Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.04.2011, 20:25   #1
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Guten Tag,

mich hat es heute auch mit einem "Trojaner" bzw Virus erwischt.
Und zwar hab ich vorhin diese Meldung von meinem Antivir bekommen:
Die Datei 'C:\Users\Fireball\AppData\Local\Temp\mnrcxsweao.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a09291b.qua' verschoben!

Seitdem spinnt mein Laptop total!
- Sachen auf dem Desktop wurden als versteckt makiert
- Komische Einträge im Systemstart (Uquajaneyule - Realtek HD Audio Coinstaller usw.)
Was gibts da für Möglichkeiten bzw was sollte ich tun?!

Lasse gerade nochmal Antiwir + Malwarebytes drüber laufen und hoffe das die vlt noch mehr Infos preisgeben.

Danke schonmal für die Hilfe

Alt 18.04.2011, 20:32   #2
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

Zitat:
Malware versucht die Arbeit mit dem Computer zu erschweren: z.B. wenn Du auf von mir angegebenen Link klickst, kann es sein, dass Du dann automatisch auf eine gefälschte Seite weitergeleitet wirst.
In diesem Fall bitte möglichst sofortige Rückmeldung!
Ich mach dir einen Vorschlag:
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf "Restore bzw systemwiederherstellung" markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

5.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

6.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt pr
__________________

__________________

Geändert von kira (18.04.2011 um 20:40 Uhr)

Alt 18.04.2011, 22:25   #3
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Kurze Zwischeninfo:

Also die SWH funktioniert nicht richtig.. Kommt immer eine Fehlermeldung von wegen ein Antivirenprogamm sei am laufen, obwohl alle deaktiviert sind.
Also auf der einen Seite sind jetzt einige Einträge aus dem Autostart weg aber ich hab trotzdem immer wieder eine *.dll Datei im Autostart die sich "realtek audio coinstaller" schimpft und der Befehl von einer ewehixusoya.dll aus dem Appdata/Local Ordner kommt.
(Hab die File mal per abgesichertem Modus gelöscht)
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 22:38:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
Running: gmer.exe; Driver: C:\Users\Fireball\AppData\Local\Temp\kwliakow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                                       8308B9C9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              830AB512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spus.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x92C29000, 0x2DEB7A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               932A6CA0 5 Bytes  JMP 872914E0 
.text           ar6gya0l.SYS                                                                                                        93E17000 12 Bytes  [44, 48, 02, 83, EE, 46, 02, ...]
.text           ar6gya0l.SYS                                                                                                        93E1700D 9 Bytes  [27, 02, 83, 48, 4B, 02, 83, ...] {DAA ; ADD AL, [EBX-0x7cfdb4b8]; ADD [EAX], AL}
.text           ar6gya0l.SYS                                                                                                        93E17017 20 Bytes  [00, DE, A7, B1, 8B, E6, A5, ...]
.text           ar6gya0l.SYS                                                                                                        93E1702C 58 Bytes  [00, 00, 00, 00, 00, 68, 08, ...]
.text           ar6gya0l.SYS                                                                                                        93E17067 90 Bytes  [83, 64, AC, 08, 83, 20, 81, ...]
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\windows\system32\Dwm.exe[2444] ntdll.dll!NtCreateUserProcess                                                     77AB5778 5 Bytes  JMP 006A4B7A 
.text           C:\windows\system32\Dwm.exe[2444] ntdll.dll!LdrLoadDll                                                              77AD22B8 5 Bytes  JMP 006A4CA9 
.text           C:\windows\system32\Dwm.exe[2444] kernel32.dll!GetFileAttributesExW                                                 770D273D 5 Bytes  JMP 006A4D4B 
.text           C:\windows\system32\Dwm.exe[2444] USER32.dll!TranslateMessage                                                       77BE64C7 5 Bytes  JMP 006A38C4 
.text           C:\windows\system32\Dwm.exe[2444] USER32.dll!GetClipboardData                                                       77BF2BA7 5 Bytes  JMP 006A3A2A 
.text           C:\windows\system32\Dwm.exe[2444] CRYPT32.dll!PFXImportCertStore                                                    75DE0DDC 5 Bytes  JMP 006A35DE 
.text           C:\windows\system32\Dwm.exe[2444] WS2_32.dll!closesocket                                                            75F73918 5 Bytes  JMP 00693FA0 
.text           C:\windows\system32\Dwm.exe[2444] WS2_32.dll!WSASend                                                                75F74406 5 Bytes  JMP 00693FF9 
.text           C:\windows\system32\Dwm.exe[2444] WS2_32.dll!send                                                                   75F76F01 5 Bytes  JMP 00693FD8 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpQueryInfoA                                                        7725A33E 5 Bytes  JMP 006A717F 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetCloseHandle                                                   7725AB49 5 Bytes  JMP 006A7087 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFile                                                      7725B406 5 Bytes  JMP 006A70CA 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetQueryDataAvailable                                            77265E5D 5 Bytes  JMP 006A7153 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestW                                                      7726BA12 5 Bytes  JMP 006A6EA7 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExW                                                    77274A3D 5 Bytes  JMP 006A6F4F 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFileExA                                                   7728AE5E 5 Bytes  JMP 006A7109 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExA                                                    772D189E 5 Bytes  JMP 006A6FEB 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA                                                      772D1984 2 Bytes  JMP 006A6EFB 
.text           C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA + 3                                                  772D1987 2 Bytes  [3D, 89]
.text           C:\windows\system32\taskhost.exe[2452] ntdll.dll!NtCreateUserProcess                                                77AB5778 5 Bytes  JMP 017E4B7A 
.text           C:\windows\system32\taskhost.exe[2452] ntdll.dll!LdrLoadDll                                                         77AD22B8 5 Bytes  JMP 017E4CA9 
.text           C:\windows\system32\taskhost.exe[2452] kernel32.dll!GetFileAttributesExW                                            770D273D 5 Bytes  JMP 017E4D4B 
.text           C:\windows\system32\taskhost.exe[2452] USER32.dll!TranslateMessage                                                  77BE64C7 5 Bytes  JMP 017E38C4 
.text           C:\windows\system32\taskhost.exe[2452] USER32.dll!GetClipboardData                                                  77BF2BA7 5 Bytes  JMP 017E3A2A 
.text           C:\windows\system32\taskhost.exe[2452] WS2_32.dll!closesocket                                                       75F73918 5 Bytes  JMP 017D3FA0 
.text           C:\windows\system32\taskhost.exe[2452] WS2_32.dll!WSASend                                                           75F74406 5 Bytes  JMP 017D3FF9 
.text           C:\windows\system32\taskhost.exe[2452] WS2_32.dll!send                                                              75F76F01 5 Bytes  JMP 017D3FD8 
.text           C:\windows\system32\taskhost.exe[2452] CRYPT32.dll!PFXImportCertStore                                               75DE0DDC 5 Bytes  JMP 017E35DE 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpQueryInfoA                                                   7725A33E 5 Bytes  JMP 017E717F 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetCloseHandle                                              7725AB49 5 Bytes  JMP 017E7087 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFile                                                 7725B406 5 Bytes  JMP 017E70CA 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetQueryDataAvailable                                       77265E5D 5 Bytes  JMP 017E7153 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestW                                                 7726BA12 5 Bytes  JMP 017E6EA7 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExW                                               77274A3D 5 Bytes  JMP 017E6F4F 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFileExA                                              7728AE5E 5 Bytes  JMP 017E7109 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExA                                               772D189E 5 Bytes  JMP 017E6FEB 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA                                                 772D1984 2 Bytes  JMP 017E6EFB 
.text           C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA + 3                                             772D1987 2 Bytes  [51, 8A]
.text           C:\windows\Explorer.EXE[2528] ntdll.dll!NtCreateUserProcess                                                         77AB5778 5 Bytes  JMP 02AD4B7A 
.text           C:\windows\Explorer.EXE[2528] ntdll.dll!LdrLoadDll                                                                  77AD22B8 5 Bytes  JMP 02AD4CA9 
.text           C:\windows\Explorer.EXE[2528] kernel32.dll!GetFileAttributesExW                                                     770D273D 5 Bytes  JMP 02AD4D4B 
.text           C:\windows\Explorer.EXE[2528] USER32.dll!TranslateMessage                                                           77BE64C7 5 Bytes  JMP 02AD38C4 
.text           C:\windows\Explorer.EXE[2528] USER32.dll!GetClipboardData                                                           77BF2BA7 5 Bytes  JMP 02AD3A2A 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpQueryInfoA                                                            7725A33E 5 Bytes  JMP 02AD717F 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!InternetCloseHandle                                                       7725AB49 5 Bytes  JMP 02AD7087 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFile                                                          7725B406 5 Bytes  JMP 02AD70CA 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersA                                                    7725DCD2 5 Bytes  JMP 001F18D5 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersW                                                    77264FAE 5 Bytes  JMP 001F1A9D 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!InternetQueryDataAvailable                                                77265E5D 5 Bytes  JMP 02AD7153 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestW                                                          7726BA12 5 Bytes  JMP 02AD6EA7 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExW                                                        77274A3D 5 Bytes  JMP 02AD6F4F 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFileExA                                                       7728AE5E 5 Bytes  JMP 02AD7109 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExA                                                        772D189E 5 Bytes  JMP 02AD6FEB 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA                                                          772D1984 2 Bytes  JMP 02AD6EFB 
.text           C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA + 3                                                      772D1987 2 Bytes  [80, 8B]
.text           C:\windows\Explorer.EXE[2528] CRYPT32.dll!PFXImportCertStore                                                        75DE0DDC 5 Bytes  JMP 02AD35DE 
.text           C:\windows\Explorer.EXE[2528] WS2_32.dll!closesocket                                                                75F73918 5 Bytes  JMP 02AC3FA0 
.text           C:\windows\Explorer.EXE[2528] WS2_32.dll!WSASend                                                                    75F74406 5 Bytes  JMP 02AC3FF9 
.text           C:\windows\Explorer.EXE[2528] WS2_32.dll!send                                                                       75F76F01 5 Bytes  JMP 02AC3FD8 
.text           C:\Windows\System32\rundll32.exe[2844] ntdll.dll!NtCreateUserProcess                                                77AB5778 5 Bytes  JMP 015B4B7A 
.text           C:\Windows\System32\rundll32.exe[2844] ntdll.dll!LdrLoadDll                                                         77AD22B8 5 Bytes  JMP 015B4CA9 
.text           C:\Windows\System32\rundll32.exe[2844] kernel32.dll!GetFileAttributesExW                                            770D273D 5 Bytes  JMP 015B4D4B 
.text           C:\Windows\System32\rundll32.exe[2844] USER32.dll!TranslateMessage                                                  77BE64C7 5 Bytes  JMP 015B38C4 
.text           C:\Windows\System32\rundll32.exe[2844] USER32.dll!GetClipboardData                                                  77BF2BA7 5 Bytes  JMP 015B3A2A 
.text           C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!closesocket                                                       75F73918 5 Bytes  JMP 015A3FA0 
.text           C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!WSASend                                                           75F74406 5 Bytes  JMP 015A3FF9 
.text           C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!send                                                              75F76F01 5 Bytes  JMP 015A3FD8 
.text           C:\Windows\System32\rundll32.exe[2844] CRYPT32.dll!PFXImportCertStore                                               75DE0DDC 5 Bytes  JMP 015B35DE 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpQueryInfoA                                                   7725A33E 5 Bytes  JMP 015B717F 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetCloseHandle                                              7725AB49 5 Bytes  JMP 015B7087 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFile                                                 7725B406 5 Bytes  JMP 015B70CA 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetQueryDataAvailable                                       77265E5D 5 Bytes  JMP 015B7153 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestW                                                 7726BA12 5 Bytes  JMP 015B6EA7 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExW                                               77274A3D 5 Bytes  JMP 015B6F4F 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFileExA                                              7728AE5E 5 Bytes  JMP 015B7109 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExA                                               772D189E 5 Bytes  JMP 015B6FEB 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA                                                 772D1984 2 Bytes  JMP 015B6EFB 
.text           C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA + 3                                             772D1987 2 Bytes  [2E, 8A]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                   [8BA40C4C] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                      [8BA40CA0] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8BA10042] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8BA106D6] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8BA10800] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8BA1013E] \SystemRoot\System32\Drivers\spus.sys
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortQuerySystemTime]                                       78800C75
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortUchar]                                         06750015
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         005AB7E8
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortRequestCallback]                                       CCCC0008
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteRequest]                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortEtwTraceLog]                                           800C5D8B
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             7500117B
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         56587500
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     8008758B
IAT             \SystemRoot\System32\Drivers\ar6gya0l.SYS[NTOSKRNL.exe!KeTickCount]                                                 78801875

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]               [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]             [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              863181F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                856521F8
Device          \Driver\ACPI_HAL \Device\00000050                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    872921F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC}                                            8724A1F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    86372500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    872921F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    86372500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        87092500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{757227C0-FB57-48ED-A716-ADDEAE82F2D3}                                            8724A1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        87092500
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{1BC72468-10FD-4771-992B-EF2F7347F383}                                            8724A1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8724A1F8
Device          \Driver\PCI_PNP1623 \Device\0000005e                                                                                spus.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    872921F8
Device          \Driver\sptd \Device\1512981624                                                                                     spus.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    872921F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    86372500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    872921F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    86372500
Device          \Driver\ar6gya0l \Device\Scsi\ar6gya0l1Port1Path0Target0Lun0                                                        873521F8
Device          \Driver\ar6gya0l \Device\Scsi\ar6gya0l1                                                                             873521F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:300]                                                                                                      86F23E7A
Thread          System [4:304]                                                                                                      86F26008

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xFA 0x4C 0xA5 0xE0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x5D 0x27 0xFF 0x65 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x96 0x39 0x52 0xFC ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFA 0x4C 0xA5 0xE0 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x5D 0x27 0xFF 0x65 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x96 0x39 0x52 0xFC ...

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST950032 rev.0001 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
kernel: MBR read successfully
user & kernel MBR OK
         
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:59, on 18.04.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
D:\Downloads\mbam-setup.exe
C:\Users\Fireball\AppData\Local\Temp\is-P1NH7.tmp\mbam-setup.tmp
D:\Downloads\HijackThis.exe
C:\windows\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Egiqa] rundll32.exe "C:\Users\Fireball\AppData\Local\ewehixusoya.dll",Startup
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5950 bytes
         
Code:
ATTFilter
         
Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7601]
 
 
C:

       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  18.04.2011 23:23     C:\Windows --------- 32768   
  18.04.2011 23:22     C:\ProgramData --------- 8192   
  18.04.2011 22:46     C:\System Volume Information --------- 24576   
  18.04.2011 22:46     C:\mbr.log --------- 309   
  18.04.2011 21:42     C:\Program Files --------- 28672   
  14.10.2010 21:51     C:\MSOCache --------- 0   
  26.01.2010 17:45     C:\$Recycle.Bin --------- 4096   
  26.11.2009 12:03     C:\IO.SYS --------- 0   
  26.11.2009 12:03     C:\MSDOS.SYS --------- 0   
  01.11.2009 23:00     C:\Users --------- 4096   
  29.10.2009 13:04     C:\Recovery --------- 0   
  07.10.2009 11:52     C:\Intel --------- 0   
  14.07.2009 06:53     C:\Documents and Settings --------- 0   
  14.07.2009 04:37     C:\PerfLogs --------- 0   
  10.06.2009 23:42     C:\config.sys --------- 10   
  10.06.2009 23:42     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\windows

  18.04.2011 23:23     C:\windows\setupact.log --------- 168   
  18.04.2011 23:23     C:\windows\bootstat.dat --------- 67584   
  18.04.2011 23:27     C:\windows\WindowsUpdate.log --------- 1650501   
  18.04.2011 22:52     C:\windows\setuperr.log --------- 0   
  20.11.2010 14:21     C:\windows\twain_32.dll --------- 51200   
  20.11.2010 14:17     C:\windows\explorer.exe --------- 2616320   
  20.11.2010 14:16     C:\windows\bfsvc.exe --------- 65024   
  04.05.2010 14:15     C:\windows\wininit.ini --------- 182   
  04.05.2010 08:02     C:\windows\win.ini --------- 510   
  17.04.2010 01:45     C:\windows\WLXPGSS.SCR --------- 307056   
  25.11.2009 02:36     C:\windows\Sfc3ng.INI --------- 604   
  13.11.2009 17:09     C:\windows\hmview.ini --------- 46   
  08.11.2009 17:20     C:\windows\Irremote.ini --------- 4767   
  29.10.2009 13:22     C:\windows\HotFixList.ini --------- 2   
  08.10.2009 03:48     C:\windows\ativpsrm.bin --------- 0   
  07.10.2009 12:16     C:\windows\Csup.txt --------- 10   
  17.09.2009 21:00     C:\windows\SetLCDStretchMode.exe --------- 345600   
  18.08.2009 18:16     C:\windows\RtlExUpd.dll --------- 831488   
  28.07.2009 12:37     C:\windows\atiogl.xml --------- 18632   
  14.07.2009 06:41     C:\windows\WindowsShell.Manifest --------- 749   
  14.07.2009 03:14     C:\windows\write.exe --------- 9216   
  14.07.2009 03:14     C:\windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\windows\twunk_32.exe --------- 31232   
  14.07.2009 03:14     C:\windows\regedit.exe --------- 398336   
  14.07.2009 03:14     C:\windows\notepad.exe --------- 179712   
  14.07.2009 03:14     C:\windows\hh.exe --------- 15360   
  14.07.2009 03:14     C:\windows\HelpPane.exe --------- 497152   
  14.07.2009 03:14     C:\windows\fveupdate.exe --------- 13824   
  14.07.2009 00:58     C:\windows\mib.bin --------- 43131   
  10.06.2009 23:46     C:\windows\system.ini --------- 219   
  10.06.2009 23:42     C:\windows\_default.pif --------- 707   
  10.06.2009 23:42     C:\windows\winhelp.exe --------- 256192   
  10.06.2009 23:41     C:\windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\windows\twain.dll --------- 94784   
  10.06.2009 23:34     C:\windows\WMSysPr9.prx --------- 316640   
  10.06.2009 23:19     C:\windows\msdfmap.ini --------- 1405   
  10.06.2009 23:14     C:\windows\Starter.xml --------- 48201   
  10.06.2009 23:14     C:\windows\HomePremium.xml --------- 48265   
  09.06.2009 23:28     C:\windows\agrsmdel.exe --------- 64000   
  15.04.2009 04:21     C:\windows\SetDisplayResolution.exe --------- 307200   
  19.12.2008 21:04     C:\windows\SetDisplayResolutionNP.xml --------- 3282   
  19.12.2008 21:04     C:\windows\SetDisplayResolutionDT.xml --------- 3282   
----------------------------------------

 
C:\windows\System

 13.07.2009 23:41      C:\windows\System\OLESVR.DLL --------- 24064 
 13.07.2009 23:41      C:\windows\System\WFWNET.DRV --------- 12704 
 13.07.2009 23:41      C:\windows\System\COMMDLG.DLL --------- 32816 
 13.07.2009 23:41      C:\windows\System\TIMER.DRV --------- 4048 
 13.07.2009 23:41      C:\windows\System\MMSYSTEM.DLL --------- 68992 
 13.07.2009 23:41      C:\windows\System\mmtask.tsk --------- 1152 
 13.07.2009 23:41      C:\windows\System\mouse.drv --------- 2032 
 13.07.2009 23:41      C:\windows\System\vga.drv --------- 2176 
 13.07.2009 23:41      C:\windows\System\sound.drv --------- 1744 
 13.07.2009 23:41      C:\windows\System\keyboard.drv --------- 2000 
 13.07.2009 23:41      C:\windows\System\SHELL.DLL --------- 5120 
 13.07.2009 23:41      C:\windows\System\system.drv --------- 3360 
 10.06.2009 23:42      C:\windows\System\ver.dll --------- 9008 
 10.06.2009 23:42      C:\windows\System\olecli.dll --------- 82944 
 10.06.2009 23:42      C:\windows\System\lzexpand.dll --------- 9936 
 10.06.2009 23:25      C:\windows\System\stdole.tlb --------- 5532 
 10.06.2009 23:21      C:\windows\System\msvideo.dll --------- 126912 
 10.06.2009 23:21      C:\windows\System\mciwave.drv --------- 28160 
 10.06.2009 23:21      C:\windows\System\mciseq.drv --------- 25264 
 10.06.2009 23:21      C:\windows\System\mciavi.drv --------- 73376 
 10.06.2009 23:21      C:\windows\System\avifile.dll --------- 109456 
 10.06.2009 23:21      C:\windows\System\avicap.dll --------- 69584 
----------------------------------------

 
C:\windows\System32

 18.04.2011 23:31     C:\windows\system32\drivers --------- 65536  
 18.04.2011 23:30     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14512  
 18.04.2011 23:30     C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14512  
 18.04.2011 23:23     C:\windows\system32\config --------- 24576  
 18.04.2011 23:23     C:\windows\system32\wbem --------- 65536  
 18.04.2011 23:22     C:\windows\system32\AdvancedInstallers --------- 0  
 18.04.2011 23:21     C:\windows\system32\Boot --------- 0  
 18.04.2011 23:21     C:\windows\system32\catroot2 --------- 24576  
 18.04.2011 23:21     C:\windows\system32\CodeIntegrity --------- 0  
 18.04.2011 23:21     C:\windows\system32\da-DK --------- 0  
 18.04.2011 23:21     C:\windows\system32\cs-CZ --------- 0  
 18.04.2011 23:21     C:\windows\system32\de-DE --------- 262144  
 18.04.2011 23:21     C:\windows\system32\Dism --------- 0  
 18.04.2011 23:21     C:\windows\system32\DriverStore --------- 4096  
 18.04.2011 23:21     C:\windows\system32\es-ES --------- 0  
 18.04.2011 23:21     C:\windows\system32\manifeststore --------- 0  
 18.04.2011 23:21     C:\windows\system32\migration --------- 0  
 18.04.2011 23:21     C:\windows\system32\migwiz --------- 4096  
 18.04.2011 23:21     C:\windows\system32\MUI --------- 0  
 18.04.2011 23:21     C:\windows\system32\oobe --------- 0  
 18.04.2011 23:21     C:\windows\system32\Setup --------- 0  
 18.04.2011 23:21     C:\windows\system32\Speech --------- 0  
 18.04.2011 23:21     C:\windows\system32\spp --------- 0  
 18.04.2011 23:21     C:\windows\system32\SPReview --------- 0  
 18.04.2011 23:21     C:\windows\system32\sppui --------- 0  
 18.04.2011 23:21     C:\windows\system32\sysprep --------- 0  
 18.04.2011 23:21     C:\windows\system32\XPSViewer --------- 0  
 18.04.2011 22:41     C:\windows\system32\mbr.log --------- 309  
 18.04.2011 21:43     C:\windows\system32\Tasks --------- 4096  
 18.04.2011 21:37     C:\windows\system32\mbr.exe --------- 89088  
 18.04.2011 21:03     C:\windows\system32\perfh009.dat --------- 708078  
 18.04.2011 21:03     C:\windows\system32\perfc009.dat --------- 143082  
 18.04.2011 21:03     C:\windows\system32\perfh007.dat --------- 764762  
 18.04.2011 21:03     C:\windows\system32\perfc007.dat --------- 176878  
 18.04.2011 21:03     C:\windows\system32\PerfStringBackup.INI --------- 1790536  
 16.04.2011 14:24     C:\windows\system32\catroot --------- 4096  
 15.04.2011 12:39     C:\windows\system32\FNTCACHE.DAT --------- 411504  
 15.04.2011 12:32     C:\windows\system32\msclmd.dll --------- 152576  
 15.04.2011 11:00     C:\windows\system32\EventProviders --------- 0  
 15.04.2011 10:54     C:\windows\system32\MRT.exe --------- 39828936  
 14.03.2011 12:18     C:\windows\system32\NDF --------- 0  
 11.03.2011 07:33     C:\windows\system32\mfc42u.dll --------- 1164288  
 11.03.2011 07:33     C:\windows\system32\mfc42.dll --------- 1137664  
 08.03.2011 07:28     C:\windows\system32\inetcomm.dll --------- 741376  
 07.03.2011 07:33     C:\windows\system32\wininet.dll --------- 981504  
 07.03.2011 07:33     C:\windows\system32\urlmon.dll --------- 1230336  
 07.03.2011 07:31     C:\windows\system32\mshtml.dll --------- 5981696  
 07.03.2011 07:31     C:\windows\system32\jsproxy.dll --------- 48128  
 07.03.2011 07:31     C:\windows\system32\ieui.dll --------- 176640  
 07.03.2011 07:31     C:\windows\system32\ieframe.dll --------- 10990080  
 07.03.2011 05:52     C:\windows\system32\mshtml.tlb --------- 1638912  
 03.03.2011 07:38     C:\windows\system32\dnsrslvr.dll --------- 132608  
 03.03.2011 07:38     C:\windows\system32\dnsapi.dll --------- 270336  
 03.03.2011 07:36     C:\windows\system32\dnscacheugc.exe --------- 28672  
 03.03.2011 05:42     C:\windows\system32\win32k.sys --------- 2333184  
 24.02.2011 07:38     C:\windows\system32\XpsGdiConverter.dll --------- 288256  
 19.02.2011 08:30     C:\windows\system32\FntCache.dll --------- 805376  
 19.02.2011 08:30     C:\windows\system32\DWrite.dll --------- 1076736  
 19.02.2011 08:30     C:\windows\system32\d2d1.dll --------- 739840  
 19.02.2011 08:30     C:\windows\system32\atmlib.dll --------- 34304  
 19.02.2011 06:34     C:\windows\system32\atmfd.dll --------- 294912  
 18.02.2011 07:43     C:\windows\system32\vbscript.dll --------- 428032  
 18.02.2011 07:41     C:\windows\system32\jscript.dll --------- 716800  
 13.02.2011 03:35     C:\windows\system32\en-US --------- 221184  
 12.02.2011 07:35     C:\windows\system32\FXSCOVER.exe --------- 191488  
 17.01.2011 07:47     C:\windows\system32\d3d10_1.dll --------- 161792  
 16.01.2011 23:48     C:\windows\system32\Setup.dll --------- 126464  
 07.01.2011 09:46     C:\windows\system32\XpsPrint.dll --------- 870912  
 23.12.2010 07:54     C:\windows\system32\sbe.dll --------- 850944  
 23.12.2010 07:54     C:\windows\system32\CPFilters.dll --------- 642048  
 23.12.2010 07:54     C:\windows\system32\EncDec.dll --------- 534528  
 23.12.2010 07:50     C:\windows\system32\mpg2splt.ax --------- 199680  
 17.12.2010 09:07     C:\windows\system32\kerberos.dll --------- 542208  
 10.12.2010 19:29     C:\windows\system32\sqlctr90.dll --------- 64864  
 10.12.2010 19:29     C:\windows\system32\sqlncli.dll --------- 2248032  
 06.12.2010 15:58     C:\windows\system32\abgx360.exe --------- 2496715  
 29.11.2010 18:38     C:\windows\system32\QuickTimeVR.qtx --------- 94208  
 29.11.2010 18:38     C:\windows\system32\QuickTime.qts --------- 69632  
 20.11.2010 14:36     C:\windows\system32\Narrator.exe --------- 1077248  
 20.11.2010 14:36     C:\windows\system32\NAPHLPR.DLL --------- 107008  
 20.11.2010 14:36     C:\windows\system32\NAPCRYPT.DLL --------- 46080  
 20.11.2010 14:32     C:\windows\system32\AuthFWSnapin.dll --------- 5066752  
 20.11.2010 14:30     C:\windows\system32\ntoskrnl.exe --------- 3911040  
 20.11.2010 14:30     C:\windows\system32\ntkrnlpa.exe --------- 3966848  
 20.11.2010 14:29     C:\windows\system32\mcupdate_GenuineIntel.dll --------- 520064  
 20.11.2010 14:29     C:\windows\system32\halacpi.dll --------- 137088  
 20.11.2010 14:29     C:\windows\system32\hal.dll --------- 194432  
 20.11.2010 14:29     C:\windows\system32\halmacpi.dll --------- 194432  
 20.11.2010 14:29     C:\windows\system32\bootres.dll --------- 2217856  
 20.11.2010 14:29     C:\windows\system32\consent.exe --------- 101760  
 20.11.2010 14:24     C:\windows\system32\ntdll.dll --------- 1288488  
 20.11.2010 14:24     C:\windows\system32\fveapi.dll --------- 271664  
 20.11.2010 14:24     C:\windows\system32\winresume.exe --------- 442720  
 20.11.2010 14:24     C:\windows\system32\winload.exe --------- 508904  
 20.11.2010 14:24     C:\windows\system32\ci.dll --------- 690680  
 20.11.2010 14:23     C:\windows\system32\basecsp.dll --------- 144768  
 20.11.2010 14:21     C:\windows\system32\zipfldr.dll --------- 327680  
 20.11.2010 14:21     C:\windows\system32\XpsRasterService.dll --------- 135168  
 20.11.2010 14:21     C:\windows\system32\xpsservices.dll --------- 1712640  
 20.11.2010 14:21     C:\windows\system32\wwanprotdim.dll --------- 40960  
----------------------------------------

 
C:\windows\Prefetch

----------------------------------------

 
C:\windows\Tasks

 18.04.2011 23:23     C:\windows\Tasks\SA.DAT --------- 6  
 18.04.2011 22:43     C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job --------- 1078  
 18.04.2011 22:43     C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job --------- 1130  
 28.02.2011 09:23     C:\windows\Tasks\SCHEDLGU.TXT --------- 32632  
----------------------------------------

 
C:\windows\Temp

 18.04.2011 23:23     C:\windows\Temp\lpksetup-20110418-232350-0.log --------- 3500  
 18.04.2011 23:09     C:\windows\Temp\lpksetup-20110418-230857-0.log --------- 3500  
 18.04.2011 22:52     C:\windows\Temp\lpksetup-20110418-225221-0.log --------- 3500  
 18.04.2011 21:59     C:\windows\Temp\Cookies --------- 0  
 18.04.2011 21:49     C:\windows\Temp\History --------- 0  
 18.04.2011 21:49     C:\windows\Temp\Temporary Internet Files --------- 0  
 18.04.2011 20:57     C:\windows\Temp\lpksetup-20110418-205713-0.log --------- 3500  
 18.04.2011 11:32     C:\windows\Temp\lpksetup-20110418-113220-0.log --------- 3500  
----------------------------------------

 
C:\Users\Fireball\AppData\Local\Temp

 18.04.2011 23:33     C:\Users\Fireball\AppData\Local\Temp\~DF5E823017F53DE822.TMP --------- 81920  
 18.04.2011 23:31     C:\Users\Fireball\AppData\Local\Temp\~DF283559A38E35B79D.TMP --------- 81920  
 18.04.2011 23:30     C:\Users\Fireball\AppData\Local\Temp\CVR57FE.tmp.cvr --------- 0  
 18.04.2011 23:24     C:\Users\Fireball\AppData\Local\Temp\WPDNSE --------- 0  
 18.04.2011 23:22     C:\Users\Fireball\AppData\Local\Temp\~nsu.tmp --------- 0  
 18.04.2011 21:39     C:\Users\Fireball\AppData\Local\Temp\utt222.tmp.bat --------- 53  
 18.04.2011 21:39     C:\Users\Fireball\AppData\Local\Temp\utt222.tmp --------- 0  
 18.04.2011 21:20     C:\Users\Fireball\AppData\Local\Temp\CVR8E2B.tmp.cvr --------- 0  
 18.04.2011 21:11     C:\Users\Fireball\AppData\Local\Temp\CVR4346.tmp.cvr --------- 0  
 18.04.2011 22:47     C:\Users\Fireball\AppData\Local\Temp\hsperfdata_Fireball --------- 0  
 18.04.2011 21:05     C:\Users\Fireball\AppData\Local\Temp\0.8775945902354931.exe --------- 168279  
 18.04.2011 20:48     C:\Users\Fireball\AppData\Local\Temp\tmpF59E.tmp --------- 569344  
 18.04.2011 20:48     C:\Users\Fireball\AppData\Local\Temp\tmp46AA.tmp --------- 569344  
 18.04.2011 20:48     C:\Users\Fireball\AppData\Local\Temp\woanecmrsx.exe --------- 89088  
 18.04.2011 20:48     C:\Users\Fireball\AppData\Local\Temp\err.log33402762 --------- 29184  
 18.04.2011 11:32     C:\Users\Fireball\AppData\Local\Temp\CVRD4EA.tmp.cvr --------- 0  
 12.03.2011 13:14     C:\Users\Fireball\AppData\Local\Temp\Low --------- 0  
 29.10.2009 13:24     C:\Users\Fireball\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 14.07.2009 03:14     C:\Users\Fireball\AppData\Local\Temp\esarncwmox.exe --------- 47104  
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\ProgramData\.. 

Fireball    
Mcx1-FIREBALL-PC    
Public    
Default    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com
127.0.0.1	123simsen.com
127.0.0.1	www.123simsen.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	125sms.co.uk
127.0.0.1	www.125sms.co.uk
127.0.0.1	125sms.com
127.0.0.1	www.125sms.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	1337crew.info
127.0.0.1	www.1337crew.info
127.0.0.1	www.1337-crew.to
127.0.0.1	1337-crew.to
127.0.0.1	136136.net
127.0.0.1	www.136136.net
127.0.0.1	www.150freesms.de
127.0.0.1	150freesms.de
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
127.0.0.1	17concepts.info
127.0.0.1	www.17concepts.info
127.0.0.1	17-plus.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.1800searchonline.com
127.0.0.1	180searchassistant.com
127.0.0.1	www.180searchassistant.com
127.0.0.1	180solutions.com
127.0.0.1	www.180solutions.com
127.0.0.1	181.365soft.info
127.0.0.1	www.181.365soft.info
127.0.0.1	1987324.com
127.0.0.1	www.1987324.com
127.0.0.1	1-domains-registrations.com
127.0.0.1	www.1-domains-registrations.com
127.0.0.1	www.1sexparty.com
127.0.0.1	1sexparty.com
127.0.0.1	www.1sms.de
127.0.0.1	1sms.de
127.0.0.1	www.1spybot.com
127.0.0.1	1spybot.com
127.0.0.1	www.1stantivirus.com
127.0.0.1	1stantivirus.com
127.0.0.1	www.1stpagehere.com
127.0.0.1	1stpagehere.com
127.0.0.1	www.1stsearchportal.com
127.0.0.1	1stsearchportal.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            12 K
System                           4 Services                   0         6.400 K
smss.exe                       336 Services                   0           800 K
csrss.exe                      472 Services                   0         3.308 K
wininit.exe                    544 Services                   0         3.208 K
csrss.exe                      568 Console                    1         6.048 K
services.exe                   592 Services                   0         9.088 K
lsass.exe                      616 Services                   0         7.552 K
lsm.exe                        624 Services                   0         4.436 K
svchost.exe                    736 Services                   0         7.004 K
winlogon.exe                   816 Console                    1         4.608 K
svchost.exe                    880 Services                   0         6.132 K
atiesrxx.exe                   920 Services                   0         2.988 K
svchost.exe                   1016 Services                   0        15.416 K
svchost.exe                   1064 Services                   0        64.564 K
svchost.exe                   1104 Services                   0        33.028 K
svchost.exe                   1240 Services                   0        11.504 K
atieclxx.exe                  1308 Console                    1         4.164 K
svchost.exe                   1344 Services                   0         4.168 K
svchost.exe                   1420 Services                   0        16.744 K
spoolsv.exe                   1568 Services                   0         8.824 K
sched.exe                     1616 Services                   0         1.532 K
svchost.exe                   1640 Services                   0         5.408 K
agrsmsvc.exe                  1760 Services                   0         1.984 K
avguard.exe                   1780 Services                   0        11.584 K
AppleMobileDeviceService.     1808 Services                   0         6.180 K
BcmSqlStartupSvc.exe          1836 Services                   0         2.720 K
mDNSResponder.exe             1864 Services                   0         4.568 K
svchost.exe                   1896 Services                   0        11.600 K
Rezip.exe                     1948 Services                   0         3.516 K
sqlbrowser.exe                1980 Services                   0         3.136 K
sqlwriter.exe                 2008 Services                   0         4.736 K
svchost.exe                    420 Services                   0         4.024 K
avshadow.exe                  2252 Services                   0         3.300 K
conhost.exe                   2260 Services                   0         2.036 K
alg.exe                       2436 Services                   0         3.580 K
svchost.exe                   2544 Services                   0         4.088 K
TrustedInstaller.exe          2688 Services                   0         6.284 K
taskeng.exe                   2916 Console                    1         4.644 K
taskhost.exe                  2940 Console                    1        49.916 K
dwm.exe                       2948 Console                    1        46.052 K
explorer.exe                  3028 Console                    1       114.284 K
SUPBackGround.exe             3060 Console                    1         1.708 K
SSCKbdHk.exe                  3116 Console                    1           764 K
SearchIndexer.exe             3788 Services                   0        27.064 K
wmpnetwk.exe                  3872 Services                   0         4.660 K
svchost.exe                   1692 Services                   0         6.568 K
firefox.exe                   3964 Console                    1       111.164 K
plugin-container.exe          3008 Console                    1        37.844 K
OUTLOOK.EXE                   2884 Console                    1       123.668 K
OSPPSVC.EXE                   3616 Services                   0         8.948 K
WmiPrvSE.exe                  1184 Services                   0         5.112 K
mbam.exe                      3296 Console                    1        90.004 K
cmd.exe                       3332 Console                    1         4.180 K
conhost.exe                   3632 Console                    1        20.504 K
SearchProtocolHost.exe        3620 Services                   0         6.408 K
SearchFilterHost.exe          2040 Services                   0         4.588 K
tasklist.exe                  3452 Console                    1         4.360 K

 
***** Ende des Scans 18.04.2011 um 23:34:23,12 ***
         
__________________

Geändert von Floppar (18.04.2011 um 23:10 Uhr)

Alt 19.04.2011, 05:27   #4
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Falls noch nicht vorhanden lade es herunter, ansonsten Update ziehen und die Anleitung einhalten:

1.
Du hast deine ersten Scanergebnisse von Malwarebytes bestimmt noch, wo alle entfernten Objekte liegen? Zeige mir bitte das Protokoll. Wenn mehrere Ergebnissen vorliegen, alle posten

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Setze ein Häckchen bei Scan All Users.
  • Unter Standard Registry wähle bitte All
  • Unter Extra Registry, wähle bitte Use SafeList
  • Schliesse bitte alle laufenden Programme.
  • Klicke nun auf Run Scan ( links oben ).
  • nach Beendigung des Scans werden 2 Logfiles auf dem Desktop erstellt
  • Poste den Inhalt von OTL.txt und Extra.txt hier in Deinen Thread
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (19.04.2011 um 05:34 Uhr)

Alt 19.04.2011, 05:27   #5
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6391

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18.04.2011 22:03:30
mbam-log-2011-04-18 (22-03-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 82397
Laufzeit: 33 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqujaneyule (Trojan.Hiloti) -> Value: Uqujaneyule -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
         


Alt 19.04.2011, 09:22   #6
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Code:
ATTFilter
OTL Extras logfile created on: 4/19/2011 6:30:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/18/2011 3:05:32 PM | Computer Name = Fireball-PC | Source = ESENT | ID = 215
Description = WinMail (3184) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 4/18/2011 4:52:36 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 4/18/2011 5:09:40 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 4/18/2011 5:24:22 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 4/18/2011 5:30:37 PM | Computer Name = Fireball-PC | Source = MBAMService | ID = 131073
Description = 
 
Error - 4/18/2011 8:58:16 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 8:58:37 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/18/2011 9:00:17 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 9:00:18 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 9:00:20 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung.  11:03:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung.  11:03:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 4/18/2011 5:55:51 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/18/2011 5:57:02 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 4/18/2011 5:57:04 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 4/18/2011 5:57:33 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/19/2011 6:30:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 23:22:17 | 000,000,000 | ---D | M]
 
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/18 20:53:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com
[2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml
[2011/01/17 23:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 17:09:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/29 17:19:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/10/29 17:19:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/05/04 11:59:05 | 000,393,182 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes
[2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll
[2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll
[2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll
[2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll
[2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll
[2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe
[2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll
[2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll
[2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe
[2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe
[2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll
[2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll
[2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll
[2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll
[2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll
[2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll
[2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll
[2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll
[2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll
[2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll
[2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll
[2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll
[2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll
[2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll
[2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe
[2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll
[2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll
[2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe
[2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll
[2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll
[2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll
[2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll
[2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll
[2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll
[2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll
[2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll
[2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll
[2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll
[2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll
[2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe
[2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll
[2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe
[2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll
[2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll
[2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll
[2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll
[2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll
[2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll
[2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll
[2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll
[2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe
[2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll
[2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll
[2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe
[2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll
[2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll
[2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL
[2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll
[2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll
[2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll
[2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll
[2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL
[2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll
[2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll
[2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll
[2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL
[2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll
[2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll
[2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll
[2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll
[2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll
[2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe
[2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll
[2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll
[2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll
[2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe
[2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe
[2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe
[2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll
[2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe
[2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll
[2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll
[2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll
[2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll
[2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL
[2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe
[2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll
[2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll
[2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll
[2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll
[2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll
[2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll
[2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll
[2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll
[2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll
[2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll
[2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll
[2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll
[2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll
[2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL
[2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll
[2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll
[2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll
[2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll
[2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll
[2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll
[2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe
[2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll
[2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll
[2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll
[2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll
[2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll
[2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll
[2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll
[2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll
[2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll
[2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe
[2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys
[2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll
[2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll
[2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll
[2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll
[2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll
[2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll
[2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll
[2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll
[2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr
[2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe
[2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll
[2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll
[2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll
[2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll
[2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll
[2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll
[2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll
[2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll
[2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll
[2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll
[2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll
[2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll
[2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll
[2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll
[2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll
[2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll
[2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll
[2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe
[2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll
[2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll
[2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl
[2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll
[2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL
[2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll
[2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll
[2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe
[2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll
[2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll
[2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll
[2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll
[2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll
[2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll
[2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx
[2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe
[2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll
[2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe
[2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll
[2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll
[2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll
[2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll
[2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll
[2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll
[2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl
[2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl
[2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll
[2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll
[2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll
[2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll
[2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl
[2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe
[2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll
[2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll
[2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe
[2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll
[2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll
[2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll
[2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll
[2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll
[2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll
[2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll
[2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax
[2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe
[2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll
[2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll
[2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll
[2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll
[2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll
[2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll
[2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe
[2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe
[2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe
[2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll
[2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax
[2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll
[2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll
[2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe
[2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll
[2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL
[2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll
[2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll
[2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe
[2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll
[2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll
[2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll
[2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll
[2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp
[2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe
[2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll
[2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll
[2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll
[2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe
[2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe
[2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll
[2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe
[2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll
[2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll
[2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr
[2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll
[2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll
[2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll
[2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll
[2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll
[2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll
[2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll
[2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe
[2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe
[2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll
[2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll
[2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll
[2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe
[2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe
[2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll
[2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe
[2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll
[2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll
[2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll
[2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll
[2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll
[2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll
[2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll
[2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe
[2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL
[2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll
[2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe
[2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe
[2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL
[2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll
[2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll
[2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr
[2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll
[2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll
[2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll
[2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe
[2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll
[2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys
[2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll
[2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe
[2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe
[2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll
[2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll
[2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll
[2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll
[2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll
[2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL
[2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL
[2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll
[2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll
[2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe
[2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll
[2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr
[2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr
[2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll
[2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll
[2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll
[2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll
[2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax
[2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl
[2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe
[2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll
[2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax
[2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL
[2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll
[2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll
[2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe
[2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll
[2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe
[2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe
[2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll
[2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe
[2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe
[2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll
[2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll
[2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll
[2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll
[2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll
[2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe
[2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll
[2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll
[2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe
[2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL
[2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe
[2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll
[2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll
[2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll
[2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL
[2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll
[2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll
[2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe
[2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe
[2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl
[2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll
[2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll
[2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll
[2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll
[2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll
[2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe
[2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll
[2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll
[2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll
[2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll
[2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll
[2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll
[2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe
[2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll
[2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll
[2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe
[2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe
[2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll
[2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll
[2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME
[2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll
[2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll
[2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll
[2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll
[2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe
[2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax
[2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll
[2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll
[2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe
[2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe
[2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll
[2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll
[2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe
[2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe
[2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll
[2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax
[2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll
[2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll
[2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe
[2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax
[2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll
[2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll
[2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys
[2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe
[2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll
[2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll
[2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll
[2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll
[2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll
[2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll
[2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll
[2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll
[2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll
[2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll
[2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll
[2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll
[2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime
[2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll
[2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll
[2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll
[2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll
[2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll
[2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll
[2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll
[2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll
[2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll
[2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys
[2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL
[2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll
[2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll
[2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL
[2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL
[2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll
[2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll
[2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll
[2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL
[2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll
[2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll
[2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll
[2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe
[2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll
[2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll
[2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll
[2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe
[2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/19 05:43:05 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job
[2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 23:57:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/18 23:56:58 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/18 22:43:03 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job
[2011/04/18 21:37:34 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
 
========== Files Created - No Company Name ==========
 
[2011/04/19 06:22:31 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/18 21:37:18 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011/04/18 20:50:22 | 000,000,120 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat
[2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini
[2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys
[2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI
[2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/04/18 23:59:40 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple
[2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360
[2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech
[2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite
[2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0
[2011/04/16 22:24:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ
[2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView
[2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec
[2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda
[2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper
[2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian
[2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client
[2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W
[2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net
[2011/01/02 18:42:18 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\XBMC
[2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 19.04.2011, 20:29   #7
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Es läuft bis auf ein einzige Ausnahme ganz gut und zwar, dass Firefox mich öfters auf andere Seiten schickt, welche ich gar nicht gesucht habe per Google.
Sprich Google verlinkt mich sogesehen falsch auf andere Seiten...

Geändert von Floppar (19.04.2011 um 20:49 Uhr)

Alt 19.04.2011, 22:11   #8
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



1.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
PRC - C:\Windows\System32\Rezip.exe ()
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
[2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec

:Commands
[purity]
[resethosts]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (19.04.2011 um 22:17 Uhr)

Alt 19.04.2011, 22:21   #9
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Code:
ATTFilter
abgx360 v1.0.5		18.04.2011		
Adobe AIR	Adobe Systems Inc.	18.04.2011		1.1.0.5790
Adobe Dreamweaver CS4	Adobe Systems Incorporated	18.04.2011	826,7MB	10.0
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.04.2011	6,00MB	10.1.102.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	18.04.2011	6,00MB	10.2.153.1
Adobe Media Player	Adobe Systems Incorporated	18.04.2011		1.1
Adobe Reader 9.4.3 - Deutsch	Adobe Systems Incorporated	06.04.2011	185,1MB	9.4.3
Apple Application Support	Apple Inc.	10.01.2011	52,7MB	1.4.1
Apple Mobile Device Support	Apple Inc.	10.01.2011	21,7MB	3.3.0.69
Apple Software Update	Apple Inc.	08.11.2009	2,16MB	2.1.1.116
Atheros Client Installation Program	Atheros	04.07.2010		7.0
ATI Catalyst Install Manager	ATI Technologies, Inc.	06.10.2009	13,8MB	3.0.741.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	18.04.2011	59,8MB	10.0.0.635
Bonjour	Apple Inc.	17.10.2010	0,96MB	2.0.3.0
Business Contact Manager für Outlook 2007 SP2	Microsoft Corporation	18.04.2011		3.0.8619.1
CCleaner	Piriform	18.04.2011		2.32
ChargeableUSB	SAMSUNG	06.10.2009		1.0.0.0
DivX Converter	DivX, Inc.	18.04.2011		7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	18.04.2011		
DivX-Setup	DivX, Inc. 	18.04.2011		1.0.2.22
Easy Display Manager	Samsung Electronics Co., Ltd.	06.10.2009		3.0
ffdshow v1.1.3562 [2010-09-07]		01.01.2011	16,8MB	1.1.3562.0
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	03.04.2011	36,0MB	
HijackThis 2.0.2	TrendMicro	18.04.2011		2.0.2
ICQ7.2	ICQ	07.08.2010		7.2
ImgBurn	LIGHTNING UK!	12.01.2011		2.5.5.0
Intel® Matrix Storage Manager	Intel Corporation	18.04.2011		
IrfanView (remove only)		18.04.2011		
iTunes	Apple Inc.	10.01.2011	144,8MB	10.1.1.4
Java DB 10.6.2.1	Oracle	18.04.2011	29,9MB	10.6.2.1
Java(TM) 6 Update 24	Oracle	18.04.2011	96,9MB	6.0.240
Java(TM) SE Development Kit 6 Update 24	Oracle	18.04.2011	151,6MB	1.6.0.240
JDownloader	AppWork UG (haftungsbeschränkt)	18.04.2011		0.89
K-Lite Codec Pack 4.4.5 (Full)		28.10.2009		4.4.5
LSI HDA Modem	LSI Corporation	18.04.2011	16,00KB	2.2.97
Malwarebytes' Anti-Malware	Malwarebytes Corporation	17.04.2011	10,5MB	
Marvell Miniport Driver	Marvell	18.04.2011		10.70.3.3
Microsoft .NET Framework 1.1		18.04.2011		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.04.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	18.04.2011	52,0MB	4.0.30319
Microsoft Office Outlook Connector	Microsoft Corporation	29.09.2010	3,36MB	14.0.5118.5000
Microsoft Office Professional Plus 2010	Microsoft Corporation	18.04.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	20.02.2011	142,6MB	4.0.60129.0
Microsoft SQL Server 2005	Microsoft Corporation	18.04.2011		
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	28.10.2009	1,72MB	3.1.0000
Microsoft SQL Server Native Client	Microsoft Corporation	14.02.2011	2,63MB	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	14.02.2011	0,68MB	9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.10.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	03.11.2010	2,38MB	8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.10.2009	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	27.10.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	28.10.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.03.2010	0,58MB	9.0.30729.4148
Mozilla Firefox (3.6.16)	Mozilla	18.04.2011		3.6.16 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	29.10.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,33MB	4.20.9876.0
Nero Lite 9.4.13.2 Build.1.0	Scheccia	18.04.2011		1.0
NVIDIA PhysX	NVIDIA Corporation	27.10.2010	73,2MB	9.10.0513
Pidgin		18.04.2011		2.7.5
QuickTime	Apple Inc.	10.01.2011	73,7MB	7.69.80.9
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	27.08.2010		6.0.1.5948
REALTEK Wireless LAN Software	REALTEK Semiconductor Corp.	06.10.2009		1.01.0088
Samsung Recovery Solution 4	Samsung	06.10.2009		4.0.0.3
Samsung Support Center	Samsung	06.10.2009	40,8MB	1.0.1
Samsung Update Plus	Samsung Electronics Co., Ltd.	06.10.2009		2.0
Spybot - Search & Destroy	Safer Networking Limited	03.05.2010		1.6.2
Steam	Valve Corporation	27.06.2010	1,49MB	1.0.0.0
SUPERAntiSpyware Free Edition	SUPERAntiSpyware.com	03.05.2010	31,8MB	4.36.0.1006
Synaptics Pointing Device Driver	Synaptics Incorporated	18.04.2011		15.0.10.0
Uninstall 1.0.0.1		03.04.2011	10,9MB	
Unity Web Player	Unity Technologies ApS	14.01.2010	12,0MB	2.6.1f3_31223
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	14.02.2011	36,3MB	9.00.5000.00
VLC media player 1.1.8	VideoLAN	18.04.2011		1.1.8
Winamp	Nullsoft, Inc	18.04.2011		5.61 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	15.04.2011	75,00KB	1.0.0.1
Windows Live Anmelde-Assistent	Microsoft Corporation	28.10.2009	1,94MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	18.04.2011		14.0.8117.0416
Windows Live Sync	Microsoft Corporation	25.06.2010	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	28.10.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	06.11.2009	0,29MB	1.0.0.8
WinRAR		18.04.2011
         
Code:
ATTFilter
All processes killed
========== OTL ==========
Process Rezip.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
File C:\windows\System32\drivers\bljcgx.sys not found.
C:\Users\Fireball\AppData\Local\Thobu.dat moved successfully.
C:\Users\Fireball\AppData\Roaming\lowsec folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fireball
->Temp folder emptied: 36189 bytes
->Temporary Internet Files folder emptied: 10183806 bytes
->Java cache emptied: 2858744 bytes
->FireFox cache emptied: 70383680 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8652 bytes
 
User: Mcx1-FIREBALL-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 69276 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1765032 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04192011_232227

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 20.04.2011, 08:55   #10
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Und ich hab jetzt öfters auch noch diesen Skriptfehler
mit der URL"hxxp://www2a.glam.com/mobile/detect.act?affiliateId=38198522"

Alt 20.04.2011, 09:57   #11
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Zu Punkt 1. und 2.:

Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an!
dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.
[Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Autorun-Funktion - was ist das?


1.
Malware-Scan mit Emsisoft Anti-Malware 5.0

Ohne Hintergrundwächter durchsucht Emsisoft Anti-Malware 5.0 den Computer auf Befall von Trojanern, Spyware, Adware, Würmern, Keyloggern, Rootkits, Dialern und anderen schädlichen Programmen. Das Programm ist geeignet für für Windows 98, ME, 2000, XP, 2003 Server und Vista.
  • Lade die Gratisversion von => Emsisoft Anti-Malware 5.0 herunter und installiere das Programm.
  • Lade über Jetzt Updaten die aktuellen Signaturen herunter.
  • Wähle den Freeware-Modus aus.
  • Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
  • Am Ende des Scans alle Funde markieren und über den Button Ausgewählte in Quarantäne schicken.
  • Über den Button Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten

2.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (20.04.2011 um 10:03 Uhr)

Alt 20.04.2011, 12:28   #12
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=18b20326dc4b98458ebb8b4c712697ec
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-20 11:25:42
# local_time=2011-04-20 01:25:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 30318252 30318252 0 0
# compatibility_mode=1797 16775165 100 94 137408 39827277 130586 0
# compatibility_mode=5893 16776574 100 94 128685 54921612 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=159926
# found=0
# cleaned=0
# scan_time=8321
         
Weiß nicht ob das vlt auch von Bedeutung ist, aber meine explorer.exe braucht immer ca 130MB Arbeitsspeicher, was mir persönlich sehr viel vorkommt?!

Code:
ATTFilter
Emsisoft Anti-Malware - Version 5.1
Letztes Update: 4/20/2011 11:11:45 AM
 
Scan Einstellungen:
 
Scan Methode: N/A
Objekte: Speicher, Traces, Cookies, C:\, D:\
Archiv Scan: Aus
Heuristik: Aus
ADS Scan: An
 
Scan Beginn:    4/20/2011 1:27:44 PM
 
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe     gefunden: Gen.Variant.Buzy!IK
 
Gescannt
 
Dateien:     164229
Traces:     624765
Cookies:     2
Prozesse:     52
 
Gefunden
 
Dateien:     1
Traces:     0
Cookies:     0
Prozesse:     0
Registry Keys:     0
 
Scan Ende:    4/20/2011 2:59:32 PM
Scan Zeit:    1:31:48
 
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe    Quarantäne Gen.Variant.Buzy!IK
 
Quarantäne
 
Dateien:     1
Traces:     0
Cookies:     0
         

Alt 20.04.2011, 21:44   #13
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



1.
gehe bitte mal auf Dienste, ob der Service "Rezip" deaktiviert ist?:
  • Klicke auf "Start" -> gibst Du in das Suchfeld "Dienste" ein
  • dann klicke im oberen Bereich mit der rechten Maustaste auf den Eintrag "Dienste"
  • und im Kontextmenü auf "Als Administrator ausführen" ->Anleitung/tipps4you.de
  • den ausgewählte Dienst auf deaktiviert setzen!

2.
kannst auch gleich auf deaktiviert setzen:
Code:
ATTFilter
Apple Mobile Device - Apple Inc.
Dienst "Bonjour" (Bonjour Service) 
iPod-Dienst (iPod Service)
         
- ausserdem:

3.
Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen
Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen
also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein!

4.
poste erneut eun neues OTL-Log
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (20.04.2011 um 21:50 Uhr)

Alt 20.04.2011, 21:58   #14
Floppar
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



Hab die Dienste deaktiviert und die Wiederherstellung deaktiviert und wieder aktiviert
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/20/2011 10:53:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Winamp\Elevator.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (a2acc) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsi Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 22:19:34 | 000,000,000 | ---D | M]
 
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/20 22:32:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com
[2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml
[2011/04/19 22:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/19 22:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/04/19 23:22:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fireball\Documents\Anti-Malware
[2011/04/20 08:29:50 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Local\AOL
[2011/04/19 22:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/19 22:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/19 22:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/04/19 22:19:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/04/19 22:19:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes
[2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll
[2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll
[2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll
[2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll
[2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll
[2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe
[2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll
[2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll
[2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe
[2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe
[2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll
[2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll
[2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll
[2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll
[2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll
[2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll
[2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll
[2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll
[2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll
[2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll
[2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll
[2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll
[2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll
[2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll
[2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe
[2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll
[2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll
[2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe
[2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll
[2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll
[2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll
[2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll
[2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll
[2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll
[2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll
[2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll
[2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll
[2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll
[2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll
[2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe
[2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll
[2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe
[2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll
[2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll
[2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll
[2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll
[2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll
[2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll
[2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll
[2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll
[2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe
[2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll
[2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll
[2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe
[2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll
[2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll
[2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL
[2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll
[2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll
[2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll
[2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll
[2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL
[2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll
[2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll
[2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll
[2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL
[2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll
[2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll
[2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll
[2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll
[2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll
[2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe
[2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll
[2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll
[2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll
[2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe
[2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe
[2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe
[2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll
[2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe
[2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll
[2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll
[2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll
[2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll
[2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL
[2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe
[2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll
[2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll
[2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll
[2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll
[2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll
[2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll
[2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll
[2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll
[2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll
[2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll
[2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll
[2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll
[2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll
[2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL
[2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll
[2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll
[2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll
[2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll
[2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll
[2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll
[2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe
[2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll
[2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll
[2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll
[2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll
[2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll
[2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll
[2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll
[2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll
[2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll
[2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe
[2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys
[2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll
[2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll
[2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll
[2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll
[2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll
[2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll
[2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll
[2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll
[2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr
[2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe
[2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll
[2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll
[2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll
[2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll
[2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll
[2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll
[2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll
[2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll
[2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll
[2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll
[2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll
[2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll
[2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll
[2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll
[2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll
[2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll
[2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll
[2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe
[2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll
[2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll
[2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl
[2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll
[2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL
[2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll
[2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll
[2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe
[2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll
[2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll
[2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll
[2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll
[2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll
[2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll
[2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx
[2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe
[2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll
[2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe
[2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll
[2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll
[2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll
[2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll
[2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll
[2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll
[2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl
[2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl
[2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll
[2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll
[2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll
[2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll
[2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl
[2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe
[2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll
[2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll
[2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe
[2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll
[2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll
[2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll
[2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll
[2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll
[2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll
[2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll
[2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax
[2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe
[2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll
[2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll
[2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll
[2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll
[2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll
[2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll
[2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe
[2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe
[2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe
[2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll
[2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax
[2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll
[2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll
[2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe
[2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll
[2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL
[2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll
[2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll
[2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe
[2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll
[2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll
[2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll
[2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll
[2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp
[2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe
[2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll
[2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll
[2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll
[2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe
[2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe
[2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll
[2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe
[2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll
[2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll
[2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr
[2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll
[2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll
[2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll
[2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll
[2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll
[2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll
[2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll
[2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe
[2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe
[2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll
[2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll
[2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll
[2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe
[2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe
[2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll
[2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe
[2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll
[2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll
[2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll
[2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll
[2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll
[2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll
[2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll
[2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe
[2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL
[2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll
[2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe
[2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe
[2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL
[2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll
[2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll
[2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr
[2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll
[2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll
[2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll
[2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe
[2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll
[2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys
[2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll
[2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe
[2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe
[2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll
[2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll
[2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll
[2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll
[2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll
[2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL
[2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL
[2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll
[2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll
[2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe
[2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll
[2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr
[2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr
[2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll
[2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll
[2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll
[2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll
[2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax
[2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl
[2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe
[2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll
[2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax
[2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL
[2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll
[2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll
[2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe
[2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll
[2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe
[2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe
[2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll
[2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe
[2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe
[2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll
[2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll
[2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll
[2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll
[2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll
[2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe
[2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll
[2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll
[2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe
[2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL
[2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe
[2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll
[2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll
[2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll
[2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL
[2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll
[2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll
[2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe
[2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe
[2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl
[2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll
[2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll
[2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll
[2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll
[2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll
[2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe
[2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll
[2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll
[2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll
[2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll
[2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll
[2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll
[2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe
[2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll
[2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll
[2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe
[2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe
[2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll
[2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll
[2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME
[2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll
[2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll
[2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll
[2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll
[2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe
[2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax
[2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll
[2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll
[2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe
[2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe
[2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll
[2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll
[2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe
[2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe
[2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll
[2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax
[2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll
[2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll
[2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe
[2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax
[2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll
[2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll
[2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys
[2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe
[2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll
[2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll
[2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll
[2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll
[2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll
[2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll
[2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll
[2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll
[2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll
[2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll
[2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll
[2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll
[2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime
[2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll
[2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll
[2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll
[2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll
[2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll
[2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll
[2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll
[2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll
[2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll
[2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys
[2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL
[2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll
[2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll
[2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL
[2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL
[2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll
[2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll
[2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll
[2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL
[2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll
[2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll
[2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll
[2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe
[2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll
[2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll
[2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll
[2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe
[2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/20 22:43:01 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job
[2011/04/20 22:43:00 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job
[2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 22:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/20 22:20:38 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 23:22:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/04/19 22:19:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
 
========== Files Created - No Company Name ==========
 
[2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat
[2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini
[2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys
[2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI
[2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/04/20 22:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple
[2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360
[2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech
[2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite
[2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0
[2011/04/20 08:30:57 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ
[2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView
[2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda
[2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper
[2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian
[2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client
[2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W
[2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net
[2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/20/2011 10:53:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2231
 
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2231
 
Error - 4/20/2011 9:59:12 AM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133, 
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x1414  Startzeit der fehlerhaften Anwendung: 0x01cbff609836e47b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 5e7471cc-6b56-11e0-baa1-00245412e07c
 
Error - 4/20/2011 2:28:07 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 2:28:31 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/20/2011 2:30:25 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 2:30:26 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 4:40:10 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133, 
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01cbff9adf75145f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 623cd1d2-6b8e-11e0-9b09-00245412e07c
 
Error - 4/20/2011 4:53:40 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133, 
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cbff9b23e1a53a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 44d4916b-6b90-11e0-9b09-00245412e07c
 
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung.  11:03:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung.  11:03:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 4/19/2011 4:22:16 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 4/19/2011 5:23:27 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 4/19/2011 5:24:15 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/20/2011 2:13:11 AM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 4/20/2011 2:14:39 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/20/2011 5:04:40 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%183
 
Error - 4/20/2011 4:20:48 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 4/20/2011 4:21:11 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
         
--- --- ---

Alt 20.04.2011, 23:03   #15
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Standard

TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart



OTL mit neue Skript ausführen, genauso wie hier beschrieben (unter Punkt 2.):-> http://www.trojaner-board.de/97667-t...tml#post642948
Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

:Commands
[emptytemp]
         
► berichte erneut über den Zustand des Computers
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart
aktion, antivir, appdata, autostart, datei, desktop, guten, heute, infos, komische, laptop, malwarebytes, meldung, namen, programm, sache, sachen, spinnt, temp, total, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, unerwünschtes programm, virus




Ähnliche Themen: TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart


  1. Falscher Parameter - Dll nicht gefunden - keine Ausführungen möglich
    Plagegeister aller Art und deren Bekämpfung - 13.03.2015 (5)
  2. TR/Crypt.XPACK.Gen auf Laptop gefunden. Wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (14)
  3. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  4. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  5. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  6. TR/Crypt.XPACK.Gen gefunden
    Log-Analyse und Auswertung - 13.04.2011 (1)
  7. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  8. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  9. TR/Crypt.XPACK.Gen - gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2010 (1)
  10. Trojanisches Pferd in verschiedenen Ausführungen (Vilsel/PCK/Crypt/Dldr)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (3)
  11. TR/Crypt.XPACK.Gen gefunden!
    Log-Analyse und Auswertung - 24.11.2009 (1)
  12. TR/Crypt.XPACK.Gen hat meinen Laptop infiziert
    Log-Analyse und Auswertung - 27.10.2009 (4)
  13. TR/Crypt.XPACK.GEN gefunden
    Log-Analyse und Auswertung - 13.06.2009 (0)
  14. TR/Crypt.XPACK.Gen gefunden
    Log-Analyse und Auswertung - 11.06.2009 (0)
  15. TR/Crypt.XPACK.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.04.2009 (17)
  16. TR/Crypt.XPACK.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.02.2009 (18)
  17. hartnäckiges Problem mit TR/Crypt.XPACK.Gen auf Laptop und Computer :(
    Plagegeister aller Art und deren Bekämpfung - 27.05.2007 (12)

Zum Thema TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart - Guten Tag, mich hat es heute auch mit einem "Trojaner" bzw Virus erwischt. Und zwar hab ich vorhin diese Meldung von meinem Antivir bekommen: Die Datei 'C:\Users\Fireball\AppData\Local\Temp\mnrcxsweao.exe' enthielt einen Virus - TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.