Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Email Account von der Telekom gesperrt (https://www.trojaner-board.de/96506-email-account-telekom-gesperrt.html)

bugbugbug 13.03.2011 20:08
Email Account von der Telekom gesperrt
 
Hi

Ich habe eine Email von der Abuse Abteilung bekommen. Die haben mir den Account gesperrt und jetzt kann ich keine Emails mehr versenden.

Zitat:
Sehr geehrte Kundin,
sehr geehrter Kunde,

über Ihren Zugang wurde unverlangte Werbung via E-Mail (sogenannter
Spam) an fremde Mailserver versandt. Dies ist gewöhnlich ein Indiz
dafür, dass Angreifer von außen auf Ihren Computer zugreifen können und
womöglich auch versuchen, Passwörter, Kreditkarten-, Bank- und sonstige
persönliche Daten abzufangen.

Wir geben Ihnen gern Hilfestellungen um weiteren Missbrauch zu vermeiden
und legen Ihnen daher den Inhalt dieser E-Mail ganz besonders ans Herz.

Wie geht es nun weiter? Derzeit gehen wir Hinweisen nach, die belegen,
dass über eine auf Ihrem Computer genutzten Einwahlkennung
(Kundenkonto) Spam versandt wurde. Wir bitten Sie daher dringend, Ihren
Computer auf eine Infektion durch Schadsoftware zu prüfen und diese zu
beheben.

Wir hoffen, folgende Informationen helfen Ihnen weiter:

Wie werten wir die gesendeten Hinweise aus?

Der Hinweisgeber sendet uns typischerweise eine Information, die einen
E-Mail-Header (Kopfzeilen mit dem Laufweg der E-Mail) oder vergleichbare
Daten beinhaltet. In diesen Daten ist eine IP-Adresse mit Zeitangaben
inklusive Zeitzone enthalten. Die übermittelten Daten sind in diesem
Fall:

IP-Adresse: xxxxxxx
Zeitangaben: 09.03.2011, 22:03:43 (MEZ)
.....
.....
.....
.....
Es sind aber mehrere Rechner im Netzwerk, deswegen kann ich nicht sagen welcher Rechner betroffen ist. Alle Rechner wurden mit Malwarebytes' Anti-Malware, Spybot Search & Destroy und Avast gescannt. Bei keinem wurde etwas festgestellt.

hier ist eine Auswertung vom Rootkit Scanner. Könnt ihr etwas auffälliges sehen?
Zitat:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-13 20:03:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500320AS rev.SD1A
Running: jlh0yyiz.exe; Driver: C:\Users\mrxdu\AppData\Local\Temp\pglcypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8A3579CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90A0CA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8A359EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8A359F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8A35A01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8A359E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8A359F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8A359E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8A359FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8A3579EE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90A0CB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8A3577B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8A357A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8A35A412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8A3584AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8A359EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8A359F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8A35A044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8A359E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8A359F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8A359E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8A359FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90A0CBB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8A358370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8A357A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8A357A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8A357812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8A35794E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8A35792A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8A357972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8A357A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90A218DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 830879C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A7512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 830AE760 4 Bytes [CA, 79, 35, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 830AE788 4 Bytes [68, CA, A0, 90]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 830AE83C 6 Bytes [AC, 9E, 35, 8A, 04, 9F]
.text ntoskrnl.exe!KeRemoveQueueEx + 1476 830AE843 1 Byte [8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 830AE848 4 Bytes [1A, A0, 35, 8A]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 832353A3 5 Bytes JMP 90A1D29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8325C8B4 5 Bytes JMP 90A1ED50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 8326300D 4 Bytes CALL 8A358E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 8329FBAC 4 Bytes CALL 8A358E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 833256C6 7 Bytes JMP 90A218E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spfj.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90C15000, 0x370952, 0xE8000020]
.text USBPORT.SYS!DllUnload 90B31CA0 5 Bytes JMP 861241D8
.text aggkn7sp.SYS 92170000 12 Bytes [44, 08, 02, 83, EE, 06, 02, ...] {INC ESP; OR [EDX], AL; SUB ESI, 0x6; ADD AL, [EBX-0x7cfe1860]}
.text aggkn7sp.SYS 9217000D 9 Bytes [E7, 01, 83, 48, 0B, 02, 83, ...] {OUT 0x1, EAX; OR DWORD [EAX+0xb], 0x2; ADD DWORD [EAX], 0x0}
.text aggkn7sp.SYS 92170017 79 Bytes [00, DE, 87, B1, 89, E6, 85, ...]
.text aggkn7sp.SYS 92170067 90 Bytes [83, 64, 6C, 08, 83, 20, 41, ...]
.text aggkn7sp.SYS 921700C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\Windows\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[444] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[444] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[444] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000C0120
.text C:\Windows\system32\wininit.exe[444] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000C006C
.text C:\Windows\system32\wininit.exe[444] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000C00E4
.text C:\Windows\system32\wininit.exe[444] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000C0030
.text C:\Windows\system32\wininit.exe[444] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000C00A8
.text C:\Windows\system32\services.exe[492] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Windows\system32\services.exe[492] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Windows\system32\lsass.exe[508] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\lsass.exe[508] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\lsass.exe[508] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000D0120
.text C:\Windows\system32\lsass.exe[508] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000D006C
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000D00E4
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000D0030
.text C:\Windows\system32\lsass.exe[508] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000D00A8
.text C:\Windows\system32\lsm.exe[516] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Windows\system32\lsm.exe[516] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text D:\Downloads\jlh0yyiz.exe[548] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text D:\Downloads\jlh0yyiz.exe[548] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text D:\Downloads\jlh0yyiz.exe[548] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00220120
.text D:\Downloads\jlh0yyiz.exe[548] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0022006C
.text D:\Downloads\jlh0yyiz.exe[548] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002200E4
.text D:\Downloads\jlh0yyiz.exe[548] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00220030
.text D:\Downloads\jlh0yyiz.exe[548] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002200A8
.text C:\Windows\system32\taskeng.exe[592] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\taskeng.exe[592] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\taskeng.exe[592] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[592] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[592] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[592] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[592] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000800A8
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\atiesrxx.exe[772] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Windows\system32\atiesrxx.exe[772] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Windows\system32\atiesrxx.exe[772] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Windows\system32\atiesrxx.exe[772] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Windows\system32\atiesrxx.exe[772] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Windows\system32\atiesrxx.exe[772] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Windows\system32\atiesrxx.exe[772] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000C0120
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000C006C
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000C00E4
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000C0030
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000C00A8
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00300120
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0030006C
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003000E4
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00300030
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003000A8
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00350120
.text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0035006C
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003500E4
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00350030
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003500A8
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00A60120
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 00A6006C
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 00A600E4
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00A60030
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 00A600A8
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1124] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00890120
.text C:\Windows\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0089006C
.text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 008900E4
.text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00890030
.text C:\Windows\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 008900A8
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\atieclxx.exe[1312] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Windows\system32\atieclxx.exe[1312] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Windows\system32\atieclxx.exe[1312] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00180120
.text C:\Windows\system32\atieclxx.exe[1312] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0018006C
.text C:\Windows\system32\atieclxx.exe[1312] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001800E4
.text C:\Windows\system32\atieclxx.exe[1312] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00180030
.text C:\Windows\system32\atieclxx.exe[1312] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001800A8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00290120
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0029006C
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002900E4
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00290030
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002900A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 76863D01 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\Dwm.exe[1572] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000F0120
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000F006C
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000F00E4
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000F0030
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000F00A8
.text C:\Windows\System32\spoolsv.exe[1596] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Windows\System32\spoolsv.exe[1596] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Windows\System32\spoolsv.exe[1596] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00140120
.text C:\Windows\System32\spoolsv.exe[1596] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0014006C
.text C:\Windows\System32\spoolsv.exe[1596] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001400E4
.text C:\Windows\System32\spoolsv.exe[1596] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00140030
.text C:\Windows\System32\spoolsv.exe[1596] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001400A8
.text C:\Windows\Explorer.EXE[1604] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\Explorer.EXE[1604] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\Explorer.EXE[1604] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00110120
.text C:\Windows\Explorer.EXE[1604] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0011006C
.text C:\Windows\Explorer.EXE[1604] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001100E4
.text C:\Windows\Explorer.EXE[1604] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00110030
.text C:\Windows\Explorer.EXE[1604] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001100A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00210120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0021006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002100E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00210030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1772] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002100A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00300120
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0030006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003000E4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00300030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1788] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003000A8
.text C:\Program Files\RocketDock\RocketDock.exe[1808] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\RocketDock\RocketDock.exe[1808] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\RocketDock\RocketDock.exe[1808] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Program Files\RocketDock\RocketDock.exe[1808] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Program Files\RocketDock\RocketDock.exe[1808] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\RocketDock\RocketDock.exe[1808] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Program Files\RocketDock\RocketDock.exe[1808] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\system32\taskhost.exe[1900] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0005006C
.text C:\Windows\system32\taskhost.exe[1900] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00050030
.text C:\Windows\system32\taskhost.exe[1900] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000E0120
.text C:\Windows\system32\taskhost.exe[1900] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000E006C
.text C:\Windows\system32\taskhost.exe[1900] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000E00E4
.text C:\Windows\system32\taskhost.exe[1900] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000E0030
.text C:\Windows\system32\taskhost.exe[1900] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000E00A8
.text C:\Windows\system32\dgdersvc.exe[2172] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Windows\system32\dgdersvc.exe[2172] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Windows\system32\dgdersvc.exe[2172] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00210120
.text C:\Windows\system32\dgdersvc.exe[2172] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0021006C
.text C:\Windows\system32\dgdersvc.exe[2172] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002100E4
.text C:\Windows\system32\dgdersvc.exe[2172] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00210030
.text C:\Windows\system32\dgdersvc.exe[2172] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002100A8
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] user32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00280120
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] user32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0028006C
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] user32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002800E4
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] user32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00280030
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2196] user32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002800A8
.text C:\Windows\system32\svchost.exe[2232] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[2232] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[2232] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 009D0120
.text C:\Windows\system32\svchost.exe[2232] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 009D006C
.text C:\Windows\system32\svchost.exe[2232] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 009D00E4
.text C:\Windows\system32\svchost.exe[2232] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 009D0030
.text C:\Windows\system32\svchost.exe[2232] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 009D00A8
.text C:\Windows\system32\FsUsbExService.Exe[2256] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0015006C
.text C:\Windows\system32\FsUsbExService.Exe[2256] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00150030
.text C:\Windows\system32\FsUsbExService.Exe[2256] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 002E0120
.text C:\Windows\system32\FsUsbExService.Exe[2256] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 002E006C
.text C:\Windows\system32\FsUsbExService.Exe[2256] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002E00E4
.text C:\Windows\system32\FsUsbExService.Exe[2256] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 002E0030
.text C:\Windows\system32\FsUsbExService.Exe[2256] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002E00A8
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0025006C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00250030
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 002F0120
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 002F006C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002F00E4
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 002F0030
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[2280] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002F00A8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00190120
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0019006C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001900E4
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00190030
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[2304] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001900A8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00090120
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0009006C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000900E4
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00090030
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[2336] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000900A8
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2372] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00100120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0010006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001000E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00100030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2424] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001000A8
.text C:\Windows\system32\svchost.exe[2440] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[2440] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\svchost.exe[2440] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00320120
.text C:\Windows\system32\svchost.exe[2440] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0032006C
.text C:\Windows\system32\svchost.exe[2440] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003200E4
.text C:\Windows\system32\svchost.exe[2440] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00320030
.text C:\Windows\system32\svchost.exe[2440] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003200A8
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] user32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00180120
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] user32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0018006C
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] user32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001800E4
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] user32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00180030
.text C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe[2568] user32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001800A8
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001B0120
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001B006C
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001B00E4
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001B0030
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2840] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001B00A8
.text C:\Windows\system32\svchost.exe[2872] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[2872] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[2920] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00180120
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0018006C
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001800E4
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00180030
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2956] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001800A8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[3012] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3052] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Windows\system32\conhost.exe[3060] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0003006C
.text C:\Windows\system32\conhost.exe[3060] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00030030
.text C:\Windows\system32\conhost.exe[3060] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 000C0120
.text C:\Windows\system32\conhost.exe[3060] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 000C006C
.text C:\Windows\system32\conhost.exe[3060] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 000C00E4
.text C:\Windows\system32\conhost.exe[3060] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 000C0030
.text C:\Windows\system32\conhost.exe[3060] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 000C00A8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00180120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0018006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001800E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00180030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3156] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001800A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] WS2_32.dll!connect 770E6BDD 5 Bytes JMP 04302850 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] WS2_32.dll!WSAConnect 770ECC3F 5 Bytes JMP 04302A50 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001E0120
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001E006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001E00E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001E0030
.text C:\Program Files\Mozilla Firefox\firefox.exe[3380] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001E00A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3480] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3548] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3556] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3564] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00390120
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0039006C
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003900E4
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00390030
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3572] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003900A8
.text C:\Windows\System32\svchost.exe[3976] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[3976] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[3976] user32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 001F0120
.text C:\Windows\System32\svchost.exe[3976] user32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 001F006C
.text C:\Windows\System32\svchost.exe[3976] user32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001F00E4
.text C:\Windows\System32\svchost.exe[3976] user32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 001F0030
.text C:\Windows\System32\svchost.exe[3976] user32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001F00A8
.text C:\Windows\System32\svchost.exe[4304] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[4304] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\explorer.exe[4308] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A006C
.text C:\Windows\explorer.exe[4308] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A0030
.text C:\Windows\explorer.exe[4308] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00250120
.text C:\Windows\explorer.exe[4308] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0025006C
.text C:\Windows\explorer.exe[4308] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002500E4
.text C:\Windows\explorer.exe[4308] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00250030
.text C:\Windows\explorer.exe[4308] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002500A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00110120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0011006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001100E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00110030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!TrackPopupMenu 756C2228 5 Bytes JMP 6A486373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001100A8
.text C:\Windows\system32\UI0Detect.exe[5280] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\system32\UI0Detect.exe[5280] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\system32\UI0Detect.exe[5280] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00100120
.text C:\Windows\system32\UI0Detect.exe[5280] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0010006C
.text C:\Windows\system32\UI0Detect.exe[5280] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 001000E4
.text C:\Windows\system32\UI0Detect.exe[5280] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00100030
.text C:\Windows\system32\UI0Detect.exe[5280] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 001000A8
.text C:\Windows\System32\svchost.exe[5444] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[5444] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00060030
.text C:\Windows\System32\svchost.exe[5444] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00340120
.text C:\Windows\System32\svchost.exe[5444] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0034006C
.text C:\Windows\System32\svchost.exe[5444] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 003400E4
.text C:\Windows\System32\svchost.exe[5444] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00340030
.text C:\Windows\System32\svchost.exe[5444] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 003400A8
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 0016006C
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 00160030
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] USER32.dll!UnhookWindowsHookEx 756AADF9 5 Bytes JMP 00200120
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] USER32.dll!UnhookWinEvent 756AB750 5 Bytes JMP 0020006C
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] USER32.dll!SetWindowsHookExW 756AE30C 5 Bytes JMP 002000E4
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] USER32.dll!SetWinEventHook 756B24DC 5 Bytes JMP 00200030
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[5756] USER32.dll!SetWindowsHookExA 756D6D0C 5 Bytes JMP 002000A8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [89A46DDC] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [89A46E30] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89A1C042] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89A1C6D6] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89A1C800] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89A1C13E] \SystemRoot\System32\Drivers\spfj.sys
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
IAT \SystemRoot\System32\Drivers\aggkn7sp.SYS[NTOSKRNL.exe!KeTickCount] 78801875

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A82437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A65600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A78514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A74CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A7506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A75144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73A76671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A7826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A7901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A7E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1604] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A74BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73A82437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73A65600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73A656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73A824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73A78514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73A74CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73A7506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73A75144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73A76671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73A7826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73A787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73A7901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73A7E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4308] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73A74BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85D391F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56D431C1-8D13-400B-881F-9764B2656BF7} 8608A1F8
Device \Driver\volmgr \Device\VolMgrControl 8507E1F8
Device \Driver\usbuhci \Device\USBPDO-0 861071F8
Device \Driver\usbuhci \Device\USBPDO-1 861071F8
Device \Driver\usbuhci \Device\USBPDO-2 861071F8
Device \Driver\usbuhci \Device\USBPDO-3 861071F8
Device \Driver\ACPI_HAL \Device\00000060 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 86106500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E732619-DB78-4014-BF24-A9F7A61D2D17} 8608A1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\sptd \Device\4083791936 spfj.sys
Device \Driver\volmgr \Device\HarddiskVolume1 8507E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8507E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85FC01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85D371F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85D371F8
Device \Driver\atapi \Device\Ide\IdePort0 85D371F8
Device \Driver\atapi \Device\Ide\IdePort1 85D371F8
Device \Driver\atapi \Device\Ide\IdePort2 85D371F8
Device \Driver\volmgr \Device\HarddiskVolume3 8507E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 85FC01F8
Device \Driver\PCI_PNP9436 \Device\00000068 spfj.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8608A1F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 861071F8
Device \Driver\usbuhci \Device\USBFDO-1 861071F8
Device \Driver\usbuhci \Device\USBFDO-2 861071F8
Device \Driver\usbuhci \Device\USBFDO-3 861071F8
Device \Driver\usbehci \Device\USBFDO-4 86106500
Device \Driver\aggkn7sp \Device\Scsi\aggkn7sp1 860BC1F8
Device \Driver\aggkn7sp \Device\Scsi\aggkn7sp1Port3Path0Target0Lun0 860BC1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x90 0xF0 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0xCC 0xFC 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0x78 0x41 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x90 0xF0 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEA 0xCC 0xFC 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0x78 0x41 0xF1 ...

---- EOF - GMER 1.0.15 ----
Danke

cosinus 14.03.2011 11:05
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

bugbugbug 14.03.2011 13:43
Hallo

hier sind die beiden OTL logs:

OTL Logfile:
Code:
OTL Extras logfile created on: 14.03.2011 12:07:09 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,72 Gb Free Space | 30,49% Space Free | Partition Type: NTFS
Drive D: | 327,18 Gb Total Space | 5,98 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
Drive E: | 64,06 Gb Total Space | 7,40 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"E:\Games\Combat Arms EU\CombatArms.exe" = E:\Games\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"E:\Games\Combat Arms EU\Engine.exe" = E:\Games\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{087EDCC7-4990-78D0-E299-424AEB163B59}" = AMD Drag and Drop Transcoding
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
"{0B82D6C6-9ECC-4710-97AB-5CE482E72852}_is1" = TableScan Turbo RC2, build 2
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2F5589-0217-43A6-91E9-B0F172D32CC9}_is1" = MF Shutdown Manager 2.0.0
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{63CEA395-22F6-A2FC-9290-B4103E0B628F}" = WMV9/VC-1 Video Playback
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C624403E-B51C-3A8E-570E-6FF2216EDFEE}" = HydraVision
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DB837331-6864-4B66-7248-4CB823DB4222}" = Catalyst Control Center InstallProxy
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"7-Zip" = 7-Zip 9.20
"AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ApachePhp 2.2.15-5.2.13-2" = ApachePhp 2.2.15-5.2.13
"AudioCS" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE
"avast" = avast! Free Antivirus
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Mobile Uploader 1.9_is1" = AVS Mobile Uploader version 1.9
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"ClassicPro" = ClassicPro© v1.13
"Combat Arms EU" = Combat Arms EU
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EASEUS Data Recovery Wizard Free Edition 5.0.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.0.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.5.1 Home Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Equalizer" = Creative-Grafik-Equalizer
"EuroPoker_is1" = EuroPoker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"HoldemManager" = Holdem Manager
"HotspotShield" = Hotspot Shield 1.52
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"KeyScrambler" = KeyScrambler
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.8.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MirandaFusion" = Miranda Fusion 3.0.11
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Mp3tag" = Mp3tag v2.48
"MyFreeCodec" = MyFreeCodec
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"phpPgAdmin 4.2.3-1" = phpPgAdmin 4.2.3
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PS3 Media Server" = PS3 Media Server
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"SFBM" = SoundFont-Bank-Manager
"SopCast" = SopCast 3.3.2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SPEAKER" = Creative Lautsprechereinstellungen
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 Beta 5 (32-Bit)
"winscp3_is1" = WinSCP 4.2.8
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 14.03.2011 12:07:09 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,72 Gb Free Space | 30,49% Space Free | Partition Type: NTFS
Drive D: | 327,18 Gb Total Space | 5,98 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
Drive E: | 64,06 Gb Total Space | 7,40 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\HVZ2k.exe (Grisoft)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe (Sophos Plc)
PRC - C:\Users\XXX\AppData\Local\Temp\drtnjq.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\avgarkt.exe (Grisoft)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) --  File not found
SRV - (NetTcpPortSharing) --  File not found
SRV - (NetTcpActivator) --  File not found
SRV - (NetPipeActivator) --  File not found
SRV - (NetMsmqActivator) --  File not found
SRV - (JWLDLLYVYY) -- C:\Users\XXX\AppData\Local\Temp\JWLDLLYVYY.exe (Sysinternals - www.sysinternals.com)
SRV - (PTSUT) -- C:\Users\XXX\AppData\Local\Temp\PTSUT.exe (Sysinternals - www.sysinternals.com)
SRV - (RLSSTUQBJ) -- C:\Users\XXX\AppData\Local\Temp\RLSSTUQBJ.exe (Sysinternals - www.sysinternals.com)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Creative Dolby Digital Live Pack Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe (Creative Labs)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (EnterpriseDBApachePHP) -- C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) --  File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\Windows\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\Windows\System32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (KeyScrambler) -- C:\Windows\System32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (AVG Anti-Rootkit) -- C:\Windows\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (AvgArCln) -- C:\Windows\System32\drivers\AvgArCln.sys (GRISOFT, s.r.o.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 5C 65 03 3B D1 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "TableRatings"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {af5514fc-7603-4cec-9894-f07f3d8672a5}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805
FF - prefs.js..network.proxy.autoconfig_url: "file:///E:/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4a9ea39e.pac"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.13 00:32:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.13 00:32:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.01.20 22:14:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.26 19:45:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.09 19:37:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.09 19:37:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.11 23:39:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.11 15:25:43 | 000,000,000 | ---D | M]
 
[2010.09.04 15:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2009.12.22 20:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.23 01:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.04 15:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions
[2010.09.04 15:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2010.09.04 15:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.09.04 15:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.09.04 15:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010.09.04 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.09.04 15:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.09.04 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.09.04 15:40:49 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\nasanightlaunch@example.com
[2011.03.14 00:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions
[2010.12.15 01:39:42 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011.03.10 01:22:12 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.02.04 15:03:59 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.09.04 16:18:44 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.12.07 13:17:15 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011.03.12 12:28:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.31 00:51:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.12 12:28:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.04 15:03:59 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\autopager@mozilla.org
[2010.11.18 19:03:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.09.04 16:11:07 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.09.04 17:02:07 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\info@youtube-mp3.org
[2011.01.26 20:30:23 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\keyscrambler@qfx.software.corporation
[2010.10.10 13:17:18 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\nasanightlaunch@example.com
[2010.10.19 20:02:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\vshare@toolbar
[2011.03.14 00:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.27 22:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 22:56:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.26 19:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.12 12:32:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011.03.09 19:37:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.09 19:37:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.09 19:37:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.09 19:37:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.09 19:37:40 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.20 22:10:11 | 000,344,217 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 11798 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -  File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.14 11:48:18 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\System32\drivers\AvgArCln.sys
[2011.03.14 11:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2011.03.14 11:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\AVG Anti-Rootkit Free
[2011.03.14 11:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Sophos
[2011.03.14 11:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011.03.12 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.03.11 10:58:04 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.03.10 15:26:15 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mp3tag
[2011.03.10 15:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2011.03.09 19:46:04 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.09 19:46:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.09 19:45:46 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 19:45:46 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.09 19:45:46 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 19:45:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 19:34:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.24 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011.02.24 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Canneverbe Limited
[2011.02.24 13:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.02.24 13:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011.02.22 20:48:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.02.22 20:47:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.02.22 20:45:14 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011.02.22 20:45:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011.02.22 20:45:12 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.22 20:45:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.22 20:45:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.22 20:45:10 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.02.22 20:45:09 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.02.22 20:45:09 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.02.22 20:45:08 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.02.22 20:45:07 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.22 20:45:07 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011.02.22 20:45:06 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.22 20:45:06 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.02.22 20:45:06 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.02.22 20:45:06 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011.02.22 20:45:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.02.22 20:45:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.02.22 20:45:04 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.22 20:45:04 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.02.22 20:45:04 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.02.22 20:45:03 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011.02.22 20:45:03 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011.02.22 20:45:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.02.22 20:44:59 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.22 20:44:59 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011.02.22 20:44:59 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.22 20:44:58 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011.02.22 20:44:58 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011.02.22 20:44:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011.02.22 20:44:57 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.22 20:44:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011.02.22 20:44:57 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011.02.22 20:44:56 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011.02.22 20:44:56 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011.02.22 20:44:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.22 20:44:56 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.22 20:44:55 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011.02.22 20:44:55 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.22 20:44:55 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011.02.22 20:44:55 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011.02.22 20:44:55 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.22 20:44:55 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011.02.22 20:44:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011.02.22 20:44:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011.02.22 20:44:54 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011.02.22 20:44:54 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.22 20:44:53 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011.02.22 20:44:53 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.02.22 20:44:52 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011.02.22 20:44:51 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.02.22 20:44:51 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.02.22 20:44:50 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011.02.22 20:44:50 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011.02.22 20:44:50 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011.02.22 20:44:50 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011.02.22 20:44:50 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.22 20:44:49 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011.02.22 20:44:49 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011.02.22 20:44:49 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011.02.22 20:44:49 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.02.22 20:44:49 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.22 20:44:48 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.02.22 20:44:47 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011.02.22 20:44:47 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011.02.22 20:44:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.22 20:44:46 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.22 20:44:46 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.02.22 20:44:46 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011.02.22 20:44:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.02.22 20:44:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011.02.22 20:44:45 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011.02.22 20:44:44 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011.02.22 20:44:44 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.02.22 20:44:44 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011.02.22 20:44:44 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.02.22 20:44:44 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011.02.22 20:44:43 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.02.22 20:44:43 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011.02.22 20:44:43 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011.02.22 20:44:43 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011.02.22 20:44:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011.02.22 20:44:43 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011.02.22 20:44:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011.02.22 20:44:42 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.22 20:44:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.22 20:44:42 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.02.22 20:44:42 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011.02.22 20:44:41 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011.02.22 20:44:41 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.02.22 20:44:41 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011.02.22 20:44:41 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011.02.22 20:44:41 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011.02.22 20:44:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.22 20:44:40 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011.02.22 20:44:40 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011.02.22 20:44:39 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.02.22 20:44:39 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011.02.22 20:44:39 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011.02.22 20:44:39 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011.02.22 20:44:39 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.22 20:44:38 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011.02.22 20:44:38 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011.02.22 20:44:38 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011.02.22 20:44:37 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011.02.22 20:44:37 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.02.22 20:44:37 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.02.22 20:44:37 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011.02.22 20:44:37 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011.02.22 20:44:37 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011.02.22 20:44:37 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011.02.22 20:44:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011.02.22 20:44:36 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.02.22 20:44:36 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.02.22 20:44:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011.02.22 20:44:36 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011.02.22 20:44:36 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.22 20:44:35 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011.02.22 20:44:35 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011.02.22 20:44:35 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011.02.22 20:44:35 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011.02.22 20:44:35 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011.02.22 20:44:35 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011.02.22 20:44:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.22 20:44:35 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.22 20:44:34 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011.02.22 20:44:34 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011.02.22 20:44:34 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.02.22 20:44:34 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011.02.22 20:44:34 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011.02.22 20:44:34 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011.02.22 20:44:34 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011.02.22 20:44:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.22 20:44:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011.02.22 20:44:33 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011.02.22 20:44:33 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011.02.22 20:44:33 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011.02.22 20:44:33 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011.02.22 20:44:33 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011.02.22 20:44:33 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011.02.22 20:44:32 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011.02.22 20:44:32 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.02.22 20:44:32 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.22 20:44:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011.02.22 20:44:32 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011.02.22 20:44:31 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011.02.22 20:44:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011.02.22 20:44:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.02.22 20:44:30 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011.02.22 20:44:30 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011.02.22 20:44:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011.02.22 20:44:29 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011.02.22 20:44:29 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.02.22 20:44:29 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011.02.22 20:44:29 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011.02.22 20:44:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011.02.22 20:44:28 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011.02.22 20:44:28 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011.02.22 20:44:28 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011.02.22 20:44:28 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011.02.22 20:44:28 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011.02.22 20:44:28 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011.02.22 20:44:28 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011.02.22 20:44:28 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011.02.22 20:44:28 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.02.22 20:44:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011.02.22 20:44:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011.02.22 20:44:28 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011.02.22 20:44:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.02.22 20:44:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011.02.22 20:44:27 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.22 20:44:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011.02.22 20:44:27 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011.02.22 20:44:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011.02.22 20:44:27 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.02.22 20:44:27 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011.02.22 20:44:27 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011.02.22 20:44:27 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.02.22 20:44:27 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011.02.22 20:44:27 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.02.22 20:44:27 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.02.22 20:44:27 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2011.02.22 20:44:26 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011.02.22 20:44:26 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.02.22 20:44:26 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011.02.22 20:44:26 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011.02.22 20:44:25 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011.02.22 20:44:25 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011.02.22 20:44:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011.02.22 20:44:25 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011.02.22 20:44:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.02.22 20:44:24 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.02.22 20:44:23 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011.02.22 20:44:23 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.02.22 20:44:23 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.02.22 20:44:23 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011.02.22 20:44:23 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011.02.22 20:44:23 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011.02.22 20:44:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011.02.22 20:44:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.22 20:44:22 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011.02.22 20:44:22 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011.02.22 20:44:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.02.22 20:44:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011.02.22 20:44:22 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011.02.22 20:44:21 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011.02.22 20:44:21 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011.02.22 20:44:21 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011.02.22 20:44:21 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011.02.22 20:44:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.02.22 20:44:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.22 20:44:20 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011.02.22 20:44:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011.02.22 20:44:20 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011.02.22 20:44:20 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011.02.22 20:44:20 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011.02.22 20:44:20 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011.02.22 20:44:19 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011.02.22 20:44:19 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011.02.22 20:44:19 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011.02.22 20:44:19 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011.02.22 20:44:19 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011.02.22 20:44:19 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011.02.22 20:44:19 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011.02.22 20:44:19 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011.02.22 20:44:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011.02.22 20:44:19 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011.02.22 20:44:19 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011.02.22 20:44:18 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011.02.22 20:44:18 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011.02.22 20:44:18 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011.02.22 20:44:18 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011.02.22 20:44:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011.02.22 20:44:17 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011.02.22 20:44:17 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011.02.22 20:44:17 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011.02.22 20:44:17 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011.02.22 20:44:17 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011.02.22 20:44:17 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011.02.22 20:44:17 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011.02.22 20:44:17 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011.02.22 20:44:17 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.02.22 20:44:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011.02.22 20:44:17 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.02.22 20:44:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011.02.22 20:44:16 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011.02.22 20:44:16 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011.02.22 20:44:16 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
[2011.02.22 20:44:16 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011.02.22 20:44:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011.02.22 20:44:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011.02.22 20:44:16 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011.02.22 20:44:16 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011.02.22 20:44:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011.02.22 20:44:15 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011.02.22 20:44:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011.02.22 20:44:14 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011.02.22 20:44:14 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011.02.22 20:44:14 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011.02.22 20:44:14 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011.02.22 20:44:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.02.22 20:44:14 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011.02.22 20:44:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011.02.22 20:44:13 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011.02.22 20:44:13 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011.02.22 20:44:13 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011.02.22 20:44:13 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011.02.22 20:44:13 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011.02.22 20:44:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.02.22 20:44:13 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011.02.22 20:44:13 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011.02.22 20:44:13 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011.02.22 20:44:13 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011.02.22 20:44:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011.02.22 20:44:12 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011.02.22 20:44:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011.02.22 20:44:12 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011.02.22 20:44:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011.02.22 20:44:12 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011.02.22 20:44:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011.02.22 20:44:11 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011.02.22 20:44:11 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.02.22 20:44:11 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011.02.22 20:44:11 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011.02.22 20:44:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011.02.22 20:44:11 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011.02.22 20:44:11 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011.02.22 20:44:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.22 20:44:11 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011.02.22 20:44:11 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011.02.22 20:44:11 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011.02.22 20:44:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011.02.22 20:44:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011.02.22 20:44:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011.02.22 20:44:10 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011.02.22 20:44:10 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011.02.22 20:44:10 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011.02.22 20:44:10 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011.02.22 20:44:10 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011.02.22 20:44:10 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011.02.22 20:44:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011.02.22 20:44:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.22 20:44:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011.02.22 20:44:09 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011.02.22 20:44:09 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.22 20:44:09 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011.02.22 20:44:09 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011.02.22 20:44:09 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011.02.22 20:44:09 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011.02.22 20:44:09 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011.02.22 20:44:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011.02.22 20:44:09 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011.02.22 20:44:09 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011.02.22 20:44:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011.02.22 20:44:09 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011.02.22 20:44:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011.02.22 20:44:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.22 20:44:08 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011.02.22 20:44:08 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011.02.22 20:44:08 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011.02.22 20:44:08 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011.02.22 20:44:08 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011.02.22 20:44:08 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011.02.22 20:44:08 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011.02.22 20:44:08 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011.02.22 20:44:08 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011.02.22 20:44:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011.02.22 20:44:08 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.02.22 20:44:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011.02.22 20:44:07 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011.02.22 20:44:07 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011.02.22 20:44:07 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011.02.22 20:44:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011.02.22 20:44:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.22 20:44:07 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.02.22 20:44:06 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011.02.22 20:44:06 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011.02.22 20:44:06 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011.02.22 20:44:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011.02.22 20:44:06 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011.02.22 20:44:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.02.22 20:44:05 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011.02.22 20:44:05 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011.02.22 20:44:05 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011.02.22 20:44:05 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011.02.22 20:44:05 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011.02.22 20:44:05 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011.02.22 20:44:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011.02.22 20:44:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011.02.22 20:44:04 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011.02.22 20:44:04 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.22 20:44:04 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011.02.22 20:44:04 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011.02.22 20:44:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011.02.22 20:44:04 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011.02.22 20:44:04 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.22 20:44:04 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011.02.22 20:44:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.22 20:44:03 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011.02.22 20:44:03 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011.02.22 20:44:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011.02.22 20:44:03 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011.02.22 20:44:03 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011.02.22 20:44:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011.02.22 20:44:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.02.22 20:44:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011.02.22 20:44:03 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.22 20:44:03 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.22 20:44:02 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011.02.22 20:44:02 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011.02.22 20:44:02 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011.02.22 20:44:02 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.02.22 20:44:02 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011.02.22 20:44:02 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011.02.22 20:44:02 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011.02.22 20:44:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011.02.22 20:44:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011.02.22 20:44:02 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011.02.22 20:44:02 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011.02.22 20:44:01 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011.02.22 20:44:01 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011.02.22 20:44:01 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011.02.22 20:44:01 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011.02.22 20:44:01 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011.02.22 20:44:01 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011.02.22 20:44:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011.02.22 20:44:01 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011.02.22 20:44:01 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011.02.22 20:44:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011.02.22 20:44:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.22 20:44:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011.02.22 20:44:00 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011.02.22 20:43:59 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.02.22 20:43:59 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.02.22 20:43:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.22 20:43:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011.02.22 20:43:58 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011.02.22 20:43:58 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.22 20:43:58 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011.02.22 20:43:58 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011.02.22 20:43:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011.02.22 20:43:58 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011.02.22 20:43:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011.02.22 20:43:57 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.22 20:43:57 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011.02.22 20:43:57 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011.02.22 20:43:57 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011.02.22 20:43:57 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011.02.22 20:43:57 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011.02.22 20:43:57 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.02.22 20:43:57 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011.02.22 20:43:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011.02.22 20:43:57 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011.02.22 20:43:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011.02.22 20:43:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011.02.22 20:43:56 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011.02.22 20:43:56 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.02.22 20:43:56 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011.02.22 20:43:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011.02.22 20:43:56 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011.02.22 20:43:56 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011.02.22 20:43:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011.02.22 20:43:56 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011.02.22 20:43:56 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011.02.22 20:43:56 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011.02.22 20:43:56 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011.02.22 20:43:56 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011.02.22 20:43:56 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011.02.22 20:43:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011.02.22 20:43:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011.02.22 20:43:56 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011.02.22 20:43:56 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011.02.22 20:43:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011.02.22 20:43:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011.02.22 20:43:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011.02.22 20:43:55 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011.02.22 20:43:55 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011.02.22 20:43:55 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011.02.22 20:43:55 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.02.22 20:43:55 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011.02.22 20:43:55 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011.02.22 20:43:55 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011.02.22 20:43:55 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011.02.22 20:43:55 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011.02.22 20:43:55 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011.02.22 20:43:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011.02.22 20:43:55 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.22 20:43:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011.02.22 20:43:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011.02.22 20:43:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.02.22 20:43:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011.02.22 20:43:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011.02.22 20:43:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011.02.22 20:43:54 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011.02.22 20:43:54 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011.02.22 20:43:54 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011.02.22 20:43:54 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011.02.22 20:43:54 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011.02.22 20:43:54 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011.02.22 20:43:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011.02.22 20:43:54 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011.02.22 20:43:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.02.22 20:43:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011.02.22 20:43:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011.02.22 20:43:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011.02.22 20:43:53 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.02.22 20:43:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011.02.22 20:43:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011.02.22 20:43:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011.02.22 20:43:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011.02.22 20:43:53 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011.02.22 20:43:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011.02.22 20:43:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011.02.22 20:43:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011.02.22 20:43:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011.02.22 20:43:52 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011.02.22 20:43:52 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011.02.22 20:43:52 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011.02.22 20:43:52 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.02.22 20:43:52 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011.02.22 20:43:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011.02.22 20:43:52 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011.02.22 20:43:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011.02.22 20:43:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011.02.22 20:43:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011.02.22 20:43:52 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011.02.22 20:43:51 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011.02.22 20:43:51 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011.02.22 20:43:51 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011.02.22 20:43:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011.02.22 20:43:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.02.22 20:43:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.02.22 20:43:51 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011.02.22 20:43:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011.02.22 20:43:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011.02.22 20:43:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011.02.22 20:43:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011.02.22 20:43:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011.02.22 20:43:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011.02.22 20:43:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011.02.22 20:43:51 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011.02.22 20:43:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011.02.22 20:43:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011.02.22 20:43:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011.02.22 20:43:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011.02.22 20:43:50 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.02.22 20:43:50 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.02.22 20:43:50 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011.02.22 20:43:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011.02.22 20:43:50 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011.02.22 20:43:50 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011.02.22 20:43:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.02.22 20:43:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011.02.22 20:43:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011.02.22 20:43:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.02.22 20:43:50 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011.02.22 20:43:50 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011.02.22 20:43:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011.02.22 20:43:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011.02.22 20:43:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011.02.22 20:43:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011.02.22 20:43:50 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011.02.22 20:43:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011.02.22 20:43:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011.02.22 20:43:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011.02.22 20:43:49 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011.02.22 20:43:49 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.22 20:43:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011.02.22 20:43:49 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.02.22 20:43:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011.02.22 20:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011.02.22 20:43:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011.02.22 20:43:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011.02.22 20:43:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.02.22 20:43:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011.02.22 20:43:49 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011.02.22 20:43:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011.02.22 20:43:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011.02.22 20:43:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011.02.22 20:43:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011.02.22 20:43:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011.02.22 20:43:48 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011.02.22 20:43:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011.02.22 20:43:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011.02.22 20:43:48 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011.02.22 20:43:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011.02.22 20:43:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011.02.22 20:43:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011.02.22 20:43:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011.02.22 20:43:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011.02.22 20:43:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011.02.22 20:43:48 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011.02.22 20:43:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.02.22 20:43:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011.02.22 20:43:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011.02.22 20:43:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011.02.22 20:43:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011.02.22 20:43:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.02.22 20:43:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011.02.22 20:43:46 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011.02.22 20:43:46 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011.02.22 20:43:46 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011.02.22 20:43:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011.02.22 20:43:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011.02.22 20:43:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.22 20:43:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011.02.22 20:43:44 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011.02.22 20:43:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011.02.22 20:43:44 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011.02.22 20:43:43 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011.02.22 20:43:43 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.02.22 20:43:43 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011.02.22 20:43:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011.02.22 20:43:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011.02.22 20:43:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011.02.22 20:43:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011.02.22 20:43:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011.02.22 20:43:41 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.22 20:43:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011.02.22 20:43:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011.02.22 20:43:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011.02.22 20:43:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011.02.22 20:43:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011.02.22 20:43:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011.02.22 20:43:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011.02.22 20:43:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011.02.22 20:43:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.02.22 20:43:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011.02.22 20:43:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011.02.22 20:43:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011.02.22 20:43:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.02.22 20:43:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.02.22 20:43:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.22 20:43:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011.02.22 20:43:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011.02.22 20:43:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011.02.22 20:43:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011.02.22 20:43:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011.02.22 20:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011.02.22 20:43:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011.02.22 20:43:36 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011.02.22 20:43:36 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011.02.22 20:43:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011.02.22 20:43:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011.02.22 20:43:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011.02.22 20:43:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011.02.22 20:43:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011.02.22 20:43:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011.02.22 20:43:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011.02.22 20:43:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011.02.22 20:43:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011.02.22 20:43:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011.02.22 20:43:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.22 20:43:09 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011.02.22 20:43:09 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.22 20:43:02 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011.02.22 20:42:58 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011.02.22 20:42:58 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011.02.22 20:42:41 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011.02.22 20:42:41 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011.02.22 20:30:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.22 20:30:58 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.22 20:30:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.09.04 16:54:02 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010.09.04 16:54:02 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.14 12:12:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498521526-3322181197-3109250805-1000UA.job
[2011.03.14 12:03:57 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 12:03:57 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.14 11:57:49 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.14 11:57:49 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.14 11:57:49 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.14 11:57:49 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.14 11:56:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.14 11:51:48 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.14 11:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.14 11:50:36 | 000,031,632 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-00531102}.rfx
[2011.03.14 11:50:36 | 000,031,632 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-00531102}.rfx
[2011.03.14 11:50:36 | 000,028,848 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-00531102}.rfx
[2011.03.14 11:50:36 | 000,028,848 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-00531102}.rfx
[2011.03.14 11:50:36 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-00531102}.rfx
[2011.03.14 11:48:19 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.03.14 02:57:42 | 000,016,158 | ---- | M] () -- C:\Users\XXX\Desktop\OpenDocument Text (neu).odt
[2011.03.13 19:12:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498521526-3322181197-3109250805-1000Core.job
[2011.03.11 10:58:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.03.09 19:35:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.22 21:18:34 | 000,294,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.22 20:52:43 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011.02.21 21:32:39 | 000,006,270 | ---- | M] () -- D:\Keepass.kdbx
[2011.02.19 07:30:51 | 001,076,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.19 07:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.14 11:48:19 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.03.14 02:17:14 | 000,016,158 | ---- | C] () -- C:\Users\XXX\Desktop\OpenDocument Text (neu).odt
[2011.03.09 19:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.02.25 23:38:05 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.02.24 13:48:10 | 000,001,809 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.02.22 20:45:02 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.02.22 20:43:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.22 20:43:46 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.02.22 20:43:35 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011.01.29 19:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\MC-Version.INI
[2011.01.29 19:30:40 | 000,000,032 | ---- | C] () -- C:\Windows\MineCraft.INI
[2011.01.20 22:02:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.01.13 01:50:23 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.15 20:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.12 14:28:57 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.10.27 23:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.04 16:58:07 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.09.04 16:58:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.09.04 16:54:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2010.09.04 16:54:02 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2010.09.04 16:54:02 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2010.09.04 16:54:02 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010.09.04 16:54:02 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010.09.04 16:54:00 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010.09.04 16:54:00 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2010.09.04 16:54:00 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2010.09.04 16:54:00 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2010.09.04 16:54:00 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2010.09.04 16:54:00 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010.09.04 16:54:00 | 000,050,466 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010.09.04 16:54:00 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2010.09.04 16:54:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010.08.13 18:01:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.08.13 18:01:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.07.28 21:41:26 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010.07.26 20:47:50 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2010.07.26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.07.26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.07.26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.07.26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.04.19 18:31:57 | 001,711,232 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010.04.19 18:31:57 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010.04.19 18:31:57 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.04.19 18:31:57 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.04.19 18:31:57 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.04.19 18:25:44 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.03.25 18:13:55 | 000,019,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2010.01.05 03:22:47 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009.12.20 17:18:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.17 17:50:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.17 17:20:14 | 000,005,104 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009.10.17 16:09:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.17 15:44:17 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.10.17 15:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.17 14:54:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 09:47:43 | 000,696,132 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,147,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,294,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.12 07:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2003.05.09 23:36:30 | 000,151,744 | ---- | C] () -- C:\Windows\System32\ir32.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >
--- --- ---


malewarebyts dauert noch ;)

bugbugbug 14.03.2011 14:22
http://www.bilder-space.de/show_img.php?img=85bf37-1300108790.jpg&size=original

hier habe ich noch das ergebnis. ist da etwas dabei, was auf ein rootkit zurückzuführen ist?

cosinus 14.03.2011 14:23
Was ist mit malwarebytes?

bugbugbug 14.03.2011 15:47
hat auch im vollscan nichts gefunden.

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6048

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.03.2011 14:37:11
mbam-log-2011-03-14 (14-37-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 510084
Laufzeit: 2 Stunde(n), 27 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

ich werde dann bei den anderen rechnern ebenfalls die o.g. schritte machen und hier posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131