| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2011, 23:14
| #16 |
 |  TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart OTL Logfile: Code:
ATTFilter OTL logfile created on: 4/21/2011 12:11:05 AM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 103.65 Gb Total Space | 72.86 Gb Free Space | 70.29% Space Free | Partition Type: NTFS Drive D: | 347.01 Gb Total Space | 135.69 Gb Free Space | 39.10% Space Free | Partition Type: NTFS Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (a2acc) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsi Software GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys () DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 22:19:34 | 000,000,000 | ---D | M] [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions [2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/04/20 22:32:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66} [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com [2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com [2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com [2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml [2011/04/19 22:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/04/19 22:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/04/19 23:22:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fireball\Documents\Anti-Malware [2011/04/20 08:29:50 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Local\AOL [2011/04/19 22:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011/04/19 22:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/04/19 22:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sun [2011/04/19 22:19:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/04/19 22:19:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes [2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe [2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2} [2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll [2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys [2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll [2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll [2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll [2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe [2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll [2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe [2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll [2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll [2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll [2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll [2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll [2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe [2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll [2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll [2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll [2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll [2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll [2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll [2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll [2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe [2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll [2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll [2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe [2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll [2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe [2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll [2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll [2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll [2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll [2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll [2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll [2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll [2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll [2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll [2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll [2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll [2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll [2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll [2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll [2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll [2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll [2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll [2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll [2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll [2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll [2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll [2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll [2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll [2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll [2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll [2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe [2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll [2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe [2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll [2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe [2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll [2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll [2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll [2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll [2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll [2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll [2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll [2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll [2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe [2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll [2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll [2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll [2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll [2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll [2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll [2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll [2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll [2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll [2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll [2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe [2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll [2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe [2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll [2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll [2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll [2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll [2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll [2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll [2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll [2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll [2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll [2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe [2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll [2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll [2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe [2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll [2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll [2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL [2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll [2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll [2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll [2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll [2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll [2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL [2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll [2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll [2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe [2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll [2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll [2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll [2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll [2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll [2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll [2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL [2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll [2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll [2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll [2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll [2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll [2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll [2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll [2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe [2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys [2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll [2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll [2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll [2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll [2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe [2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe [2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll [2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe [2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll [2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe [2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll [2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll [2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll [2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll [2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll [2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL [2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe [2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll [2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll [2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll [2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe [2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll [2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll [2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll [2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll [2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll [2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll [2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe [2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll [2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys [2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll [2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll [2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl [2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll [2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll [2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax [2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL [2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll [2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll [2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe [2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll [2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll [2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll [2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll [2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys [2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe [2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll [2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll [2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll [2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll [2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll [2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll [2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll [2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll [2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll [2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll [2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll [2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll [2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe [2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys [2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll [2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll [2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll [2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll [2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll [2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll [2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll [2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll [2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr [2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe [2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL [2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll [2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll [2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll [2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll [2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll [2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll [2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll [2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll [2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll [2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll [2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll [2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll [2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll [2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll [2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll [2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll [2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll [2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll [2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe [2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll [2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll [2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl [2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe [2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll [2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL [2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe [2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys [2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll [2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll [2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll [2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe [2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll [2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll [2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll [2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll [2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll [2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll [2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx [2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe [2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll [2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe [2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll [2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll [2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll [2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll [2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll [2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll [2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll [2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl [2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl [2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll [2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll [2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll [2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll [2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl [2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll [2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe [2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll [2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll [2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe [2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll [2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll [2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll [2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll [2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll [2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll [2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll [2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll [2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax [2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys [2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe [2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll [2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll [2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll [2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll [2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll [2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll [2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll [2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe [2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe [2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe [2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll [2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax [2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll [2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll [2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll [2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe [2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll [2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL [2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll [2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll [2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll [2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll [2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe [2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll [2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll [2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll [2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll [2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll [2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp [2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe [2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll [2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll [2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll [2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe [2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll [2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe [2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll [2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll [2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe [2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll [2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll [2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr [2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll [2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll [2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll [2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll [2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll [2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll [2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll [2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe [2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe [2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll [2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll [2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll [2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll [2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll [2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll [2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe [2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe [2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll [2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe [2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe [2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll [2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll [2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll [2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll [2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll [2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll [2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll [2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe [2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll [2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll [2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL [2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll [2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe [2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe [2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL [2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll [2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll [2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr [2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll [2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll [2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll [2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll [2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe [2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll [2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys [2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll [2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe [2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll [2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe [2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll [2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll [2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll [2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll [2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll [2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll [2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL [2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL [2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll [2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll [2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll [2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe [2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll [2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr [2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr [2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll [2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll [2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll [2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll [2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll [2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax [2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl [2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe [2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll [2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll [2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax [2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL [2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll [2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll [2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax [2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe [2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll [2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll [2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe [2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax [2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe [2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll [2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe [2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe [2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll [2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll [2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll [2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll [2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll [2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll [2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe [2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll [2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll [2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe [2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax [2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL [2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe [2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll [2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll [2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll [2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL [2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll [2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll [2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe [2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe [2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl [2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll [2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll [2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll [2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll [2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll [2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll [2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll [2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe [2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll [2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll [2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll [2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll [2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll [2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll [2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe [2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll [2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll [2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe [2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe [2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll [2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll [2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME [2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll [2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe [2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe [2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll [2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll [2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll [2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll [2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe [2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax [2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll [2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe [2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll [2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe [2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe [2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll [2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll [2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe [2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax [2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe [2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll [2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax [2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll [2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll [2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe [2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax [2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll [2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll [2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys [2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe [2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys [2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll [2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll [2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll [2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll [2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll [2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll [2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll [2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll [2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll [2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll [2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll [2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll [2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll [2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll [2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime [2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll [2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll [2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll [2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll [2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll [2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll [2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll [2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll [2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll [2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll [2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys [2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys [2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL [2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx [2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll [2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll [2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL [2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL [2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL [2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL [2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL [2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll [2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll [2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll [2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL [2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL [2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL [2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll [2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll [2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll [2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll [2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe [2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll [2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll [2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll [2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe [2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe [2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe [2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll [2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll [2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ========== Files - Modified Within 30 Days ========== [2011/04/20 23:43:00 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job [2011/04/20 23:08:02 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/20 23:08:02 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/20 22:43:01 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job [2011/04/20 22:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/04/20 22:20:38 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2011/04/19 23:22:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts [2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/04/19 22:19:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics [2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll ========== Files Created - No Company Name ========== [2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel [2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd [2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml [2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml [2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe [2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat [2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini [2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys [2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI [2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini [2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini [2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll [2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe [2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe [2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== Custom Scans ========== < :OTL > < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. > < [2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe > Invalid Switch: 18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe < [2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe > Invalid Switch: 29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe < > < :Commands > < [emptytemp] > < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/21/2011 12:11:05 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 72.86 Gb Free Space | 70.29% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.69 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2231
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2231
Error - 4/20/2011 9:59:12 AM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x1414 Startzeit der fehlerhaften Anwendung: 0x01cbff609836e47b Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
5e7471cc-6b56-11e0-baa1-00245412e07c
Error - 4/20/2011 2:28:07 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 2:28:31 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 4/20/2011 2:30:25 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 2:30:26 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 4/20/2011 4:40:10 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x13fc Startzeit der fehlerhaften Anwendung: 0x01cbff9adf75145f Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
623cd1d2-6b8e-11e0-9b09-00245412e07c
Error - 4/20/2011 4:53:40 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
Zeitstempel: 0x4ca2ef57 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002fc96 ID des fehlerhaften
Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0x01cbff9b23e1a53a Pfad der
fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
44d4916b-6b90-11e0-9b09-00245412e07c
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung. 11:03:50
- Serververbindung konnte nicht hergestellt werden..
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung. 11:03:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 4/19/2011 4:22:16 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 4/19/2011 5:23:27 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/19/2011 5:24:15 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/20/2011 2:13:11 AM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/20/2011 2:14:39 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 4/20/2011 5:04:40 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:
%%183
Error - 4/20/2011 4:20:48 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\windows\system32\athExt.dll Fehlercode: 126
Error - 4/20/2011 4:21:11 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
20.04.2011, 23:25
| #17 |
| /// Helfer-Team    | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart hast Du mich falsch verstanden glaube ich, also noch verständlicher ausdrücken :
__________________Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
:Commands
[emptytemp]
__________________ |
|
20.04.2011, 23:27
| #18 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Ach shit sry
__________________ Ja hab dich falsch verstanden*g* Ist schon spät  Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Fireball\AppData\Roaming\Uxbe folder moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fireball
->Temp folder emptied: 6493367 bytes
->Temporary Internet Files folder emptied: 7414230 bytes
->Java cache emptied: 10712 bytes
->FireFox cache emptied: 88307595 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3989 bytes
User: Mcx1-FIREBALL-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14000 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 98.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_002754
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
21.04.2011, 17:34
| #19 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart So kurzer Zwischenbericht. Also die explorer.exe hat sich jetzt so bei 30-35mb eingependelt Skript-Fehler hatte ich heute noch keinen. Was Google angeht kann ich noch nicht viel sagen (hab nicht viel gesucht heute). Falls jetzt nichts mehr passieren sollte (was ich hoffe), dank ich dir sehr für deine gute und ausführliche Hilfe |
|
21.04.2011, 21:04
| #20 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Es muss alles im grünen Bereich sein!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.04.2011, 21:06
| #21 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Ok also Skriptfehler hab ich wohl weiterhin. Jedenfalls war kurz das Skriptfehler-Fenster zu sehen bevor ich neugestartet habe Geändert von Floppar (21.04.2011 um 21:11 Uhr) |
|
21.04.2011, 21:22
| #22 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Ich hatte ebend auch Audiowerbung im Hintergrund, obwohl ich keine Werbung geöffnet hatte. Geändert von Floppar (21.04.2011 um 21:55 Uhr) |
|
21.04.2011, 22:00
| #23 | |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart 1. Temporäre ordner leeren: Zitat:
Code:
ATTFilter %temp%
noch einfacher vorgehen, diese Prozedur zu ersparen: Temporäre Dateien und zusätzliche Ordner mit CCleaner unter Vista und Windows 7 bereinigen lassen CCleaner als Admin starten => gehe auf den Button links oben "Cleaner", setze Häkchen unter Reiter "Windows" (alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner"). Einstellungen => Benutzerdefiniert => Zu bereinigende Dateien und Ordner => Ordner hinzufügen => C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.* C:\Users\Default\AppData\Local\Temp\*.* C:\Windows\Temp\*.* 2. Öffne CCleaner
► Besteht dein Problem nach wie vor?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.04.2011, 22:47
| #24 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Also die Audio-Werbung im Hintergrund ist immer noch da. Skriptfehler war bis jetzt noch keiner. Glaub das Einfachste ist bald, dass System neu aufzusetzen...;/ |
|
21.04.2011, 22:51
| #25 | |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im AutostartZitat:
 1. TDSSKiller von Kaspersky
ausserdem: 2. **Erweiterungen deaktivieren oder löschen: In Firefox Add-ons bzw. Erweiterungen deaktivieren/löschen: Wie kann ich meine Add-ons verwalten? Gehen Sie in Firefox auf "Add-ons" im Menü "Extras", um ihre Themes und Erweiterungen zu verwalten. Wenn eine Ihrer Erweiterungen spezielle Einstellungen erlaubt, dann können Sie diese im "Erweiterungen" Teil des "Add-ons"-Fensters sehen. Von hier aus können Sie auch Add-ons deaktivieren oder installieren. Suchmaschinen können über die Suchleiste verwaltet werden. Wenn Sie vermuten, dass ein Add-on beeinflusst, wie Firefox auf Ihrem Computer läuft, versuchen Sie es einmal zu deaktivieren. -> Firefox mit Add-ons anpassen -> Löschen: http://www.pcbeirat.de/browser/firef...ltig-loeschen/ in Internet Explorer Add-ons bzw. Erweiterungen deaktivieren/löschen:: probiers mal hiermit - Add-Ons deaktivieren bzw. auch deinstallieren:: -> http://windows.microsoft.com/de-AT/w...sked-questions -> http://iefaq.info/index.php?action=a...=59&artlang=de -> http://support.microsoft.com/kb/936213/de 3. Proxyeinstellungen zu überprüfen: im Firefox: http://www.proxytype.de/tutorials-ho...tellungen.html über das Menü Extras-> Einstellungen-> klicke auf den Reiter "Erweitert"-> Netzwerk-> bei "Verbindung" schauen im Internet Explorer::-> http://windows.microsoft.com/de-AT/w...ernet-Explorer über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (21.04.2011 um 23:00 Uhr) |
|
21.04.2011, 22:59
| #26 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Der führt das Programm gar nicht erst aus bei mir... Mache Doppelklick drauf aber es passiert nichts. Firefox Addons sind alle deaktiviert und der Proxy steht bei mir auf "Proxy-Einstellungen des Systems verwenden" Würde eine Wiederherstellung des "Ursprungzustand" denn auch helfen?! Hab ein Programm von Samsung drauf, welches mein C: Laufwerk zum Werkszustand zurücksetzt. Oder besteht die Gefahr, dass die Fehler dann immer noch da sind? Geändert von Floppar (21.04.2011 um 23:06 Uhr) |
|
21.04.2011, 23:11
| #27 |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Würde eine Wiederherstellung des "Ursprungzustand" denn auch helfen?! Hab ein Programm von Samsung drauf, welches mein C: Laufwerk zum Werkszustand zurücksetzt. ja, das kannst machen - versteckte Partition auf der Platte Es gibt eine Tastenkombination, die Du beim start des Pc´s drücken musst! Wie Du aus dem Handbuch der Herstellers entnehmen kannst, oder der technischer Support wenden. - (ein Bootmenu aufrufen, dann eine beliebige Taste drücken) Oder besteht die Gefahr, dass die Fehler dann immer noch da sind? Die Recovery Partition bleibt unberührt, da "unsichtbar" ist. Hat man im Normal Fall keinen Zugriff auf dieser Partition, also ein Virus auch nicht Im "Normal Fall" nein, Schadsoftware kann selbst nicht die Partition befallen. Datensicherung: Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen ** Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Bevor du mit deinem PC direkt ins Netz gehst: - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern ( am besten von einem anderen, nicht-infizierten Rechner aus! )
Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! ** Empfehle ich Dir NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - dann die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - extern gesicherte Daten-Datenträger anschließen, gründlich scannen lassen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.04.2011, 23:29
| #28 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Wie ist das eigentlich mit ner Partition?! Sprich ich hab Windows und Progs auf C: und Filme/Fotos/Dokumente auf D: Sollte ich dann beide Partition platt machen oder reicht es wenn ich C: platt mache und dort Windows neu drauf mache?! |
|
22.04.2011, 04:35
| #29 |
| | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Nur noch kurz zur Info, also die Werbung muss irgendwas mit meiner explorer.exe am Hut haben, da diese wieder auf 140mb gestiegen ist.... |
|
22.04.2011, 07:18
| #30 | |
| /// Helfer-Team | TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart Vorsicht!: muss nicht, aber Filme/Fotos/Dokumente können auch schädliche Code enthalten! vom vorliegen einer Infektion abhängig ist. Also in deinem Fall die Festplatte komplett formatieren! Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart |
| aktion, antivir, appdata, autostart, datei, desktop, guten, heute, infos, komische, laptop, malwarebytes, meldung, namen, programm, sache, sachen, spinnt, temp, total, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, unerwünschtes programm, virus |
.
Linear-Darstellung
