelöscht! Wie kann es sein das die alle Tage neu drauf kommen? Ist das Avast Antivirus nicht gut? Noch eine Frage: Ich kann mich unterm IE-Explorer nicht auf diese Website einloggen. Dabei gebe ich meinen Anmeldename und PW ein und komme wieder auf diese Seite zurück ohne eingelogt zu sein. Unter Mozilla funktionierts. Dieses Problem habe ich auch bei anderen Forumsanmeldungen. Weißt du viellleicht darüber Bescheid?? VIELEN DANK |
|
16.03.2011, 14:53
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ?Zitat:
Mach bitte neue Logs mit OTL.exe und poste sie.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 15:20
| #9 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arne! Hier die Log von OTL (Hoffentlich richtig?)OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2011 21:08:44 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = E:\WINDOWS7\Download An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 37,95 Gb Free Space | 64,76% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 34,78 Gb Free Space | 71,23% Space Free | Partition Type: NTFS Drive E: | 194,94 Gb Total Space | 118,91 Gb Free Space | 61,00% Space Free | Partition Type: NTFS Drive H: | 54,32 Gb Total Space | 37,32 Gb Free Space | 68,70% Space Free | Partition Type: NTFS Drive T: | 194,94 Gb Total Space | 103,10 Gb Free Space | 52,89% Space Free | Partition Type: NTFS Drive U: | 44,55 Gb Total Space | 28,82 Gb Free Space | 64,68% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: ****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\WINDOWS7\Download\OTL.exe (OldTimer Tools) PRC - E:\WINDOWS7\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - E:\WINDOWS7\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - E:\WINDOWS7\Programme\Real\Update\realsched.exe (RealNetworks, Inc.) PRC - E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software) PRC - E:\WINDOWS7\Programme\wincmd\TOTALCMD.EXE (Ghisler Software GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC) PRC - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe () PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe (A4Tech Co.,Ltd.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe (Idea2) PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.) PRC - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe () ========== Modules (SafeList) ========== MOD - E:\WINDOWS7\Download\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll (Microsoft Corporation) MOD - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\MouseDll.dll () ========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (RalinkRegistryWriter) -- E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe () SRV - (NBService) -- E:\WINDOWS7\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.) SRV - (FirebirdServerMAGIXInstance) -- E:\WINDOWS7\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys () DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.) DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 59 E4 8A AF C5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www2.superchat.at/index" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.14 10:54:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\WINDOWS7\Programme\Mozilla Firefox\components [2011.03.07 13:20:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\WINDOWS7\Programme\Mozilla Firefox\plugins [2011.03.07 13:20:23 | 000,000,000 | ---D | M] [2010.03.19 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions [2010.10.30 15:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\4gnrnlsn.default\extensions [2010.11.14 10:54:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT O1 HOSTS File: ([2009.06.11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iKeyWorks] e:\WINDOWS7\Programme\Tastatur\Ikeymain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [LanguageShortcut] E:\WINDOWS7\Programme\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RemoteControl] E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] E:\WINDOWS7\Programme\Real\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DMS-Kalenderchen] E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software) O4 - HKCU..\Run: [IncrediMail] E:\WINDOWS7\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [SIDEBAR] E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe (Idea2) O4 - Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse.lnk = E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\WINDOWS7\Programme\IncrediMail\Bin\resources\WebMenuImg.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\WINDOWS7\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 174.127.86.224 208.67.222.222 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.02 15:41:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.12 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2 [2011.03.12 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2 [2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2 [2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2 [2011.03.12 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22 [2011.03.12 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2 [2011.03.11 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2011.03.11 18:35:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.11 18:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.11 18:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.11 18:35:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.09 15:46:52 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.09 15:46:52 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.03.09 15:46:47 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 15:46:47 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011.03.09 15:46:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 15:46:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 09:55:44 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.03.08 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32 [2011.03.08 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2 [2011.03.08 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Apps [2011.03.08 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2 [2011.03.08 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2 [2011.03.08 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2 [2011.02.23 09:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.02.23 09:29:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.02.23 09:27:41 | 003,330,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe [2011.02.23 09:27:41 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe [2011.02.23 09:27:41 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe [2011.02.23 09:27:40 | 002,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe [2011.02.23 09:27:40 | 001,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe [2011.02.23 09:27:40 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll [2011.02.23 09:27:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2011.02.23 09:27:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2011.02.23 09:27:35 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.23 09:27:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.02.23 09:27:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.02.23 09:27:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.02.23 09:27:33 | 000,296,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys [2011.02.23 09:27:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.02.23 09:27:32 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.02.23 09:27:31 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.02.23 09:27:30 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.23 09:27:30 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.23 09:27:30 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll [2011.02.23 09:27:29 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.02.23 09:27:29 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011.02.23 09:27:29 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2011.02.23 09:27:28 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.23 09:27:28 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll [2011.02.23 09:27:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.02.23 09:27:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.02.23 09:27:27 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.02.23 09:27:27 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2011.02.23 09:27:26 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll [2011.02.23 09:27:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.02.23 09:27:25 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys [2011.02.23 09:27:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys [2011.02.23 09:27:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys [2011.02.23 09:27:24 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.02.23 09:27:24 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll [2011.02.23 09:27:23 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.02.23 09:27:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe [2011.02.23 09:27:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe [2011.02.23 09:27:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe [2011.02.23 09:27:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.02.23 09:27:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2011.02.23 09:27:22 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll [2011.02.23 09:27:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe [2011.02.23 09:27:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll [2011.02.23 09:27:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.02.23 09:27:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll [2011.02.23 09:27:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.23 09:27:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.02.23 09:27:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll [2011.02.23 09:27:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2011.02.23 09:27:20 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll [2011.02.23 09:27:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll [2011.02.23 09:27:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll [2011.02.23 09:27:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll [2011.02.23 09:27:19 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.23 09:27:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll [2011.02.23 09:27:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.02.23 09:27:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.23 09:27:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011.02.23 09:27:18 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll [2011.02.23 09:27:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll [2011.02.23 09:27:17 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll [2011.02.23 09:27:17 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll [2011.02.23 09:27:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011.02.23 09:27:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll [2011.02.23 09:27:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011.02.23 09:27:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.02.23 09:27:16 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2011.02.23 09:27:16 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll [2011.02.23 09:27:16 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll [2011.02.23 09:27:16 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011.02.23 09:27:16 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.02.23 09:27:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe [2011.02.23 09:27:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.23 09:27:15 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll [2011.02.23 09:27:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.02.23 09:27:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll [2011.02.23 09:27:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.23 09:27:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2011.02.23 09:27:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe [2011.02.23 09:27:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll [2011.02.23 09:27:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll [2011.02.23 09:27:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.02.23 09:27:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll [2011.02.23 09:27:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll [2011.02.23 09:27:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll [2011.02.23 09:27:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.02.23 09:27:13 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll [2011.02.23 09:27:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.02.23 09:27:13 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe [2011.02.23 09:27:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2011.02.23 09:27:13 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll [2011.02.23 09:27:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll [2011.02.23 09:27:12 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2011.02.23 09:27:11 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll [2011.02.23 09:27:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.02.23 09:27:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll [2011.02.23 09:27:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe [2011.02.23 09:27:11 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.23 09:27:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2011.02.23 09:27:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll [2011.02.23 09:27:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.02.23 09:27:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.23 09:27:11 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll [2011.02.23 09:27:10 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011.02.23 09:27:10 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe [2011.02.23 09:27:10 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll [2011.02.23 09:27:10 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll [2011.02.23 09:27:09 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll [2011.02.23 09:27:09 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.23 09:27:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll [2011.02.23 09:27:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll [2011.02.23 09:27:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll [2011.02.23 09:27:08 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011.02.23 09:27:08 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.02.23 09:27:08 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2011.02.23 09:27:08 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2011.02.23 09:27:08 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe [2011.02.23 09:27:08 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll [2011.02.23 09:27:08 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe [2011.02.23 09:27:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.02.23 09:27:07 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.02.23 09:27:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll [2011.02.23 09:27:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll [2011.02.23 09:27:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll [2011.02.23 09:27:07 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys [2011.02.23 09:27:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL [2011.02.23 09:27:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2011.02.23 09:27:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011.02.23 09:27:06 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll [2011.02.23 09:27:06 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2011.02.23 09:27:06 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll [2011.02.23 09:27:06 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll [2011.02.23 09:27:06 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll [2011.02.23 09:27:06 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll [2011.02.23 09:27:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.02.23 09:27:06 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.02.23 09:27:05 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll [2011.02.23 09:27:05 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll [2011.02.23 09:27:05 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe [2011.02.23 09:27:05 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.02.23 09:27:05 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe [2011.02.23 09:27:05 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll [2011.02.23 09:27:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll [2011.02.23 09:27:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011.02.23 09:27:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2011.02.23 09:27:04 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL [2011.02.23 09:27:04 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2011.02.23 09:27:04 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll [2011.02.23 09:27:04 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll [2011.02.23 09:27:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.02.23 09:27:04 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.23 09:27:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll [2011.02.23 09:27:04 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe [2011.02.23 09:27:03 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.02.23 09:27:03 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll [2011.02.23 09:27:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.02.23 09:27:03 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll [2011.02.23 09:27:03 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2011.02.23 09:27:03 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll [2011.02.23 09:27:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll [2011.02.23 09:27:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.02.23 09:27:02 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll [2011.02.23 09:27:02 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe [2011.02.23 09:27:02 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe [2011.02.23 09:27:02 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll [2011.02.23 09:27:02 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll [2011.02.23 09:27:02 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll [2011.02.23 09:27:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll [2011.02.23 09:27:02 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.02.23 09:27:02 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL [2011.02.23 09:27:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2011.02.23 09:27:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll [2011.02.23 09:27:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe [2011.02.23 09:27:01 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.23 09:27:01 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe [2011.02.23 09:27:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll [2011.02.23 09:27:01 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll [2011.02.23 09:27:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2011.02.23 09:27:01 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe [2011.02.23 09:27:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011.02.23 09:27:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll [2011.02.23 09:27:01 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll [2011.02.23 09:27:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2011.02.23 09:27:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.02.23 09:27:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll [2011.02.23 09:27:01 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.02.23 09:27:01 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.02.23 09:27:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll [2011.02.23 09:27:01 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011.02.23 09:27:00 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll [2011.02.23 09:27:00 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011.02.23 09:27:00 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll [2011.02.23 09:27:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.02.23 09:27:00 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL [2011.02.23 09:27:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll [2011.02.23 09:26:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll [2011.02.23 09:26:59 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll [2011.02.23 09:26:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.02.23 09:26:59 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.02.23 09:26:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll [2011.02.23 09:26:59 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.02.23 09:26:59 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll [2011.02.23 09:26:59 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll [2011.02.23 09:26:59 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys [2011.02.23 09:26:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll [2011.02.23 09:26:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.23 09:26:58 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll [2011.02.23 09:26:58 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll [2011.02.23 09:26:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll [2011.02.23 09:26:58 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2011.02.23 09:26:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe [2011.02.23 09:26:57 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll [2011.02.23 09:26:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011.02.23 09:26:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll [2011.02.23 09:26:57 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll [2011.02.23 09:26:57 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll [2011.02.23 09:26:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe [2011.02.23 09:26:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.02.23 09:26:57 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys [2011.02.23 09:26:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.23 09:26:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll [2011.02.23 09:26:57 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys [2011.02.23 09:26:57 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys [2011.02.23 09:26:56 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll [2011.02.23 09:26:56 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll [2011.02.23 09:26:56 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll [2011.02.23 09:26:56 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll [2011.02.23 09:26:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll [2011.02.23 09:26:56 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll [2011.02.23 09:26:56 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe [2011.02.23 09:26:56 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2011.02.23 09:26:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll [2011.02.23 09:26:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll [2011.02.23 09:26:56 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll [2011.02.23 09:26:56 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys [2011.02.23 09:26:55 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll [2011.02.23 09:26:55 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll [2011.02.23 09:26:55 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll [2011.02.23 09:26:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr [2011.02.23 09:26:55 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll [2011.02.23 09:26:55 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll [2011.02.23 09:26:55 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll [2011.02.23 09:26:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.02.23 09:26:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll [2011.02.23 09:26:55 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.02.23 09:26:54 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll [2011.02.23 09:26:54 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe [2011.02.23 09:26:54 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll [2011.02.23 09:26:54 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll [2011.02.23 09:26:54 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll [2011.02.23 09:26:54 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll [2011.02.23 09:26:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2011.02.23 09:26:54 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2011.02.23 09:26:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll [2011.02.23 09:26:54 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2011.02.23 09:26:54 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe [2011.02.23 09:26:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll [2011.02.23 09:26:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll [2011.02.23 09:26:54 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll [2011.02.23 09:26:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll [2011.02.23 09:26:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe [2011.02.23 09:26:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll [2011.02.23 09:26:53 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll [2011.02.23 09:26:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl [2011.02.23 09:26:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll [2011.02.23 09:26:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll [2011.02.23 09:26:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL [2011.02.23 09:26:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2011.02.23 09:26:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2011.02.23 09:26:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll [2011.02.23 09:26:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll [2011.02.23 09:26:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll [2011.02.23 09:26:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll [2011.02.23 09:26:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll [2011.02.23 09:26:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll [2011.02.23 09:26:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll [2011.02.23 09:26:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe [2011.02.23 09:26:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.02.23 09:26:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe [2011.02.23 09:26:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll [2011.02.23 09:26:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll [2011.02.23 09:26:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll [2011.02.23 09:26:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll [2011.02.23 09:26:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll [2011.02.23 09:26:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl [2011.02.23 09:26:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl [2011.02.23 09:26:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2011.02.23 09:26:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll [2011.02.23 09:26:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll [2011.02.23 09:26:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx [2011.02.23 09:26:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl [2011.02.23 09:26:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll [2011.02.23 09:26:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll [2011.02.23 09:26:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll [2011.02.23 09:26:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll [2011.02.23 09:26:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll [2011.02.23 09:26:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll [2011.02.23 09:26:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.23 09:26:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll [2011.02.23 09:26:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll [2011.02.23 09:26:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2011.02.23 09:26:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.23 09:26:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll [2011.02.23 09:26:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys [2011.02.23 09:26:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2011.02.23 09:26:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe [2011.02.23 09:26:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll [2011.02.23 09:26:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll [2011.02.23 09:26:50 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.02.23 09:26:50 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll [2011.02.23 09:26:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2011.02.23 09:26:50 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe [2011.02.23 09:26:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll [2011.02.23 09:26:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll [2011.02.23 09:26:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll [2011.02.23 09:26:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll [2011.02.23 09:26:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax [2011.02.23 09:26:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2011.02.23 09:26:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.02.23 09:26:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2011.02.23 09:26:49 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll [2011.02.23 09:26:49 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll [2011.02.23 09:26:49 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll [2011.02.23 09:26:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe [2011.02.23 09:26:49 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2011.02.23 09:26:49 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe [2011.02.23 09:26:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2011.02.23 09:26:49 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe [2011.02.23 09:26:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll [2011.02.23 09:26:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax [2011.02.23 09:26:48 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll [2011.02.23 09:26:48 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL [2011.02.23 09:26:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll [2011.02.23 09:26:48 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011.02.23 09:26:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2011.02.23 09:26:47 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll [2011.02.23 09:26:47 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe [2011.02.23 09:26:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2011.02.23 09:26:47 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll [2011.02.23 09:26:47 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll [2011.02.23 09:26:47 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe [2011.02.23 09:26:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll [2011.02.23 09:26:47 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll [2011.02.23 09:26:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll [2011.02.23 09:26:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.02.23 09:26:47 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll [2011.02.23 09:26:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe [2011.02.23 09:26:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.02.23 09:26:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe [2011.02.23 09:26:47 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.02.23 09:26:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll [2011.02.23 09:26:46 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll [2011.02.23 09:26:46 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll [2011.02.23 09:26:46 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll [2011.02.23 09:26:46 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp [2011.02.23 09:26:46 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll [2011.02.23 09:26:46 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe [2011.02.23 09:26:46 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll [2011.02.23 09:26:46 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe [2011.02.23 09:26:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.23 09:26:46 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll [2011.02.23 09:26:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll [2011.02.23 09:26:45 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2011.02.23 09:26:45 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2011.02.23 09:26:45 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr [2011.02.23 09:26:45 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll [2011.02.23 09:26:45 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll [2011.02.23 09:26:45 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll [2011.02.23 09:26:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll [2011.02.23 09:26:45 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.02.23 09:26:45 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe [2011.02.23 09:26:45 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.02.23 09:26:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll [2011.02.23 09:26:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe [2011.02.23 09:26:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.02.23 09:26:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.02.23 09:26:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011.02.23 09:26:44 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll [2011.02.23 09:26:44 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2011.02.23 09:26:44 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe [2011.02.23 09:26:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe [2011.02.23 09:26:44 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011.02.23 09:26:44 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe [2011.02.23 09:26:44 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe [2011.02.23 09:26:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll [2011.02.23 09:26:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll [2011.02.23 09:26:44 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2011.02.23 09:26:44 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll [2011.02.23 09:26:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe [2011.02.23 09:26:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll [2011.02.23 09:26:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL [2011.02.23 09:26:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll [2011.02.23 09:26:44 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL [2011.02.23 09:26:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll [2011.02.23 09:26:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll [2011.02.23 09:26:43 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll [2011.02.23 09:26:43 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.02.23 09:26:43 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll [2011.02.23 09:26:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll [2011.02.23 09:26:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll [2011.02.23 09:26:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.02.23 09:26:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.02.23 09:26:43 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.02.23 09:26:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe [2011.02.23 09:26:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe [2011.02.23 09:26:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2011.02.23 09:26:42 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.23 09:26:42 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr [2011.02.23 09:26:42 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll [2011.02.23 09:26:42 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.23 09:26:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll [2011.02.23 09:26:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll [2011.02.23 09:26:42 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe [2011.02.23 09:26:42 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll [2011.02.23 09:26:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll [2011.02.23 09:26:42 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011.02.23 09:26:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll [2011.02.23 09:26:42 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.02.23 09:26:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax [2011.02.23 09:26:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe [2011.02.23 09:26:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe [2011.02.23 09:26:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll [2011.02.23 09:26:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll [2011.02.23 09:26:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll [2011.02.23 09:26:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll [2011.02.23 09:26:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL [2011.02.23 09:26:41 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL [2011.02.23 09:26:41 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll [2011.02.23 09:26:41 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011.02.23 09:26:41 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.02.23 09:26:41 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe [2011.02.23 09:26:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr [2011.02.23 09:26:41 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr [2011.02.23 09:26:41 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll [2011.02.23 09:26:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll [2011.02.23 09:26:41 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2011.02.23 09:26:41 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax [2011.02.23 09:26:41 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl [2011.02.23 09:26:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe [2011.02.23 09:26:41 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll [2011.02.23 09:26:41 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll [2011.02.23 09:26:41 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll [2011.02.23 09:26:41 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax [2011.02.23 09:26:41 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL [2011.02.23 09:26:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll [2011.02.23 09:26:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.02.23 09:26:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe [2011.02.23 09:26:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll [2011.02.23 09:26:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll [2011.02.23 09:26:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll [2011.02.23 09:26:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.02.23 09:26:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe [2011.02.23 09:26:41 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll [2011.02.23 09:26:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe [2011.02.23 09:26:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe [2011.02.23 09:26:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2011.02.23 09:26:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2011.02.23 09:26:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll [2011.02.23 09:26:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2011.02.23 09:26:40 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.02.23 09:26:40 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2011.02.23 09:26:40 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll [2011.02.23 09:26:40 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll [2011.02.23 09:26:40 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2011.02.23 09:26:40 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll [2011.02.23 09:26:40 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll [2011.02.23 09:26:40 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe [2011.02.23 09:26:40 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll [2011.02.23 09:26:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll [2011.02.23 09:26:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe [2011.02.23 09:26:40 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.02.23 09:26:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL [2011.02.23 09:26:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe [2011.02.23 09:26:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll [2011.02.23 09:26:40 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll [2011.02.23 09:26:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll [2011.02.23 09:26:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll [2011.02.23 09:26:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe [2011.02.23 09:26:39 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll [2011.02.23 09:26:39 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe [2011.02.23 09:26:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe [2011.02.23 09:26:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl [2011.02.23 09:26:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011.02.23 09:26:39 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll [2011.02.23 09:26:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.02.23 09:26:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll [2011.02.23 09:26:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll [2011.02.23 09:26:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll [2011.02.23 09:26:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe [2011.02.23 09:26:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll [2011.02.23 09:26:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll [2011.02.23 09:26:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll [2011.02.23 09:26:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll [2011.02.23 09:26:39 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe [2011.02.23 09:26:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll [2011.02.23 09:26:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll [2011.02.23 09:26:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe [2011.02.23 09:26:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe [2011.02.23 09:26:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe [2011.02.23 09:26:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe [2011.02.23 09:26:39 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe [2011.02.23 09:26:39 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe [2011.02.23 09:26:38 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME [2011.02.23 09:26:38 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll [2011.02.23 09:26:38 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.02.23 09:26:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll [2011.02.23 09:26:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll [2011.02.23 09:26:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll [2011.02.23 09:26:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.02.23 09:26:38 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll [2011.02.23 09:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll [2011.02.23 09:26:38 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2011.02.23 09:26:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax [2011.02.23 09:26:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.02.23 09:26:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe [2011.02.23 09:26:38 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe [2011.02.23 09:26:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe [2011.02.23 09:26:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe [2011.02.23 09:26:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe [2011.02.23 09:26:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe [2011.02.23 09:26:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe [2011.02.23 09:26:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll [2011.02.23 09:26:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll [2011.02.23 09:26:37 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.02.23 09:26:37 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll [2011.02.23 09:26:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.02.23 09:26:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll [2011.02.23 09:26:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll [2011.02.23 09:26:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe [2011.02.23 09:26:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe [2011.02.23 09:26:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.02.23 09:26:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe [2011.02.23 09:26:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll [2011.02.23 09:26:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll [2011.02.23 09:26:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe [2011.02.23 09:26:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll [2011.02.23 09:26:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll [2011.02.23 09:26:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2011.02.23 09:26:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.02.23 09:26:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys [2011.02.23 09:26:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe [2011.02.23 09:26:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe [2011.02.23 09:26:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll [2011.02.23 09:26:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys [2011.02.23 09:26:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe [2011.02.23 09:26:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe [2011.02.23 09:26:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe [2011.02.23 09:26:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll [2011.02.23 09:26:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll [2011.02.23 09:26:36 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011.02.23 09:26:36 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll [2011.02.23 09:26:36 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll [2011.02.23 09:26:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax [2011.02.23 09:26:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll [2011.02.23 09:26:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2011.02.23 09:26:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll [2011.02.23 09:26:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2011.02.23 09:26:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll [2011.02.23 09:26:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax [2011.02.23 09:26:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll [2011.02.23 09:26:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll [2011.02.23 09:26:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.02.23 09:26:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll [2011.02.23 09:26:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe [2011.02.23 09:26:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe [2011.02.23 09:26:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe [2011.02.23 09:26:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll [2011.02.23 09:26:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll [2011.02.23 09:26:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll [2011.02.23 09:26:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll [2011.02.23 09:26:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll [2011.02.23 09:26:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll [2011.02.23 09:26:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll [2011.02.23 09:26:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll [2011.02.23 09:26:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll [2011.02.23 09:26:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll [2011.02.23 09:26:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.23 09:26:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime [2011.02.23 09:26:34 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.02.23 09:26:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll [2011.02.23 09:26:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll [2011.02.23 09:26:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll [2011.02.23 09:26:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll [2011.02.23 09:26:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.23 09:26:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys [2011.02.23 09:26:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys [2011.02.23 09:26:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys [2011.02.23 09:26:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll [2011.02.23 09:26:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll [2011.02.23 09:26:32 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll [2011.02.23 09:26:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll [2011.02.23 09:26:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll [2011.02.23 09:26:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll [2011.02.23 09:26:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll [2011.02.23 09:26:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll [2011.02.23 09:26:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL [2011.02.23 09:26:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.02.23 09:26:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.02.23 09:26:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll [2011.02.23 09:26:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll [2011.02.23 09:26:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL [2011.02.23 09:26:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL [2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL [2011.02.23 09:26:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL [2011.02.23 09:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.02.23 09:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.02.23 09:26:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll [2011.02.23 09:26:30 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll [2011.02.23 09:26:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll [2011.02.23 09:26:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll [2011.02.23 09:26:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL [2011.02.23 09:26:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL [2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL [2011.02.23 09:26:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL [2011.02.23 09:26:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL [2011.02.23 09:26:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys [2011.02.23 09:26:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll [2011.02.23 09:26:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.02.23 09:26:05 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll [2011.02.23 09:26:05 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.02.23 09:25:55 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll [2011.02.23 09:25:51 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe [2011.02.23 09:25:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll [2011.02.23 09:25:30 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll [2011.02.23 09:25:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll [2011.02.23 09:12:28 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.23 09:12:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.23 09:12:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll ========== Files - Modified Within 30 Days ========== [2011.03.16 20:43:03 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.16 20:43:03 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.16 20:42:16 | 000,655,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.16 20:42:16 | 000,616,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.16 20:42:16 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.16 20:42:16 | 000,106,728 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.16 20:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.16 20:36:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.16 20:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.16 20:35:43 | 2213,986,304 | -HS- | M] () -- C:\hiberfil.sys [2011.03.15 19:48:50 | 000,061,440 | ---- | M] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.09 09:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.03.05 09:39:32 | 000,000,220 | ---- | M] () -- C:\Users\Helmut\Desktop\Ö3 ADSL.url [2011.02.23 22:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.02.23 22:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.02.23 21:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.02.23 21:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.02.23 21:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.02.23 21:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.02.23 21:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.02.23 21:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.02.23 09:40:08 | 000,370,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.23 09:34:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll [2011.02.19 13:30:51 | 001,076,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.19 13:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll ========== Files Created - No Company Name ========== [2011.03.05 09:38:54 | 000,000,220 | ---- | C] () -- C:\Users\Helmut\Desktop\Ö3 ADSL.url [2011.02.23 09:27:25 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.02.23 09:26:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.23 09:26:35 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011.02.23 09:26:29 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2010.12.30 11:50:44 | 000,000,419 | ---- | C] () -- C:\Users\Helmut\AppData\Local\Temp_tmp_.xml [2010.12.04 12:56:32 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll [2010.12.04 12:53:14 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2010.12.04 12:53:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2010.12.04 12:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll [2010.12.04 12:25:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2010.12.04 12:25:11 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll [2010.12.04 12:23:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\ccmove32.dll [2010.12.04 12:23:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Cc32.dll [2010.10.31 10:58:44 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI [2010.04.22 20:14:24 | 000,000,615 | R--- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.04.22 20:14:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RAEXTUI.dll [2010.04.19 21:28:42 | 000,002,057 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini [2010.04.16 20:50:36 | 000,000,446 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.22 08:57:39 | 000,061,440 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.19 19:58:42 | 000,004,480 | ---- | C] () -- C:\Windows\HGW2.INI [2010.03.19 19:58:42 | 000,004,333 | ---- | C] () -- C:\Windows\HFX100.INI [2010.03.19 19:58:33 | 000,000,368 | ---- | C] () -- C:\Windows\SPCDIRS.INI [2010.03.19 19:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.03.19 16:11:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.03.19 16:07:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.19 14:07:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.03.18 21:23:03 | 000,036,919 | ---- | C] () -- C:\Windows\dbetdfmt.ini [2010.03.18 21:11:15 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini [2010.03.18 21:11:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\JPEGLIB.DLL [2010.03.18 21:11:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\EnrouteStitch.dll [2010.03.18 21:11:08 | 000,332,800 | ---- | C] () -- C:\Windows\System32\FPXLIB.DLL [2010.03.17 21:54:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.03.17 14:18:29 | 000,002,867 | ---- | C] () -- C:\Windows\WINCMD.INI [2009.07.14 15:47:43 | 000,655,802 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 15:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 15:47:43 | 000,130,434 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 15:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 11:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 11:33:53 | 000,370,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 09:05:48 | 000,616,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 09:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 09:05:48 | 000,106,728 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 09:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 09:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 09:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 06:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 06:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 06:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 07:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys [2009.06.11 04:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > _______________________________________________ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.03.2011 21:08:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = E:\WINDOWS7\Download
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,95 Gb Free Space | 64,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,78 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive E: | 194,94 Gb Total Space | 118,91 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
Drive H: | 54,32 Gb Total Space | 37,32 Gb Free Space | 68,70% Space Free | Partition Type: NTFS
Drive T: | 194,94 Gb Total Space | 103,10 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
Drive U: | 44,55 Gb Total Space | 28,82 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
Computer Name: ACER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhelp.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- winhelp.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Windows7\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Windows7\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "E:\WINDOWS7\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Helmut\AppData\Local\Temp\0.22482767888255106.exe" = C:\Users\Helmut\AppData\Local\Temp\0.22482767888255106.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22\svcnost.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Local\Temp\0.5071087690742537.exe" = C:\Users\Helmut\AppData\Local\Temp\0.5071087690742537.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\Desktop\update.exe" = C:\Users\Helmut\Desktop\update.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2\svcnost.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2\svcnost.exe:*:Enabled:ldrsoft
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = PAP7501(16M)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Ultra Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3D Hausplaner 9_is1" = DATA BECKER 3D Hausplaner 9
"A4Tech iKeyWorks" = A4Tech iKeyWorks 7.80
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Canon MP140 series Benutzerregistrierung" = Canon MP140 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CCleaner" = CCleaner
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"EasyBCD" = EasyBCD 1.7.2
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ffdshow_is1" = ffdshow v1.1.3439 [2010-05-14]
"FGS Kassenbuch5.1.6" = FGS Kassenbuch
"FGS Kassenbuch5.1.7" = FGS Kassenbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GlobalTV" = GlobalTV
"Hippsoft hsWebCam_is1" = Hippsoft hsWebCam 1.08.0006
"IncrediMail" = IncrediMail 2.0
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"meinHausplaner" = meinHausplaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
|
|
16.03.2011, 15:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.03.12 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2
[2011.03.12 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2
[2011.03.12 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22
[2011.03.12 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2
[2011.03.08 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32
[2011.03.08 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2
[2011.03.08 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2
[2011.03.08 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2
[2011.03.08 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 15:57
| #11 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arne! Ja Neustart wurde durchgeführt. Hier der report: All processes killed ========== OTL ========== C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22 folder moved successfully. C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32 folder moved successfully. C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2 folder moved successfully. C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2 folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Helmut ->Temp folder emptied: 908852 bytes ->Temporary Internet Files folder emptied: 26245666 bytes ->Java cache emptied: 2657258 bytes ->FireFox cache emptied: 59421759 bytes ->Flash cache emptied: 7493 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7268 bytes RecycleBin emptied: 30699128 bytes Total Files Cleaned = 114,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03162011_215129 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
16.03.2011, 16:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 16:39
| #13 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Hallo Arnie! Ich habe anscheinend einen großen fehler gemacht. Folgendes: ich habe Combofix heruntergeladen und es kam eine Fehlermeldung. Dann nochmal runtergeladen und gleich gestartet. Dann hat Avast (vergessen zum ausschalten da ich annahm das Cofi erst installiert werden muss) mich andauernd gefragt ob ich in der Sandbox das machen will und weils andauernd gekommen ist habe ich ctrl-Alt-Entf den Taskmanager ausgeführt und das system heruntergefahren. Gleich beim Hochfahren ist mir aufgefallen das die systemsounds nicht mehr funktionieren. Ich weiss ned was noch alles nicht funkt. Trau mich nicht weiter zu suchen. kannst mir ev. helfen?? DANKE |
|
16.03.2011, 19:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Deinstalliere bitte Avast, starte den Rechner neu und probier es nochmal mit cofi.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 03:49
| #15 |
| | http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? Guten Morgen Arne! Ich habe die Nacht über den PC laufen lassen sicherheitshalber und jetzt morgens deine Nachricht gelesen. Ich habe Avast deaktiviert - CoFi ausgeführt Bei Stufe_48 kam eine Fehlermeldung - PEV.cfxxe funktioniert nicht mehr! Ich habe 30 min gewartet und habe dann die Meldung geschlossen. Daraufhin hat CoFi normal bis stufe 50 weitergearbeitet und alles Programmgemäß erledigt. Hier die Log Datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-16.01 - Helmut 17.03.2011 8:23.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.2815.1811 [GMT 7:00]
ausgeführt von:: c:\users\Helmut\Desktop\CoFi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helmut\AppData\Roaming\desktop.ini
c:\users\Helmut\FAVORI~1\Translator.url
c:\users\Helmut\Favorites\Translator.url
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-17 bis 2011-03-17 ))))))))))))))))))))))))))))))
.
.
2011-03-17 02:14 . 2011-03-17 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 01:18 . 2011-02-23 02:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7739C84C-CFE5-478B-AF4E-38CC72716E40}\mpengine.dll
2011-03-11 11:35 . 2011-03-11 11:35 -------- d-----w- c:\users\Helmut\AppData\Roaming\Malwarebytes
2011-03-11 11:35 . 2011-03-11 11:35 -------- d-----w- c:\programdata\Malwarebytes
2011-03-11 11:35 . 2010-12-20 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 11:35 . 2010-12-20 11:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 08:46 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 08:46 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 08:46 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 08:46 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:46 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 08:46 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:46 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 02:55 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-08 09:17 . 2011-03-08 09:17 -------- d-----w- c:\users\Helmut\AppData\Local\Apps
2011-02-23 02:30 . 2011-02-23 02:30 -------- d-----w- c:\windows\system32\SPReview
2011-02-23 02:29 . 2011-02-23 02:29 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 02:26 . 2010-11-20 12:29 132992 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-02-23 02:25 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-23 02:25 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-02-23 02:25 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-23 02:25 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-02-23 02:25 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-23 02:12 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 02:12 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 02:12 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-06-29 05:49 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-06-13 06:52 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-06-13 06:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-06-13 06:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-06-13 06:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-06-13 06:53 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-06-13 06:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-23 02:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-09 01:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 10:11 . 2010-03-17 07:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:45 . 2011-02-09 01:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-09 01:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 01:40 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55 . 2011-02-09 01:40 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-09 01:40 2330624 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 07:07 . 2011-02-09 01:40 542208 ----a-w- c:\windows\system32\kerberos.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIDEBAR"="e:\windows7\Programme\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Skype"="e:\windows7\Programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DMS-Kalenderchen"="e:\windows7\Programme\Kalenderchen\Kalenderchen.exe" [2010-05-18 3498496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-18 39408]
"IncrediMail"="e:\windows7\Programme\IncrediMail\bin\IncMail.exe" [2011-02-24 353736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RemoteControl"="e:\windows7\Programme\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="e:\windows7\Programme\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"iKeyWorks"="e:\windows7\PROGRA~1\Tastatur\Ikeymain.exe" [2007-06-25 65536]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TkBellExe"="e:\windows7\Programme\Real\update\realsched.exe" [2010-11-14 274608]
.
c:\users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mouse.lnk - e:\windows7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe [2010-3-17 429568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\windows7\Programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TL-WN321G Wireless Utility.lnk - e:\windows7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2010-4-22 1785856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 135664]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\windows7\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 StorSvc;Speicherdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Anschlussumleitung für Remotedesktopdienst im Benutzermodus;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-28 40560]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 40704]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Bus des virtuellen Computers;c:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Treiber für Offlinedateien;c:\windows\system32\drivers\csc.sys [2010-11-20 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offlinedateien;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]
S3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
PeerDist REG_MULTI_SZ PeerDistSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
StorSvc
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 12:21]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 12:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: &Add animation to IncrediMail Style Box - e:\windows7\Programme\IncrediMail\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - e:\windows7\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\4gnrnlsn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.superchat.at/index
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\windows7\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-17 09:16:22
ComboFix-quarantined-files.txt 2011-03-17 02:16
.
Vor Suchlauf: 9 Verzeichnis(se), 40.429.469.696 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 40.341.135.360 Bytes frei
.
- - End Of File - - 7EF4588E108A0D73AAF06698E488BAE3
Nach Fertigstellung habe ich Avast wieder aktiviert und das System neu gestartet. Die Systemklänge funktionieren wieder und es scheint alles zu funktionieren nur beim Systemstart bekomme ich angehängte Meldung. Ich weiss nicht welches programm sich hier im Internet gleich zu beginn einlogt und denke es könnte Avast sein?? Kann ich beruhigt sein oder werde ich immer noch ausspioniert? Wie geht es jetzt weiter oder sind wir am Ende? Jedenfalls mal VIELEN DANK für deine Hilfe Sorry habe gerade die Vorschau aktiviert und siehe da unser ALTES Problem meldung von Avast - hxxp://www.google-analytics.com/ga.jsI>(gzip) ist wieder aufgetaucht so ein mist!!! Lg Helmut |
|
| Themen zu http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? |
| andere, anderen, anti-malware, antwort, aufruf, avast, befallen, computer, eingefangen, fehler, folge, folgende, gefangen, hoffe, interne, internet, jahre, kurzem, malware, malwarebytes, meldung, nicht gefunden, reinigen, schutz, verwendet, virus |
Linear-Darstellung
