Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   http://www.google-analytics.com/ga.jsI>(gzip) = Malware ? (https://www.trojaner-board.de/96555-http-www-google-analytics-com-ga-jsi-gzip-malware.html)

W7Helmi 16.03.2011 11:16
http://www.google-analytics.com/ga.jsI>(gzip) = Malware ?
 
Hallo ich hoffe mir kann jemand helfen.
Ich verwende W7 Prof. und darauf Free-Virenschutz Avast wobei ich damit seit Jahren zufrieden war.
Seit 1 Wo habe ich mir irgendwo eine ?? Malware Virus eingefangen die ich dann mit "Malwarebytes' Anti-Malware" reinigen konnte. Jetzt bekomme ich immer wieder (bei fast jedem Aufruf einer Google-Suche oder auch einer Firefox-Suche folgende meldung:

Malware blockiert
Objekt: hxxp://www.google-analytics.com/ga.jsI>(gzip)

Ich habe im Internet gefunden das es sich hierbei um eine Falschmeldung handeln könnte. Deshalb meine Frage. Kann dies möglich sein oder habe ich einen Virus etc. der nicht gefunden wird.
Seit kurzem sind mit diesem Fehler auch meine anderen 4 Computer (die vernetzt sind) davon befallen worauf aber auch der selbe Virenschutz verwendet wird.
Vielen Dank für Eure Antwort

cosinus 16.03.2011 12:15
Zitat:
Seit 1 Wo habe ich mir irgendwo eine ?? Malware Virus eingefangen die ich dann mit "Malwarebytes' Anti-Malware" reinigen konnte.
Solche Angaben bringen nichts, poste bitte alles Logs von malwarebytes.

W7Helmi 16.03.2011 12:35
Liste der Anhänge anzeigen (Anzahl: 5)
Hallo! Ich habe hier alle Reportdateien und Meldungen erstellt.
Vielen Dank für die Hilfe!

cosinus 16.03.2011 13:30
Was soll man mit solchen kleinen Bildern anfangen? :balla:

W7Helmi 16.03.2011 13:42
Liste der Anhänge anzeigen (Anzahl: 5)
Sorry hier hoffentlich grösser!

cosinus 16.03.2011 14:06
Aktualisier malwarebytes bitte übder den Update-Button und mach einen neuen Vollscan.

W7Helmi 16.03.2011 14:46
Hallo Cosinus!
Ich werd verrückt, jetzt sind schon wieder 3 von diesen Viechern drauf.
Hier der Report:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6075

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

16.03.2011 20:33:57
mbam-log-2011-03-16 (20-33-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 226775
Laufzeit: 23 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Habe sie alle wieder gelöscht!
Wie kann es sein das die alle Tage neu drauf kommen?
Ist das Avast Antivirus nicht gut?

Noch eine Frage: Ich kann mich unterm IE-Explorer nicht auf diese Website einloggen. Dabei gebe ich meinen Anmeldename und PW ein und komme wieder auf diese Seite zurück ohne eingelogt zu sein. Unter Mozilla funktionierts. Dieses Problem habe ich auch bei anderen Forumsanmeldungen. Weißt du viellleicht darüber Bescheid??
VIELEN DANK

cosinus 16.03.2011 14:53
Zitat:
Ist das Avast Antivirus nicht gut?
Doch ist ok. Aber kein Virenscanner kennt alle Schädlinge.
Mach bitte neue Logs mit OTL.exe und poste sie.

W7Helmi 16.03.2011 15:20
Hallo Arne!
Hier die Log von OTL (Hoffentlich richtig?)OTL Logfile:
Code:
OTL logfile created on: 16.03.2011 21:08:44 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = E:\WINDOWS7\Download
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,95 Gb Free Space | 64,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,78 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive E: | 194,94 Gb Total Space | 118,91 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
Drive H: | 54,32 Gb Total Space | 37,32 Gb Free Space | 68,70% Space Free | Partition Type: NTFS
Drive T: | 194,94 Gb Total Space | 103,10 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
Drive U: | 44,55 Gb Total Space | 28,82 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
 
Computer Name: ACER | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\WINDOWS7\Download\OTL.exe (OldTimer Tools)
PRC - E:\WINDOWS7\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - E:\WINDOWS7\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - E:\WINDOWS7\Programme\Real\Update\realsched.exe (RealNetworks, Inc.)
PRC - E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
PRC - E:\WINDOWS7\Programme\wincmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
PRC - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe (A4Tech Co.,Ltd.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe (Idea2)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
PRC - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - E:\WINDOWS7\Download\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll (Microsoft Corporation)
MOD - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\MouseDll.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (RalinkRegistryWriter) -- E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()
SRV - (NBService) -- E:\WINDOWS7\Programme\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (FirebirdServerMAGIXInstance) -- E:\WINDOWS7\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys ()
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 59 E4 8A AF C5 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www2.superchat.at/index"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.14 10:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\WINDOWS7\Programme\Mozilla Firefox\components [2011.03.07 13:20:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\WINDOWS7\Programme\Mozilla Firefox\plugins [2011.03.07 13:20:23 | 000,000,000 | ---D | M]
 
[2010.03.19 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions
[2010.10.30 15:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\4gnrnlsn.default\extensions
[2010.11.14 10:54:42 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
 
O1 HOSTS File: ([2009.06.11 04:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [iKeyWorks] e:\WINDOWS7\Programme\Tastatur\Ikeymain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [LanguageShortcut] E:\WINDOWS7\Programme\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RemoteControl] E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] E:\WINDOWS7\Programme\Real\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DMS-Kalenderchen] E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
O4 - HKCU..\Run: [IncrediMail] E:\WINDOWS7\Programme\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [SIDEBAR] E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse.lnk = E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\WINDOWS7\Programme\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\WINDOWS7\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - E:\WINDOWS7\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 174.127.86.224 208.67.222.222
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.02 15:41:32 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.12 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2
[2011.03.12 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2
[2011.03.12 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22
[2011.03.12 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2
[2011.03.11 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes
[2011.03.11 18:35:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.11 18:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.11 18:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.11 18:35:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.09 15:46:52 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.09 15:46:52 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.09 15:46:47 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 15:46:47 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.09 15:46:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 15:46:47 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 09:55:44 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.03.08 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32
[2011.03.08 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2
[2011.03.08 16:17:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Apps
[2011.03.08 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2
[2011.03.08 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2
[2011.03.08 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2
[2011.02.23 09:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.02.23 09:29:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.02.23 09:27:41 | 003,330,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe
[2011.02.23 09:27:41 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe
[2011.02.23 09:27:41 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe
[2011.02.23 09:27:40 | 002,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe
[2011.02.23 09:27:40 | 001,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe
[2011.02.23 09:27:40 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll
[2011.02.23 09:27:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011.02.23 09:27:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011.02.23 09:27:35 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.23 09:27:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.23 09:27:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.23 09:27:33 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.02.23 09:27:33 | 000,296,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys
[2011.02.23 09:27:32 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.02.23 09:27:32 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.02.23 09:27:31 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.02.23 09:27:30 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.23 09:27:30 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.23 09:27:30 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011.02.23 09:27:29 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.02.23 09:27:29 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.02.23 09:27:29 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011.02.23 09:27:28 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.23 09:27:28 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.02.23 09:27:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.02.23 09:27:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.02.23 09:27:27 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.02.23 09:27:27 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011.02.23 09:27:26 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011.02.23 09:27:25 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.02.23 09:27:25 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys
[2011.02.23 09:27:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys
[2011.02.23 09:27:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys
[2011.02.23 09:27:24 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.23 09:27:24 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011.02.23 09:27:23 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.23 09:27:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011.02.23 09:27:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011.02.23 09:27:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011.02.23 09:27:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.23 09:27:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011.02.23 09:27:22 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011.02.23 09:27:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011.02.23 09:27:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011.02.23 09:27:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.23 09:27:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011.02.23 09:27:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.23 09:27:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.23 09:27:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011.02.23 09:27:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011.02.23 09:27:20 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011.02.23 09:27:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011.02.23 09:27:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011.02.23 09:27:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011.02.23 09:27:19 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.23 09:27:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011.02.23 09:27:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.02.23 09:27:19 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.23 09:27:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.02.23 09:27:18 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011.02.23 09:27:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011.02.23 09:27:17 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011.02.23 09:27:17 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011.02.23 09:27:17 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.02.23 09:27:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011.02.23 09:27:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.23 09:27:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.23 09:27:16 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011.02.23 09:27:16 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011.02.23 09:27:16 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011.02.23 09:27:16 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.02.23 09:27:16 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.02.23 09:27:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011.02.23 09:27:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.23 09:27:15 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011.02.23 09:27:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.02.23 09:27:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011.02.23 09:27:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.23 09:27:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.02.23 09:27:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011.02.23 09:27:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011.02.23 09:27:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011.02.23 09:27:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.02.23 09:27:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011.02.23 09:27:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011.02.23 09:27:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011.02.23 09:27:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.02.23 09:27:13 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011.02.23 09:27:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.02.23 09:27:13 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011.02.23 09:27:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011.02.23 09:27:13 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011.02.23 09:27:12 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011.02.23 09:27:12 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.02.23 09:27:11 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011.02.23 09:27:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.02.23 09:27:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011.02.23 09:27:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011.02.23 09:27:11 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.23 09:27:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011.02.23 09:27:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011.02.23 09:27:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.23 09:27:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.23 09:27:11 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011.02.23 09:27:10 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.02.23 09:27:10 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011.02.23 09:27:10 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011.02.23 09:27:10 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011.02.23 09:27:09 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011.02.23 09:27:09 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.23 09:27:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011.02.23 09:27:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011.02.23 09:27:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011.02.23 09:27:08 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011.02.23 09:27:08 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.02.23 09:27:08 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.02.23 09:27:08 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011.02.23 09:27:08 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011.02.23 09:27:08 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011.02.23 09:27:08 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011.02.23 09:27:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.02.23 09:27:07 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.02.23 09:27:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011.02.23 09:27:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011.02.23 09:27:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011.02.23 09:27:07 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011.02.23 09:27:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011.02.23 09:27:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011.02.23 09:27:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.23 09:27:06 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011.02.23 09:27:06 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011.02.23 09:27:06 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011.02.23 09:27:06 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011.02.23 09:27:06 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011.02.23 09:27:06 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011.02.23 09:27:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.23 09:27:06 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.23 09:27:05 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011.02.23 09:27:05 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011.02.23 09:27:05 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011.02.23 09:27:05 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.02.23 09:27:05 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011.02.23 09:27:05 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011.02.23 09:27:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011.02.23 09:27:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.23 09:27:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011.02.23 09:27:04 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011.02.23 09:27:04 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011.02.23 09:27:04 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011.02.23 09:27:04 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011.02.23 09:27:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.02.23 09:27:04 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.23 09:27:04 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011.02.23 09:27:04 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011.02.23 09:27:03 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011.02.23 09:27:03 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011.02.23 09:27:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.02.23 09:27:03 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011.02.23 09:27:03 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011.02.23 09:27:03 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011.02.23 09:27:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011.02.23 09:27:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.02.23 09:27:02 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011.02.23 09:27:02 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011.02.23 09:27:02 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011.02.23 09:27:02 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011.02.23 09:27:02 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011.02.23 09:27:02 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011.02.23 09:27:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011.02.23 09:27:02 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.02.23 09:27:02 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011.02.23 09:27:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011.02.23 09:27:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011.02.23 09:27:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011.02.23 09:27:01 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.23 09:27:01 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011.02.23 09:27:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011.02.23 09:27:01 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011.02.23 09:27:01 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011.02.23 09:27:01 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011.02.23 09:27:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.02.23 09:27:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011.02.23 09:27:01 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011.02.23 09:27:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011.02.23 09:27:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.02.23 09:27:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011.02.23 09:27:01 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.02.23 09:27:01 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.02.23 09:27:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011.02.23 09:27:01 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.02.23 09:27:00 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011.02.23 09:27:00 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011.02.23 09:27:00 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011.02.23 09:27:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.02.23 09:27:00 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011.02.23 09:27:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011.02.23 09:26:59 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011.02.23 09:26:59 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011.02.23 09:26:59 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.02.23 09:26:59 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.02.23 09:26:59 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011.02.23 09:26:59 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.02.23 09:26:59 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011.02.23 09:26:59 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011.02.23 09:26:59 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011.02.23 09:26:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011.02.23 09:26:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.23 09:26:58 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011.02.23 09:26:58 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011.02.23 09:26:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011.02.23 09:26:58 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011.02.23 09:26:58 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011.02.23 09:26:57 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011.02.23 09:26:57 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.02.23 09:26:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011.02.23 09:26:57 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011.02.23 09:26:57 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011.02.23 09:26:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011.02.23 09:26:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.02.23 09:26:57 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011.02.23 09:26:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.23 09:26:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011.02.23 09:26:57 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011.02.23 09:26:57 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011.02.23 09:26:56 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011.02.23 09:26:56 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011.02.23 09:26:56 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011.02.23 09:26:56 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011.02.23 09:26:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011.02.23 09:26:56 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011.02.23 09:26:56 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011.02.23 09:26:56 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011.02.23 09:26:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011.02.23 09:26:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011.02.23 09:26:56 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011.02.23 09:26:56 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011.02.23 09:26:55 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011.02.23 09:26:55 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011.02.23 09:26:55 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011.02.23 09:26:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011.02.23 09:26:55 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011.02.23 09:26:55 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011.02.23 09:26:55 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011.02.23 09:26:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.02.23 09:26:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011.02.23 09:26:55 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.02.23 09:26:54 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011.02.23 09:26:54 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011.02.23 09:26:54 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
[2011.02.23 09:26:54 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011.02.23 09:26:54 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011.02.23 09:26:54 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011.02.23 09:26:54 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011.02.23 09:26:54 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011.02.23 09:26:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011.02.23 09:26:54 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011.02.23 09:26:54 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011.02.23 09:26:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011.02.23 09:26:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011.02.23 09:26:54 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011.02.23 09:26:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011.02.23 09:26:54 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011.02.23 09:26:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011.02.23 09:26:53 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011.02.23 09:26:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011.02.23 09:26:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011.02.23 09:26:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011.02.23 09:26:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011.02.23 09:26:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011.02.23 09:26:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.02.23 09:26:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011.02.23 09:26:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011.02.23 09:26:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011.02.23 09:26:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011.02.23 09:26:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011.02.23 09:26:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011.02.23 09:26:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011.02.23 09:26:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011.02.23 09:26:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.02.23 09:26:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011.02.23 09:26:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011.02.23 09:26:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011.02.23 09:26:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011.02.23 09:26:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011.02.23 09:26:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011.02.23 09:26:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011.02.23 09:26:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011.02.23 09:26:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.02.23 09:26:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011.02.23 09:26:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011.02.23 09:26:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011.02.23 09:26:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011.02.23 09:26:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011.02.23 09:26:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011.02.23 09:26:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011.02.23 09:26:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011.02.23 09:26:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011.02.23 09:26:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011.02.23 09:26:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.23 09:26:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011.02.23 09:26:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011.02.23 09:26:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011.02.23 09:26:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.23 09:26:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011.02.23 09:26:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011.02.23 09:26:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011.02.23 09:26:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011.02.23 09:26:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011.02.23 09:26:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011.02.23 09:26:50 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.23 09:26:50 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011.02.23 09:26:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011.02.23 09:26:50 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011.02.23 09:26:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011.02.23 09:26:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011.02.23 09:26:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011.02.23 09:26:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011.02.23 09:26:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011.02.23 09:26:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011.02.23 09:26:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.23 09:26:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011.02.23 09:26:49 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011.02.23 09:26:49 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011.02.23 09:26:49 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011.02.23 09:26:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011.02.23 09:26:49 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011.02.23 09:26:49 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011.02.23 09:26:49 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011.02.23 09:26:49 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011.02.23 09:26:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011.02.23 09:26:48 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011.02.23 09:26:48 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011.02.23 09:26:48 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011.02.23 09:26:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011.02.23 09:26:48 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.02.23 09:26:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011.02.23 09:26:47 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011.02.23 09:26:47 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011.02.23 09:26:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011.02.23 09:26:47 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011.02.23 09:26:47 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011.02.23 09:26:47 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011.02.23 09:26:47 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011.02.23 09:26:47 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011.02.23 09:26:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011.02.23 09:26:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.02.23 09:26:47 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011.02.23 09:26:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011.02.23 09:26:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.23 09:26:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011.02.23 09:26:47 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.02.23 09:26:47 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll
[2011.02.23 09:26:46 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011.02.23 09:26:46 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011.02.23 09:26:46 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011.02.23 09:26:46 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011.02.23 09:26:46 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011.02.23 09:26:46 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011.02.23 09:26:46 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011.02.23 09:26:46 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011.02.23 09:26:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.23 09:26:46 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011.02.23 09:26:46 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011.02.23 09:26:45 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011.02.23 09:26:45 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011.02.23 09:26:45 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011.02.23 09:26:45 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011.02.23 09:26:45 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011.02.23 09:26:45 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011.02.23 09:26:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011.02.23 09:26:45 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.02.23 09:26:45 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011.02.23 09:26:45 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.02.23 09:26:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011.02.23 09:26:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011.02.23 09:26:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.23 09:26:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.02.23 09:26:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.23 09:26:44 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011.02.23 09:26:44 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011.02.23 09:26:44 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011.02.23 09:26:44 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011.02.23 09:26:44 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.02.23 09:26:44 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011.02.23 09:26:44 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011.02.23 09:26:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011.02.23 09:26:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011.02.23 09:26:44 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011.02.23 09:26:44 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011.02.23 09:26:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011.02.23 09:26:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011.02.23 09:26:44 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011.02.23 09:26:44 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011.02.23 09:26:44 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011.02.23 09:26:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011.02.23 09:26:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011.02.23 09:26:43 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011.02.23 09:26:43 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.02.23 09:26:43 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011.02.23 09:26:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011.02.23 09:26:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011.02.23 09:26:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.02.23 09:26:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.02.23 09:26:43 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.02.23 09:26:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011.02.23 09:26:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011.02.23 09:26:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011.02.23 09:26:42 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.23 09:26:42 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011.02.23 09:26:42 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011.02.23 09:26:42 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.23 09:26:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011.02.23 09:26:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011.02.23 09:26:42 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011.02.23 09:26:42 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011.02.23 09:26:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011.02.23 09:26:42 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011.02.23 09:26:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011.02.23 09:26:42 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.02.23 09:26:42 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011.02.23 09:26:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011.02.23 09:26:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011.02.23 09:26:42 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011.02.23 09:26:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011.02.23 09:26:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011.02.23 09:26:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011.02.23 09:26:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011.02.23 09:26:41 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011.02.23 09:26:41 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011.02.23 09:26:41 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.02.23 09:26:41 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.02.23 09:26:41 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011.02.23 09:26:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011.02.23 09:26:41 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011.02.23 09:26:41 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011.02.23 09:26:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011.02.23 09:26:41 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011.02.23 09:26:41 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011.02.23 09:26:41 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011.02.23 09:26:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011.02.23 09:26:41 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011.02.23 09:26:41 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011.02.23 09:26:41 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011.02.23 09:26:41 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011.02.23 09:26:41 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011.02.23 09:26:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011.02.23 09:26:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.23 09:26:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011.02.23 09:26:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011.02.23 09:26:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011.02.23 09:26:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011.02.23 09:26:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.02.23 09:26:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011.02.23 09:26:41 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011.02.23 09:26:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011.02.23 09:26:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011.02.23 09:26:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011.02.23 09:26:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011.02.23 09:26:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011.02.23 09:26:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011.02.23 09:26:40 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.02.23 09:26:40 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011.02.23 09:26:40 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011.02.23 09:26:40 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011.02.23 09:26:40 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011.02.23 09:26:40 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011.02.23 09:26:40 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011.02.23 09:26:40 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011.02.23 09:26:40 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011.02.23 09:26:40 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011.02.23 09:26:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011.02.23 09:26:40 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.02.23 09:26:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011.02.23 09:26:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011.02.23 09:26:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011.02.23 09:26:40 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011.02.23 09:26:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011.02.23 09:26:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011.02.23 09:26:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011.02.23 09:26:39 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011.02.23 09:26:39 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011.02.23 09:26:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011.02.23 09:26:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011.02.23 09:26:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.02.23 09:26:39 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011.02.23 09:26:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.02.23 09:26:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011.02.23 09:26:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011.02.23 09:26:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011.02.23 09:26:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011.02.23 09:26:39 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011.02.23 09:26:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011.02.23 09:26:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011.02.23 09:26:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011.02.23 09:26:39 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011.02.23 09:26:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011.02.23 09:26:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011.02.23 09:26:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011.02.23 09:26:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011.02.23 09:26:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011.02.23 09:26:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011.02.23 09:26:39 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011.02.23 09:26:39 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011.02.23 09:26:38 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011.02.23 09:26:38 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011.02.23 09:26:38 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.02.23 09:26:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011.02.23 09:26:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011.02.23 09:26:38 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011.02.23 09:26:38 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.02.23 09:26:38 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011.02.23 09:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011.02.23 09:26:38 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011.02.23 09:26:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011.02.23 09:26:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.02.23 09:26:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011.02.23 09:26:38 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011.02.23 09:26:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011.02.23 09:26:38 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011.02.23 09:26:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011.02.23 09:26:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011.02.23 09:26:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011.02.23 09:26:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011.02.23 09:26:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011.02.23 09:26:37 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.02.23 09:26:37 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011.02.23 09:26:37 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.23 09:26:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011.02.23 09:26:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011.02.23 09:26:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011.02.23 09:26:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011.02.23 09:26:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.02.23 09:26:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011.02.23 09:26:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011.02.23 09:26:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011.02.23 09:26:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011.02.23 09:26:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011.02.23 09:26:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011.02.23 09:26:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.02.23 09:26:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.02.23 09:26:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011.02.23 09:26:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011.02.23 09:26:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011.02.23 09:26:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011.02.23 09:26:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011.02.23 09:26:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011.02.23 09:26:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011.02.23 09:26:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011.02.23 09:26:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011.02.23 09:26:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011.02.23 09:26:36 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.02.23 09:26:36 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011.02.23 09:26:36 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011.02.23 09:26:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011.02.23 09:26:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011.02.23 09:26:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011.02.23 09:26:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011.02.23 09:26:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011.02.23 09:26:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011.02.23 09:26:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011.02.23 09:26:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011.02.23 09:26:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011.02.23 09:26:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.02.23 09:26:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011.02.23 09:26:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011.02.23 09:26:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011.02.23 09:26:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011.02.23 09:26:35 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011.02.23 09:26:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011.02.23 09:26:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011.02.23 09:26:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011.02.23 09:26:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011.02.23 09:26:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011.02.23 09:26:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011.02.23 09:26:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011.02.23 09:26:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011.02.23 09:26:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011.02.23 09:26:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.23 09:26:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011.02.23 09:26:34 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.02.23 09:26:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011.02.23 09:26:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011.02.23 09:26:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011.02.23 09:26:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011.02.23 09:26:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.23 09:26:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011.02.23 09:26:33 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011.02.23 09:26:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011.02.23 09:26:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011.02.23 09:26:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011.02.23 09:26:32 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011.02.23 09:26:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011.02.23 09:26:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011.02.23 09:26:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011.02.23 09:26:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011.02.23 09:26:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011.02.23 09:26:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011.02.23 09:26:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.02.23 09:26:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.23 09:26:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011.02.23 09:26:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011.02.23 09:26:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011.02.23 09:26:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011.02.23 09:26:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011.02.23 09:26:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011.02.23 09:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.02.23 09:26:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.02.23 09:26:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011.02.23 09:26:30 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011.02.23 09:26:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011.02.23 09:26:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011.02.23 09:26:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011.02.23 09:26:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011.02.23 09:26:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011.02.23 09:26:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011.02.23 09:26:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011.02.23 09:26:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011.02.23 09:26:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011.02.23 09:26:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.23 09:26:05 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011.02.23 09:26:05 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.23 09:25:55 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011.02.23 09:25:51 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011.02.23 09:25:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011.02.23 09:25:30 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011.02.23 09:25:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011.02.23 09:12:28 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.23 09:12:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.23 09:12:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.16 20:43:03 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.16 20:43:03 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.16 20:42:16 | 000,655,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.16 20:42:16 | 000,616,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.16 20:42:16 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.16 20:42:16 | 000,106,728 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.16 20:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.16 20:36:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.16 20:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.16 20:35:43 | 2213,986,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.15 19:48:50 | 000,061,440 | ---- | M] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.09 09:55:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.03.05 09:39:32 | 000,000,220 | ---- | M] () -- C:\Users\Helmut\Desktop\Ö3 ADSL.url
[2011.02.23 22:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.23 22:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.23 21:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.23 21:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.23 21:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.23 21:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.23 21:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.23 21:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.23 09:40:08 | 000,370,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.23 09:34:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011.02.19 13:30:51 | 001,076,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.19 13:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
 
========== Files Created - No Company Name ==========
 
[2011.03.05 09:38:54 | 000,000,220 | ---- | C] () -- C:\Users\Helmut\Desktop\Ö3 ADSL.url
[2011.02.23 09:27:25 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.02.23 09:26:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.23 09:26:35 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.02.23 09:26:29 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2010.12.30 11:50:44 | 000,000,419 | ---- | C] () -- C:\Users\Helmut\AppData\Local\Temp_tmp_.xml
[2010.12.04 12:56:32 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll
[2010.12.04 12:53:14 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010.12.04 12:53:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010.12.04 12:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll
[2010.12.04 12:25:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010.12.04 12:25:11 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll
[2010.12.04 12:23:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\ccmove32.dll
[2010.12.04 12:23:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Cc32.dll
[2010.10.31 10:58:44 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI
[2010.04.22 20:14:24 | 000,000,615 | R--- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.04.22 20:14:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\RAEXTUI.dll
[2010.04.19 21:28:42 | 000,002,057 | ---- | C] () -- C:\Windows\System32\GUCI_AVS.ini
[2010.04.16 20:50:36 | 000,000,446 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.22 08:57:39 | 000,061,440 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 19:58:42 | 000,004,480 | ---- | C] () -- C:\Windows\HGW2.INI
[2010.03.19 19:58:42 | 000,004,333 | ---- | C] () -- C:\Windows\HFX100.INI
[2010.03.19 19:58:33 | 000,000,368 | ---- | C] () -- C:\Windows\SPCDIRS.INI
[2010.03.19 19:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.19 16:11:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.19 16:07:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.03.19 14:07:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.18 21:23:03 | 000,036,919 | ---- | C] () -- C:\Windows\dbetdfmt.ini
[2010.03.18 21:11:15 | 000,000,002 | ---- | C] () -- C:\Windows\PhotoSuite.ini
[2010.03.18 21:11:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\JPEGLIB.DLL
[2010.03.18 21:11:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\EnrouteStitch.dll
[2010.03.18 21:11:08 | 000,332,800 | ---- | C] () -- C:\Windows\System32\FPXLIB.DLL
[2010.03.17 21:54:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.03.17 14:18:29 | 000,002,867 | ---- | C] () -- C:\Windows\WINCMD.INI
[2009.07.14 15:47:43 | 000,655,802 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 15:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 15:47:43 | 000,130,434 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 15:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 11:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 11:33:53 | 000,370,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 09:05:48 | 000,616,348 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 09:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 09:05:48 | 000,106,728 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 09:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 09:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 09:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 06:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 06:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 06:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 07:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009.06.11 04:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---

_______________________________________________
OTL Logfile:
Code:
OTL Extras logfile created on: 16.03.2011 21:08:45 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = E:\WINDOWS7\Download
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 37,95 Gb Free Space | 64,76% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 34,78 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive E: | 194,94 Gb Total Space | 118,91 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
Drive H: | 54,32 Gb Total Space | 37,32 Gb Free Space | 68,70% Space Free | Partition Type: NTFS
Drive T: | 194,94 Gb Total Space | 103,10 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
Drive U: | 44,55 Gb Total Space | 28,82 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
 
Computer Name: ACER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhelp.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- winhelp.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Windows7\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Windows7\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "E:\WINDOWS7\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Helmut\AppData\Local\Temp\0.22482767888255106.exe" = C:\Users\Helmut\AppData\Local\Temp\0.22482767888255106.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22\svcnost.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Local\Temp\0.5071087690742537.exe" = C:\Users\Helmut\AppData\Local\Temp\0.5071087690742537.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\Desktop\update.exe" = C:\Users\Helmut\Desktop\update.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2\svcnost.exe:*:Enabled:ldrsoft
"C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2\svcnost.exe" = C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2\svcnost.exe:*:Enabled:ldrsoft
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{1FF78023-EFA4-491F-9F5A-284DE97AA326}" = TL-WN321G Wireless Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = PAP7501(16M)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Ultra Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3D Hausplaner 9_is1" = DATA BECKER 3D Hausplaner 9
"A4Tech iKeyWorks" = A4Tech iKeyWorks 7.80
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Canon MP140 series Benutzerregistrierung" = Canon MP140 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CCleaner" = CCleaner
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"EasyBCD" = EasyBCD 1.7.2
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ffdshow_is1" = ffdshow v1.1.3439 [2010-05-14]
"FGS Kassenbuch5.1.6" = FGS Kassenbuch
"FGS Kassenbuch5.1.7" = FGS Kassenbuch
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GlobalTV" = GlobalTV
"Hippsoft hsWebCam_is1" = Hippsoft hsWebCam 1.08.0006
"IncrediMail" = IncrediMail 2.0
"IrfanView" = IrfanView (remove only)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"meinHausplaner" = meinHausplaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
--- --- ---

cosinus 16.03.2011 15:41
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.12 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2
[2011.03.12 16:13:29 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2
[2011.03.12 16:13:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2
[2011.03.12 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22
[2011.03.12 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2
[2011.03.08 17:33:42 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32
[2011.03.08 17:33:28 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2
[2011.03.08 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2
[2011.03.08 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2
[2011.03.08 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

W7Helmi 16.03.2011 15:57
Hallo Arne!
Ja Neustart wurde durchgeführt. Hier der report:

All processes killed
========== OTL ==========
C:\Users\Helmut\AppData\Roaming\xpms11awoosrepeqrijjghczrjpavggs2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\xbcicu1qog3qskd3gckjwxyoq33yndur2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\q1rqmdfbpzb2ig2w3kdunz3r1scvjqx2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\nm1s1jugr1i3pz1jzgrlnzqbzw1dfht2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\xpwsrnltfimwkj2mx1lueyniqysfgmq22 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\pywdgogbltubsty3qnoqr1tgoornlvi2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\wfprlhinusqub2rvmqxqshiyabsrss32 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\xeqcsqrylmentimgpoifyvbtsdgcml2p2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\eaeijgxvdjbclvbasu2tafeb3iruqzh2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\gqtymunmvpngyheb3nndjyfmrqjxcfr2 folder moved successfully.
C:\Users\Helmut\AppData\Roaming\mg11zkbary2gyooknaq1jau2angskyz2 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helmut
->Temp folder emptied: 908852 bytes
->Temporary Internet Files folder emptied: 26245666 bytes
->Java cache emptied: 2657258 bytes
->FireFox cache emptied: 59421759 bytes
->Flash cache emptied: 7493 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7268 bytes
RecycleBin emptied: 30699128 bytes

Total Files Cleaned = 114,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03162011_215129

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 16.03.2011 16:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

W7Helmi 16.03.2011 16:39
Hallo Arnie!
Ich habe anscheinend einen großen fehler gemacht. Folgendes: ich habe Combofix heruntergeladen und es kam eine Fehlermeldung. Dann nochmal runtergeladen und gleich gestartet. Dann hat Avast (vergessen zum ausschalten da ich annahm das Cofi erst installiert werden muss) mich andauernd gefragt ob ich in der Sandbox das machen will und weils andauernd gekommen ist habe ich ctrl-Alt-Entf den Taskmanager ausgeführt und das system heruntergefahren. Gleich beim Hochfahren ist mir aufgefallen das die systemsounds nicht mehr funktionieren. Ich weiss ned was noch alles nicht funkt. Trau mich nicht weiter zu suchen. kannst mir ev. helfen??
DANKE

cosinus 16.03.2011 19:09
Deinstalliere bitte Avast, starte den Rechner neu und probier es nochmal mit cofi.

W7Helmi 17.03.2011 03:49
Liste der Anhänge anzeigen (Anzahl: 1)
Guten Morgen Arne!
Ich habe die Nacht über den PC laufen lassen sicherheitshalber und jetzt morgens deine Nachricht gelesen.
Ich habe Avast deaktiviert - CoFi ausgeführt
Bei Stufe_48 kam eine Fehlermeldung - PEV.cfxxe funktioniert nicht mehr!
Ich habe 30 min gewartet und habe dann die Meldung geschlossen.
Daraufhin hat CoFi normal bis stufe 50 weitergearbeitet und alles Programmgemäß erledigt.
Hier die Log Datei:
Combofix Logfile:
Code:
ComboFix 11-03-16.01 - Helmut 17.03.2011  8:23.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.43.1031.18.2815.1811 [GMT 7:00]
ausgeführt von:: c:\users\Helmut\Desktop\CoFi.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helmut\AppData\Roaming\desktop.ini
c:\users\Helmut\FAVORI~1\Translator.url
c:\users\Helmut\Favorites\Translator.url
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-17 bis 2011-03-17  ))))))))))))))))))))))))))))))
.
.
2011-03-17 02:14 . 2011-03-17 02:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-16 01:18 . 2011-02-23 02:35        5943120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7739C84C-CFE5-478B-AF4E-38CC72716E40}\mpengine.dll
2011-03-11 11:35 . 2011-03-11 11:35        --------        d-----w-        c:\users\Helmut\AppData\Roaming\Malwarebytes
2011-03-11 11:35 . 2011-03-11 11:35        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-11 11:35 . 2010-12-20 11:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 11:35 . 2010-12-20 11:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-09 08:46 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-09 08:46 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-09 08:46 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-09 08:46 . 2010-12-23 05:54        850944        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 08:46 . 2010-12-23 05:54        642048        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 08:46 . 2010-12-23 05:54        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 08:46 . 2010-12-23 05:50        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 02:55 . 2011-02-23 14:56        371544        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-03-08 09:17 . 2011-03-08 09:17        --------        d-----w-        c:\users\Helmut\AppData\Local\Apps
2011-02-23 02:30 . 2011-02-23 02:30        --------        d-----w-        c:\windows\system32\SPReview
2011-02-23 02:29 . 2011-02-23 02:29        --------        d-----w-        c:\windows\system32\EventProviders
2011-02-23 02:26 . 2010-11-20 12:29        132992        ----a-w-        c:\windows\system32\drivers\ataport.sys
2011-02-23 02:25 . 2010-11-20 12:21        697344        ----a-w-        c:\windows\system32\SmiEngine.dll
2011-02-23 02:25 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\system32\wdscore.dll
2011-02-23 02:25 . 2010-11-20 12:17        209920        ----a-w-        c:\windows\system32\PkgMgr.exe
2011-02-23 02:25 . 2010-11-20 12:18        323072        ----a-w-        c:\windows\system32\drvstore.dll
2011-02-23 02:25 . 2010-11-20 12:18        257024        ----a-w-        c:\windows\system32\dpx.dll
2011-02-23 02:12 . 2011-01-07 07:46        870912        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-02-23 02:12 . 2011-01-07 07:46        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-23 02:12 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-06-29 05:49        40648        ----a-w-        c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-06-13 06:52        190016        ----a-w-        c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-06-13 06:53        301528        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-06-13 06:53        49240        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-06-13 06:53        25432        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-06-13 06:53        53592        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-06-13 06:53        19544        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-02-23 02:34 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-09 01:39        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 10:11 . 2010-03-17 07:09        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-07 07:45 . 2011-02-09 01:40        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-09 01:40        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 01:40        294400        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-05 05:55 . 2011-02-09 01:40        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-09 01:40        2330624        ----a-w-        c:\windows\system32\win32k.sys
2010-12-17 07:07 . 2011-02-09 01:40        542208        ----a-w-        c:\windows\system32\kerberos.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04        122512        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20        442880        ----a-w-        c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SIDEBAR"="e:\windows7\Programme\Desktop Sidebar\dsidebar.exe" [2006-07-09 1777664]
"Skype"="e:\windows7\Programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DMS-Kalenderchen"="e:\windows7\Programme\Kalenderchen\Kalenderchen.exe" [2010-05-18 3498496]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-18 39408]
"IncrediMail"="e:\windows7\Programme\IncrediMail\bin\IncMail.exe" [2011-02-24 353736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"RemoteControl"="e:\windows7\Programme\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="e:\windows7\Programme\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"iKeyWorks"="e:\windows7\PROGRA~1\Tastatur\Ikeymain.exe" [2007-06-25 65536]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TkBellExe"="e:\windows7\Programme\Real\update\realsched.exe" [2010-11-14 274608]
.
c:\users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mouse.lnk - e:\windows7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe [2010-3-17 429568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\windows7\Programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TL-WN321G Wireless Utility.lnk - e:\windows7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2010-4-22 1785856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 135664]
R2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\windows7\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 StorSvc;Speicherdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 28032]
R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 UmRdpService;Anschlussumleitung für Remotedesktopdienst im Benutzermodus;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-28 40560]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 40704]
S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 vmbus;Bus des virtuellen Computers;c:\windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 CSC;Treiber für Offlinedateien;c:\windows\system32\drivers\csc.sys [2010-11-20 388096]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CscService;Offlinedateien;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]
S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
S3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]
S3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS        REG_MULTI_SZ          RpcEptMapper RpcSs
defragsvc        REG_MULTI_SZ          defragsvc
WerSvcGroup        REG_MULTI_SZ          wersvc
LocalServiceNoNetwork        REG_MULTI_SZ          DPS PLA BFE mpssvc WwanSvc
swprv        REG_MULTI_SZ          swprv
LocalServicePeerNet        REG_MULTI_SZ          PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation        REG_MULTI_SZ          KtmRm
regsvc        REG_MULTI_SZ          RemoteRegistry
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch        REG_MULTI_SZ          Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted        REG_MULTI_SZ          PolicyAgent
sdrsvc        REG_MULTI_SZ          sdrsvc
WbioSvcGroup        REG_MULTI_SZ          WbioSrvc
wcssvc        REG_MULTI_SZ          WcsPlugInService
AxInstSVGroup        REG_MULTI_SZ          AxInstSV
secsvcs        REG_MULTI_SZ          WinDefend
PeerDist        REG_MULTI_SZ          PeerDistSvc
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted
homegrouplistener
StorSvc
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 12:21]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 12:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: &Add animation to IncrediMail Style Box - e:\windows7\Programme\IncrediMail\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - e:\windows7\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\4gnrnlsn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.superchat.at/index
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\windows7\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-17 09:14
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-17  09:16:22
ComboFix-quarantined-files.txt  2011-03-17 02:16
.
Vor Suchlauf: 9 Verzeichnis(se), 40.429.469.696 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 40.341.135.360 Bytes frei
.
- - End Of File - - 7EF4588E108A0D73AAF06698E488BAE3
--- --- ---




Nach Fertigstellung habe ich Avast wieder aktiviert und das System neu gestartet.
Die Systemklänge funktionieren wieder und es scheint alles zu funktionieren nur beim Systemstart bekomme ich angehängte Meldung. Ich weiss nicht welches programm sich hier im Internet gleich zu beginn einlogt und denke es könnte Avast sein??
Kann ich beruhigt sein oder werde ich immer noch ausspioniert?

Wie geht es jetzt weiter oder sind wir am Ende?
Jedenfalls mal VIELEN DANK für deine Hilfe

Sorry habe gerade die Vorschau aktiviert und siehe da unser ALTES Problem
meldung von Avast - hxxp://www.google-analytics.com/ga.jsI>(gzip) ist wieder aufgetaucht so ein mist!!!
Lg
Helmut

cosinus 17.03.2011 09:51
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

W7Helmi 17.03.2011 10:00
Guten Morgen Arne!
Soll ich "Avast" Virenprogramm vorher schließen?

W7Helmi 17.03.2011 10:32
Ich habe Avast geschlossen un das Tool ausgeführt wobei er nichts gefunden hat. Hier der Report:
2011/03/17 16:29:35.0496 4600 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 16:29:36.0448 4600 ================================================================================
2011/03/17 16:29:36.0448 4600 SystemInfo:
2011/03/17 16:29:36.0448 4600
2011/03/17 16:29:36.0448 4600 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/17 16:29:36.0448 4600 Product type: Workstation
2011/03/17 16:29:36.0448 4600 ComputerName: ACER
2011/03/17 16:29:36.0448 4600 UserName: Helmut
2011/03/17 16:29:36.0448 4600 Windows directory: C:\Windows
2011/03/17 16:29:36.0448 4600 System windows directory: C:\Windows
2011/03/17 16:29:36.0448 4600 Processor architecture: Intel x86
2011/03/17 16:29:36.0448 4600 Number of processors: 2
2011/03/17 16:29:36.0448 4600 Page size: 0x1000
2011/03/17 16:29:36.0448 4600 Boot type: Normal boot
2011/03/17 16:29:36.0448 4600 ================================================================================
2011/03/17 16:29:36.0978 4600 Initialize success
2011/03/17 16:29:46.0432 4040 ================================================================================
2011/03/17 16:29:46.0432 4040 Scan started
2011/03/17 16:29:46.0432 4040 Mode: Manual;
2011/03/17 16:29:46.0432 4040 ================================================================================
2011/03/17 16:29:46.0806 4040 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/03/17 16:29:46.0884 4040 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
2011/03/17 16:29:46.0931 4040 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/03/17 16:29:46.0978 4040 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/03/17 16:29:47.0024 4040 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/17 16:29:47.0071 4040 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/17 16:29:47.0087 4040 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/17 16:29:47.0165 4040 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/03/17 16:29:47.0212 4040 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/17 16:29:47.0243 4040 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/03/17 16:29:47.0290 4040 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/17 16:29:47.0352 4040 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/03/17 16:29:47.0368 4040 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/03/17 16:29:47.0399 4040 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/03/17 16:29:47.0430 4040 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/17 16:29:47.0446 4040 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/17 16:29:47.0492 4040 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/03/17 16:29:47.0508 4040 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/17 16:29:47.0539 4040 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/03/17 16:29:47.0586 4040 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/03/17 16:29:47.0633 4040 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/17 16:29:47.0648 4040 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/17 16:29:47.0695 4040 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/17 16:29:47.0742 4040 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/17 16:29:47.0789 4040 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/03/17 16:29:47.0851 4040 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/03/17 16:29:47.0898 4040 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/03/17 16:29:47.0960 4040 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/03/17 16:29:47.0992 4040 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/17 16:29:48.0023 4040 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/03/17 16:29:48.0101 4040 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/17 16:29:48.0132 4040 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/17 16:29:48.0163 4040 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/17 16:29:48.0210 4040 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/17 16:29:48.0226 4040 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/17 16:29:48.0257 4040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/17 16:29:48.0272 4040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/17 16:29:48.0304 4040 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/17 16:29:48.0335 4040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/17 16:29:48.0350 4040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/17 16:29:48.0382 4040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/17 16:29:48.0397 4040 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/17 16:29:48.0647 4040 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/17 16:29:48.0694 4040 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/03/17 16:29:48.0725 4040 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/17 16:29:48.0756 4040 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/17 16:29:48.0818 4040 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/17 16:29:48.0865 4040 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/03/17 16:29:48.0896 4040 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/17 16:29:48.0912 4040 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/17 16:29:48.0959 4040 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/17 16:29:48.0990 4040 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/17 16:29:49.0068 4040 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/03/17 16:29:49.0146 4040 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/03/17 16:29:49.0177 4040 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/17 16:29:49.0193 4040 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/17 16:29:49.0255 4040 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/17 16:29:49.0302 4040 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/17 16:29:49.0396 4040 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/17 16:29:49.0489 4040 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/17 16:29:49.0520 4040 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/03/17 16:29:49.0567 4040 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/17 16:29:49.0583 4040 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/17 16:29:49.0614 4040 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/17 16:29:49.0661 4040 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/17 16:29:49.0676 4040 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/17 16:29:49.0708 4040 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/17 16:29:49.0739 4040 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/17 16:29:49.0770 4040 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/17 16:29:49.0801 4040 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/17 16:29:49.0848 4040 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/17 16:29:49.0879 4040 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/17 16:29:49.0942 4040 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/17 16:29:49.0988 4040 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/03/17 16:29:50.0051 4040 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/03/17 16:29:50.0066 4040 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/17 16:29:50.0082 4040 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/17 16:29:50.0113 4040 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/17 16:29:50.0176 4040 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/03/17 16:29:50.0254 4040 hotcore3 (86a41bab21b31f8a1b8f5fb93106b63f) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/03/17 16:29:50.0300 4040 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/17 16:29:50.0347 4040 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/03/17 16:29:50.0394 4040 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/17 16:29:50.0441 4040 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/03/17 16:29:50.0488 4040 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/03/17 16:29:50.0534 4040 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/17 16:29:50.0659 4040 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/17 16:29:50.0722 4040 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/03/17 16:29:50.0753 4040 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/17 16:29:50.0784 4040 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 16:29:50.0831 4040 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/17 16:29:50.0862 4040 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/17 16:29:50.0956 4040 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/17 16:29:51.0018 4040 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/03/17 16:29:51.0065 4040 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/03/17 16:29:51.0112 4040 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/03/17 16:29:51.0158 4040 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/03/17 16:29:51.0221 4040 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/03/17 16:29:51.0252 4040 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/17 16:29:51.0283 4040 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/17 16:29:51.0346 4040 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/17 16:29:51.0377 4040 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/17 16:29:51.0392 4040 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/17 16:29:51.0424 4040 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/17 16:29:51.0455 4040 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/17 16:29:51.0486 4040 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/17 16:29:51.0502 4040 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/17 16:29:51.0533 4040 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/17 16:29:51.0564 4040 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/17 16:29:51.0595 4040 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/17 16:29:51.0642 4040 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/03/17 16:29:51.0673 4040 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/17 16:29:51.0720 4040 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/03/17 16:29:51.0751 4040 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/03/17 16:29:51.0767 4040 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/17 16:29:51.0814 4040 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/03/17 16:29:51.0876 4040 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 16:29:51.0892 4040 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 16:29:51.0938 4040 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 16:29:51.0985 4040 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/03/17 16:29:52.0032 4040 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/03/17 16:29:52.0079 4040 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/17 16:29:52.0094 4040 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/17 16:29:52.0126 4040 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/03/17 16:29:52.0172 4040 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/17 16:29:52.0188 4040 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/17 16:29:52.0219 4040 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/17 16:29:52.0250 4040 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/17 16:29:52.0282 4040 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/03/17 16:29:52.0297 4040 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/17 16:29:52.0313 4040 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/17 16:29:52.0344 4040 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/17 16:29:52.0391 4040 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/17 16:29:52.0469 4040 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/03/17 16:29:52.0500 4040 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/17 16:29:52.0516 4040 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/17 16:29:52.0562 4040 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/17 16:29:52.0609 4040 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/17 16:29:52.0640 4040 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/03/17 16:29:52.0656 4040 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/17 16:29:52.0703 4040 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/17 16:29:52.0781 4040 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
2011/03/17 16:29:52.0828 4040 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/17 16:29:52.0874 4040 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/17 16:29:52.0890 4040 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/17 16:29:52.0952 4040 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/03/17 16:29:52.0999 4040 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/17 16:29:53.0062 4040 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/03/17 16:29:53.0280 4040 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/17 16:29:53.0483 4040 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/03/17 16:29:53.0530 4040 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/17 16:29:53.0561 4040 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/03/17 16:29:53.0608 4040 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/03/17 16:29:53.0639 4040 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/03/17 16:29:53.0686 4040 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/17 16:29:53.0732 4040 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/03/17 16:29:53.0748 4040 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/17 16:29:53.0779 4040 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/03/17 16:29:53.0810 4040 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/03/17 16:29:53.0842 4040 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/17 16:29:53.0857 4040 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/17 16:29:53.0904 4040 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/17 16:29:53.0998 4040 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/17 16:29:54.0013 4040 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/17 16:29:54.0060 4040 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/17 16:29:54.0107 4040 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/17 16:29:54.0138 4040 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/17 16:29:54.0154 4040 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/17 16:29:54.0200 4040 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/17 16:29:54.0247 4040 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/17 16:29:54.0278 4040 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 16:29:54.0310 4040 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/17 16:29:54.0341 4040 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/17 16:29:54.0388 4040 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/17 16:29:54.0419 4040 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/17 16:29:54.0450 4040 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 16:29:54.0497 4040 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/03/17 16:29:54.0528 4040 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/17 16:29:54.0559 4040 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/17 16:29:54.0590 4040 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/03/17 16:29:54.0637 4040 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/03/17 16:29:54.0715 4040 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/17 16:29:54.0762 4040 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/03/17 16:29:54.0778 4040 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/03/17 16:29:54.0824 4040 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/17 16:29:54.0871 4040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/17 16:29:54.0934 4040 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/17 16:29:54.0965 4040 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/17 16:29:54.0996 4040 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/17 16:29:55.0043 4040 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/03/17 16:29:55.0074 4040 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/17 16:29:55.0090 4040 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/17 16:29:55.0121 4040 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 16:29:55.0168 4040 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/03/17 16:29:55.0183 4040 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/17 16:29:55.0214 4040 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/17 16:29:55.0246 4040 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 16:29:55.0308 4040 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/17 16:29:55.0370 4040 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 16:29:55.0402 4040 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 16:29:55.0448 4040 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 16:29:55.0495 4040 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/17 16:29:55.0542 4040 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
2011/03/17 16:29:55.0589 4040 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
2011/03/17 16:29:55.0636 4040 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/17 16:29:55.0651 4040 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/03/17 16:29:55.0682 4040 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/03/17 16:29:55.0760 4040 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 16:29:55.0823 4040 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 16:29:55.0885 4040 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 16:29:55.0932 4040 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 16:29:55.0963 4040 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 16:29:56.0010 4040 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 16:29:56.0041 4040 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/03/17 16:29:56.0104 4040 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 16:29:56.0166 4040 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/03/17 16:29:56.0213 4040 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 16:29:56.0260 4040 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/17 16:29:56.0306 4040 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 16:29:56.0369 4040 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/17 16:29:56.0400 4040 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/03/17 16:29:56.0431 4040 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/17 16:29:56.0494 4040 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/03/17 16:29:56.0525 4040 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/03/17 16:29:56.0540 4040 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/03/17 16:29:56.0572 4040 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 16:29:56.0603 4040 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/03/17 16:29:56.0650 4040 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/17 16:29:56.0696 4040 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/17 16:29:56.0728 4040 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/17 16:29:56.0759 4040 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/17 16:29:56.0790 4040 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 16:29:56.0837 4040 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/17 16:29:56.0884 4040 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/03/17 16:29:56.0930 4040 uxpatch (628c632710ab55747cb5bcc68716be21) C:\Windows\system32\drivers\uxpatch.sys
2011/03/17 16:29:56.0977 4040 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/17 16:29:57.0008 4040 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 16:29:57.0040 4040 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/17 16:29:57.0055 4040 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/03/17 16:29:57.0118 4040 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/03/17 16:29:57.0149 4040 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/17 16:29:57.0164 4040 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/03/17 16:29:57.0211 4040 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/03/17 16:29:57.0242 4040 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/17 16:29:57.0289 4040 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/03/17 16:29:57.0320 4040 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 16:29:57.0367 4040 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/03/17 16:29:57.0398 4040 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/03/17 16:29:57.0445 4040 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/03/17 16:29:57.0461 4040 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/03/17 16:29:57.0508 4040 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/03/17 16:29:57.0539 4040 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/17 16:29:57.0586 4040 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/17 16:29:57.0617 4040 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/17 16:29:57.0648 4040 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/17 16:29:57.0695 4040 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 16:29:57.0710 4040 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 16:29:57.0773 4040 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/17 16:29:57.0804 4040 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 16:29:57.0866 4040 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/17 16:29:57.0898 4040 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/17 16:29:58.0007 4040 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/17 16:29:58.0054 4040 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 16:29:58.0116 4040 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/03/17 16:29:58.0163 4040 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 16:29:58.0272 4040 ================================================================================
2011/03/17 16:29:58.0272 4040 Scan finished
2011/03/17 16:29:58.0272 4040 ================================================================================

cosinus 17.03.2011 11:37
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

W7Helmi 17.03.2011 12:37
Hallo Arne!
Hier mal der 1.Report:


GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-17 18:35:04
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\00000066 ST332041 rev.CC34
Running: 54208gqe.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAddBootEntry [0x8B0E69CA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwAllocateVirtualMemory [0x9049CA68]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEvent [0x8B0E8EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEventPair [0x8B0E8F04]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateIoCompletion [0x8B0E901A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateMutant [0x8B0E8E02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSection [0x8B0E8F54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSemaphore [0x8B0E8E56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateTimer [0x8B0E8FC8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteBootEntry [0x8B0E69EE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwFreeVirtualMemory [0x9049CB18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwLoadDriver [0x8B0E67B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwModifyBootEntry [0x8B0E6A12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeKey [0x8B0E9412]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeMultipleKeys [0x8B0E74AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEvent [0x8B0E8EDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEventPair [0x8B0E8F2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenIoCompletion [0x8B0E9044]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenMutant [0x8B0E8E2E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSection [0x8B0E8F94]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSemaphore [0x8B0E8E84]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenTimer [0x8B0E8FF2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwProtectVirtualMemory [0x9049CBB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryObject [0x8B0E7370]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootEntryOrder [0x8B0E6A36]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootOptions [0x8B0E6A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemInformation [0x8B0E6812]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemPowerState [0x8B0E694E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwShutdownSystem [0x8B0E692A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSystemDebugControl [0x8B0E6972]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwVdmControl [0x8B0E6A7E]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateProcessEx [0x904B18DE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                  82C45339 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                        82C7ED52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                            82C85DC0 4 Bytes  [CA, 69, 0E, 8B]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                            82C85DE8 4 Bytes  [68, CA, 49, 90]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                            82C85E9C 8 Bytes  [AC, 8E, 0E, 8B, 04, 8F, 0E, ...]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                            82C85EA8 4 Bytes  [1A, 90, 0E, 8B]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                            82C85EC4 4 Bytes  [02, 8E, 0E, 8B]
.text          ...                                                                                                           
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            82E13B6C 5 Bytes  JMP 904AD29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                              82E2C16E 5 Bytes  JMP 904AED50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                    82E4126D 4 Bytes  CALL 8B0E7E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                  82E5B02C 4 Bytes  CALL 8B0E7E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                82EE4E44 7 Bytes  JMP 904B18E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                      section is executable [0x9C9C9300, 0x25D4C, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] ntdll.dll!LdrUnloadDll                                          776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] ntdll.dll!LdrLoadDll                                            776C22B8 5 Bytes  JMP 00160030
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!UnhookWindowsHookEx                                  774CADF9 5 Bytes  JMP 001F0120
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!UnhookWinEvent                                      774CB750 5 Bytes  JMP 001F006C
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWindowsHookExW                                    774CE30C 5 Bytes  JMP 001F00E4
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWinEventHook                                      774D24DC 5 Bytes  JMP 001F0030
.text          C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[132] USER32.dll!SetWindowsHookExA                                    774F6D0C 5 Bytes  JMP 001F00A8
.text          C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[328] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWindowsHookEx                                            774CADF9 5 Bytes  JMP 00670120
.text          C:\Windows\system32\svchost.exe[328] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0067006C
.text          C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExW                                              774CE30C 5 Bytes  JMP 006700E4
.text          C:\Windows\system32\svchost.exe[328] USER32.dll!SetWinEventHook                                                774D24DC 5 Bytes  JMP 00670030
.text          C:\Windows\system32\svchost.exe[328] USER32.dll!SetWindowsHookExA                                              774F6D0C 5 Bytes  JMP 006700A8
.text          C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0003006C
.text          C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00030030
.text          C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWindowsHookEx                                            774CADF9 5 Bytes  JMP 00050120
.text          C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0005006C
.text          C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExW                                              774CE30C 5 Bytes  JMP 000500E4
.text          C:\Windows\system32\wininit.exe[532] USER32.dll!SetWinEventHook                                                774D24DC 5 Bytes  JMP 00050030
.text          C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExA                                              774F6D0C 5 Bytes  JMP 000500A8
.text          C:\Windows\system32\services.exe[592] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\services.exe[592] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll                                                      776BC8DE 5 Bytes  JMP 000A006C
.text          C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll                                                        776C22B8 5 Bytes  JMP 000A0030
.text          C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWindowsHookEx                                              774CADF9 5 Bytes  JMP 00050120
.text          C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWinEvent                                                  774CB750 5 Bytes  JMP 0005006C
.text          C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW                                                774CE30C 5 Bytes  JMP 000500E4
.text          C:\Windows\system32\lsass.exe[604] USER32.dll!SetWinEventHook                                                  774D24DC 5 Bytes  JMP 00050030
.text          C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA                                                774F6D0C 5 Bytes  JMP 000500A8
.text          C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrUnloadDll                                                        776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrLoadDll                                                          776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\winlogon.exe[676] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0003006C
.text          C:\Windows\system32\winlogon.exe[676] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00030030
.text          C:\Windows\system32\winlogon.exe[676] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 000C0120
.text          C:\Windows\system32\winlogon.exe[676] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 000C006C
.text          C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 000C00E4
.text          C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 000C0030
.text          C:\Windows\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 000C00A8
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] ntdll.dll!LdrUnloadDll                  776BC8DE 5 Bytes  JMP 0015006C
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] ntdll.dll!LdrLoadDll                    776C22B8 5 Bytes  JMP 00150030
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!UnhookWindowsHookEx          774CADF9 5 Bytes  JMP 001F0120
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!UnhookWinEvent              774CB750 5 Bytes  JMP 001F006C
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWindowsHookExW            774CE30C 5 Bytes  JMP 001F00E4
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWinEventHook              774D24DC 5 Bytes  JMP 001F0030
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe[744] USER32.dll!SetWindowsHookExA            774F6D0C 5 Bytes  JMP 001F00A8
.text          C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00160030
.text          C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWindowsHookEx                                            774CADF9 5 Bytes  JMP 001F0120
.text          C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWinEvent                                                  774CB750 5 Bytes  JMP 001F006C
.text          C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExW                                              774CE30C 5 Bytes  JMP 001F00E4
.text          C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWinEventHook                                                774D24DC 5 Bytes  JMP 001F0030
.text          C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExA                                              774F6D0C 5 Bytes  JMP 001F00A8
.text          C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx                                            774CADF9 5 Bytes  JMP 00150120
.text          C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0015006C
.text          C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW                                              774CE30C 5 Bytes  JMP 001500E4
.text          C:\Windows\System32\svchost.exe[968] USER32.dll!SetWinEventHook                                                774D24DC 5 Bytes  JMP 00150030
.text          C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA                                              774F6D0C 5 Bytes  JMP 001500A8
.text          C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00500120
.text          C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0050006C
.text          C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 005000E4
.text          C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00500030
.text          C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 005000A8
.text          C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00C10120
.text          C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 00C1006C
.text          C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 00C100E4
.text          C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00C10030
.text          C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 00C100A8
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] ntdll.dll!LdrUnloadDll                            776BC8DE 5 Bytes  JMP 0015006C
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] ntdll.dll!LdrLoadDll                              776C22B8 5 Bytes  JMP 00150030
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!UnhookWindowsHookEx                    774CADF9 5 Bytes  JMP 001E0120
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!UnhookWinEvent                          774CB750 5 Bytes  JMP 001E006C
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWindowsHookExW                      774CE30C 5 Bytes  JMP 001E00E4
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWinEventHook                        774D24DC 5 Bytes  JMP 001E0030
.text          C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1096] USER32.dll!SetWindowsHookExA                      774F6D0C 5 Bytes  JMP 001E00A8
.text          C:\Windows\UnsignedThemesSvc.exe[1116] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Windows\UnsignedThemesSvc.exe[1116] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00160030
.text          C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00330120
.text          C:\Windows\system32\svchost.exe[1252] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0033006C
.text          C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 003300E4
.text          C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00330030
.text          C:\Windows\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 003300A8
.text          C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrUnloadDll                                                    776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrLoadDll                                                      776C22B8 5 Bytes  JMP 00160030
.text          C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWindowsHookEx                                            774CADF9 5 Bytes  JMP 001F0120
.text          C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 001F006C
.text          C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExW                                              774CE30C 5 Bytes  JMP 001F00E4
.text          C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWinEventHook                                                774D24DC 5 Bytes  JMP 001F0030
.text          C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExA                                              774F6D0C 5 Bytes  JMP 001F00A8
.text          C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00330120
.text          C:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0033006C
.text          C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 003300E4
.text          C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00330030
.text          C:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 003300A8
.text          C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter            77393D01 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text          C:\Windows\system32\WLANExt.exe[1548] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\WLANExt.exe[1548] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\WLANExt.exe[1548] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00110120
.text          C:\Windows\system32\WLANExt.exe[1548] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0011006C
.text          C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 001100E4
.text          C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00110030
.text          C:\Windows\system32\WLANExt.exe[1548] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 001100A8
.text          C:\Windows\system32\conhost.exe[1560] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0003006C
.text          C:\Windows\system32\conhost.exe[1560] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00030030
.text          C:\Windows\system32\conhost.exe[1560] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 000C0120
.text          C:\Windows\system32\conhost.exe[1560] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 000C006C
.text          C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 000C00E4
.text          C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 000C0030
.text          C:\Windows\system32\conhost.exe[1560] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 000C00A8
.text          C:\Windows\System32\StkASv2K.exe[1672] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0015006C
.text          C:\Windows\System32\StkASv2K.exe[1672] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00150030
.text          C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00170120
.text          C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!UnhookWinEvent                                              774CB750 5 Bytes  JMP 0017006C
.text          C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 001700E4
.text          C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00170030
.text          C:\Windows\System32\StkASv2K.exe[1672] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 001700A8
.text          C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00100120
.text          C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0010006C
.text          C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 001000E4
.text          C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00100030
.text          C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 001000A8
.text          C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 001E0120
.text          C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 001E006C
.text          C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 001E00E4
.text          C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 001E0030
.text          C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 001E00A8
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] ntdll.dll!LdrUnloadDll                    776BC8DE 5 Bytes  JMP 0017006C
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] ntdll.dll!LdrLoadDll                      776C22B8 5 Bytes  JMP 00170030
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!UnhookWindowsHookEx            774CADF9 5 Bytes  JMP 00300120
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!UnhookWinEvent                774CB750 5 Bytes  JMP 0030006C
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWindowsHookExW              774CE30C 5 Bytes  JMP 003000E4
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWinEventHook                774D24DC 5 Bytes  JMP 00300030
.text          C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe[2040] USER32.dll!SetWindowsHookExA              774F6D0C 5 Bytes  JMP 003000A8
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrUnloadDll          776BC8DE 5 Bytes  JMP 0005006C
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrLoadDll            776C22B8 5 Bytes  JMP 00050030
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWindowsHookEx  774CADF9 5 Bytes  JMP 00130120
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWinEvent        774CB750 5 Bytes  JMP 0013006C
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExW    774CE30C 5 Bytes  JMP 001300E4
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWinEventHook      774D24DC 5 Bytes  JMP 00130030
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExA    774F6D0C 5 Bytes  JMP 001300A8
.text          C:\Windows\system32\SearchIndexer.exe[2320] ntdll.dll!LdrUnloadDll                                            776BC8DE 5 Bytes  JMP 000A006C
.text          C:\Windows\system32\SearchIndexer.exe[2320] ntdll.dll!LdrLoadDll                                              776C22B8 5 Bytes  JMP 000A0030
.text          C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!UnhookWindowsHookEx                                    774CADF9 5 Bytes  JMP 00150120
.text          C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!UnhookWinEvent                                          774CB750 5 Bytes  JMP 0015006C
.text          C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWindowsHookExW                                      774CE30C 5 Bytes  JMP 001500E4
.text          C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWinEventHook                                        774D24DC 5 Bytes  JMP 00150030
.text          C:\Windows\system32\SearchIndexer.exe[2320] USER32.dll!SetWindowsHookExA                                      774F6D0C 5 Bytes  JMP 001500A8
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] ntdll.dll!LdrUnloadDll          776BC8DE 5 Bytes  JMP 0005006C
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] ntdll.dll!LdrLoadDll            776C22B8 5 Bytes  JMP 00050030
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!UnhookWindowsHookEx  774CADF9 5 Bytes  JMP 000C0120
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!UnhookWinEvent      774CB750 5 Bytes  JMP 000C006C
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWindowsHookExW    774CE30C 5 Bytes  JMP 000C00E4
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWinEventHook      774D24DC 5 Bytes  JMP 000C0030
.text          C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2580] USER32.dll!SetWindowsHookExA    774F6D0C 5 Bytes  JMP 000C00A8
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] ntdll.dll!LdrUnloadDll                                776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] ntdll.dll!LdrLoadDll                                  776C22B8 5 Bytes  JMP 00060030
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!UnhookWindowsHookEx                        774CADF9 5 Bytes  JMP 00100120
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!UnhookWinEvent                            774CB750 5 Bytes  JMP 0010006C
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWindowsHookExW                          774CE30C 5 Bytes  JMP 001000E4
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWinEventHook                            774D24DC 5 Bytes  JMP 00100030
.text          C:\Program Files\Windows Media Player\wmpnetwk.exe[2704] USER32.dll!SetWindowsHookExA                          774F6D0C 5 Bytes  JMP 001000A8
.text          C:\Windows\System32\rundll32.exe[2832] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0007006C
.text          C:\Windows\System32\rundll32.exe[2832] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00070030
.text          C:\Windows\System32\rundll32.exe[2832] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00090120
.text          C:\Windows\System32\rundll32.exe[2832] USER32.dll!UnhookWinEvent                                              774CB750 5 Bytes  JMP 0009006C
.text          C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 000900E4
.text          C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00090030
.text          C:\Windows\System32\rundll32.exe[2832] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 000900A8
.text          C:\Windows\system32\taskhost.exe[2876] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0005006C
.text          C:\Windows\system32\taskhost.exe[2876] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00050030
.text          C:\Windows\system32\taskhost.exe[2876] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 000E0120
.text          C:\Windows\system32\taskhost.exe[2876] USER32.dll!UnhookWinEvent                                              774CB750 5 Bytes  JMP 000E006C
.text          C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 000E00E4
.text          C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 000E0030
.text          C:\Windows\system32\taskhost.exe[2876] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 000E00A8
.text          C:\Windows\System32\svchost.exe[2884] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\System32\svchost.exe[2884] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\svchost.exe[2884] user32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 002C0120
.text          C:\Windows\System32\svchost.exe[2884] user32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 002C006C
.text          C:\Windows\System32\svchost.exe[2884] user32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 002C00E4
.text          C:\Windows\System32\svchost.exe[2884] user32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 002C0030
.text          C:\Windows\System32\svchost.exe[2884] user32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 002C00A8
.text          C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrUnloadDll                                                      776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrLoadDll                                                        776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\system32\Dwm.exe[3224] USER32.dll!UnhookWindowsHookEx                                              774CADF9 5 Bytes  JMP 00180120
.text          C:\Windows\system32\Dwm.exe[3224] USER32.dll!UnhookWinEvent                                                    774CB750 5 Bytes  JMP 0018006C
.text          C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWindowsHookExW                                                774CE30C 5 Bytes  JMP 001800E4
.text          C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWinEventHook                                                  774D24DC 5 Bytes  JMP 00180030
.text          C:\Windows\system32\Dwm.exe[3224] USER32.dll!SetWindowsHookExA                                                774F6D0C 5 Bytes  JMP 001800A8
.text          C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrUnloadDll                                                          776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrLoadDll                                                            776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWindowsHookEx                                                  774CADF9 5 Bytes  JMP 000A0120
.text          C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWinEvent                                                        774CB750 5 Bytes  JMP 000A006C
.text          C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExW                                                    774CE30C 5 Bytes  JMP 000A00E4
.text          C:\Windows\Explorer.EXE[3248] USER32.dll!SetWinEventHook                                                      774D24DC 5 Bytes  JMP 000A0030
.text          C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExA                                                    774F6D0C 5 Bytes  JMP 000A00A8
.text          C:\Windows\RtHDVCpl.exe[3348] ntdll.dll!LdrUnloadDll                                                          776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Windows\RtHDVCpl.exe[3348] ntdll.dll!LdrLoadDll                                                            776C22B8 5 Bytes  JMP 00160030
.text          C:\Windows\RtHDVCpl.exe[3348] USER32.dll!UnhookWindowsHookEx                                                  774CADF9 5 Bytes  JMP 00200120
.text          C:\Windows\RtHDVCpl.exe[3348] USER32.dll!UnhookWinEvent                                                        774CB750 5 Bytes  JMP 0020006C
.text          C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWindowsHookExW                                                    774CE30C 5 Bytes  JMP 002000E4
.text          C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWinEventHook                                                      774D24DC 5 Bytes  JMP 00200030
.text          C:\Windows\RtHDVCpl.exe[3348] USER32.dll!SetWindowsHookExA                                                    774F6D0C 5 Bytes  JMP 002000A8
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] ntdll.dll!LdrUnloadDll                                      776BC8DE 5 Bytes  JMP 0016006C
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] ntdll.dll!LdrLoadDll                                        776C22B8 5 Bytes  JMP 00160030
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!UnhookWindowsHookEx                              774CADF9 5 Bytes  JMP 001F0120
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!UnhookWinEvent                                    774CB750 5 Bytes  JMP 001F006C
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWindowsHookExW                                774CE30C 5 Bytes  JMP 001F00E4
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWinEventHook                                  774D24DC 5 Bytes  JMP 001F0030
.text          E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe[3408] USER32.dll!SetWindowsHookExA                                774F6D0C 5 Bytes  JMP 001F00A8
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] ntdll.dll!LdrUnloadDll                                      776BC8DE 5 Bytes  JMP 0015006C
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] ntdll.dll!LdrLoadDll                                        776C22B8 5 Bytes  JMP 00150030
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!UnhookWindowsHookEx                              774CADF9 5 Bytes  JMP 00170120
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!UnhookWinEvent                                    774CB750 5 Bytes  JMP 0017006C
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWindowsHookExW                                774CE30C 5 Bytes  JMP 001700E4
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWinEventHook                                  774D24DC 5 Bytes  JMP 00170030
.text          E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe[3536] USER32.dll!SetWindowsHookExA                                774F6D0C 5 Bytes  JMP 001700A8
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] ntdll.dll!LdrUnloadDll                                                776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] ntdll.dll!LdrLoadDll                                                  776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!UnhookWindowsHookEx                                        774CADF9 5 Bytes  JMP 00110120
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!UnhookWinEvent                                              774CB750 5 Bytes  JMP 0011006C
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWindowsHookExW                                          774CE30C 5 Bytes  JMP 001100E4
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWinEventHook                                            774D24DC 5 Bytes  JMP 00110030
.text          C:\Windows\WindowsMobile\wmdc.exe[3580] USER32.dll!SetWindowsHookExA                                          774F6D0C 5 Bytes  JMP 001100A8
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] ntdll.dll!LdrUnloadDll                                  776BC8DE 5 Bytes  JMP 0015006C
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] ntdll.dll!LdrLoadDll                                    776C22B8 5 Bytes  JMP 00150030
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] kernel32.dll!SetUnhandledExceptionFilter                77393D01 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!UnhookWindowsHookEx                          774CADF9 5 Bytes  JMP 002F0120
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!UnhookWinEvent                                774CB750 5 Bytes  JMP 002F006C
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWindowsHookExW                            774CE30C 5 Bytes  JMP 002F00E4
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWinEventHook                              774D24DC 5 Bytes  JMP 002F0030
.text          E:\WINDOWS7\Programme\Real\Update\realsched.exe[3644] USER32.dll!SetWindowsHookExA                            774F6D0C 5 Bytes  JMP 002F00A8
.text          C:\Windows\system32\svchost.exe[3660] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\system32\svchost.exe[3660] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] ntdll.dll!LdrUnloadDll                                776BC8DE 5 Bytes  JMP 0016006C
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] ntdll.dll!LdrLoadDll                                  776C22B8 5 Bytes  JMP 00160030
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!UnhookWindowsHookEx                        774CADF9 5 Bytes  JMP 00190120
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!UnhookWinEvent                            774CB750 5 Bytes  JMP 0019006C
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWindowsHookExW                          774CE30C 5 Bytes  JMP 001900E4
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWinEventHook                            774D24DC 5 Bytes  JMP 00190030
.text          E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe[3784] USER32.dll!SetWindowsHookExA                          774F6D0C 5 Bytes  JMP 001900A8
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] ntdll.dll!LdrUnloadDll                              776BC8DE 5 Bytes  JMP 0016006C
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] ntdll.dll!LdrLoadDll                                776C22B8 5 Bytes  JMP 00160030
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!UnhookWindowsHookEx                      774CADF9 5 Bytes  JMP 001F0120
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!UnhookWinEvent                            774CB750 5 Bytes  JMP 001F006C
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWindowsHookExW                        774CE30C 5 Bytes  JMP 001F00E4
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWinEventHook                          774D24DC 5 Bytes  JMP 001F0030
.text          E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe[3912] USER32.dll!SetWindowsHookExA                        774F6D0C 5 Bytes  JMP 001F00A8
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] ntdll.dll!LdrUnloadDll          776BC8DE 5 Bytes  JMP 0016006C
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] ntdll.dll!LdrLoadDll            776C22B8 5 Bytes  JMP 00160030
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!UnhookWindowsHookEx  774CADF9 5 Bytes  JMP 00570120
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!UnhookWinEvent        774CB750 5 Bytes  JMP 0057006C
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWindowsHookExW    774CE30C 5 Bytes  JMP 005700E4
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWinEventHook      774D24DC 5 Bytes  JMP 00570030
.text          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3920] USER32.dll!SetWindowsHookExA    774F6D0C 5 Bytes  JMP 005700A8
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] ntdll.dll!LdrUnloadDll                                776BC8DE 5 Bytes  JMP 0016006C
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] ntdll.dll!LdrLoadDll                                  776C22B8 5 Bytes  JMP 00160030
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!UnhookWindowsHookEx                        774CADF9 5 Bytes  JMP 00500120
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!UnhookWinEvent                              774CB750 5 Bytes  JMP 0050006C
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWindowsHookExW                          774CE30C 5 Bytes  JMP 005000E4
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWinEventHook                            774D24DC 5 Bytes  JMP 00500030
.text          E:\WINDOWS7\Programme\IncrediMail\Bin\IncMail.exe[3936] USER32.dll!SetWindowsHookExA                          774F6D0C 5 Bytes  JMP 005000A8
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] ntdll.dll!LdrUnloadDll                          776BC8DE 5 Bytes  JMP 0016006C
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] ntdll.dll!LdrLoadDll                            776C22B8 5 Bytes  JMP 00160030
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!UnhookWindowsHookEx                  774CADF9 5 Bytes  JMP 001F0120
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!UnhookWinEvent                        774CB750 5 Bytes  JMP 001F006C
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWindowsHookExW                    774CE30C 5 Bytes  JMP 001F00E4
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWinEventHook                      774D24DC 5 Bytes  JMP 001F0030
.text          E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe[4000] USER32.dll!SetWindowsHookExA                    774F6D0C 5 Bytes  JMP 001F00A8
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] ntdll.dll!LdrUnloadDll                        776BC8DE 5 Bytes  JMP 0015006C
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] ntdll.dll!LdrLoadDll                          776C22B8 5 Bytes  JMP 00150030
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!UnhookWindowsHookEx                774CADF9 5 Bytes  JMP 001E0120
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!UnhookWinEvent                    774CB750 5 Bytes  JMP 001E006C
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWindowsHookExW                  774CE30C 5 Bytes  JMP 001E00E4
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWinEventHook                    774D24DC 5 Bytes  JMP 001E0030
.text          E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe[4012] user32.dll!SetWindowsHookExA                  774F6D0C 5 Bytes  JMP 001E00A8
.text          C:\Windows\System32\svchost.exe[5808] ntdll.dll!LdrUnloadDll                                                  776BC8DE 5 Bytes  JMP 0006006C
.text          C:\Windows\System32\svchost.exe[5808] ntdll.dll!LdrLoadDll                                                    776C22B8 5 Bytes  JMP 00060030
.text          C:\Windows\System32\svchost.exe[5808] USER32.dll!UnhookWindowsHookEx                                          774CADF9 5 Bytes  JMP 00400120
.text          C:\Windows\System32\svchost.exe[5808] USER32.dll!UnhookWinEvent                                                774CB750 5 Bytes  JMP 0040006C
.text          C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWindowsHookExW                                            774CE30C 5 Bytes  JMP 004000E4
.text          C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWinEventHook                                              774D24DC 5 Bytes  JMP 00400030
.text          C:\Windows\System32\svchost.exe[5808] USER32.dll!SetWindowsHookExA                                            774F6D0C 5 Bytes  JMP 004000A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]          [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]          [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]        [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2832] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]        [756FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                              hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                        hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

---- EOF - GMER 1.0.15 ----
--- --- ---

W7Helmi 17.03.2011 12:58
Hallo Arne!
Hier die 2. Log Datei
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 18:56:05 on 17.03.2011

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Helmut\AppData\Local\Temp\catchme.sys  (File not found)
"hc3ServiceName" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\DRIVERS\hotcore3.sys
"pgldrpob" (pgldrpob) - ? - C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys  (Hidden registry entry, rootkit activity | File not found)
"Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys
"Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys
"uxpatch" (uxpatch) - ? - C:\Windows\system32\drivers\uxpatch.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - "VSO Software SARL" - E:\WINDOWS7\PROGRA~1\VSOIMA~1\RSZShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Windows7\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - e:\windows7\programme\real\rpshell.dll
{F2185E5D-720E-4956-90D9-75F6AC141575} "SidebarIconHandler Class" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10n.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{45AD732C-2CE2-4666-B366-B2214AD57A49} "Subscribe in Desktop Sidebar" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{45AD732C-2CE2-4666-B366-B2214AD57A49} "Idea2 SidebarBrowserMonitor Class" - "Idea2" - E:\Windows7\Programme\Desktop Sidebar\sbhelp.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - E:\WINDOWS7\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Mouse.lnk" - ? - E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - E:\WINDOWS7\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"TL-WN321G Wireless Utility.lnk" - ? - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DMS-Kalenderchen" - "Daniel Manger Software" - "E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe" /autorun
"IncrediMail" - "IncrediMail, Ltd." - E:\WINDOWS7\Programme\IncrediMail\bin\IncMail.exe /c
"SIDEBAR" - "Idea2" - "E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe"
"Skype" - "Skype Technologies S.A." - "E:\WINDOWS7\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast5" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
"iKeyWorks" - "A4Tech Co.,Ltd." - e:\WINDOWS7\PROGRA~1\Tastatur\Ikeymain.exe
"LanguageShortcut" - ? - E:\WINDOWS7\Programme\PowerDVD\Language\Language.exe
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl" - "Cyberlink Corp." - E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe
"TkBellExe" - "RealNetworks, Inc." - "E:\WINDOWS7\Programme\Real\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON TX111 Series 32MonitorBI" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBFBI.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - E:\Windows7\Programme\MAGIX\Common\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NBService" (NBService) - "Nero AG" - E:\WINDOWS7\Programme\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"PIXMA Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"Ralink Registry Writer" (RalinkRegistryWriter) - ? - E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
"Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe
"Unsigned Themes" (UnsignedThemes) - "The Within Network, LLC" - C:\Windows\UnsignedThemesSvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

cosinus 17.03.2011 13:02
Und das von MBRCHeck?

W7Helmi 17.03.2011 13:05
So und hier der

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M1641
Logical Drives Mask: 0x009878fc

Kernel Drivers (total 212):
0x82C1E000 \SystemRoot\system32\ntkrnlpa.exe
0x83030000 \SystemRoot\system32\halmacpi.dll
0x80BC0000 \SystemRoot\system32\kdcom.dll
0x83228000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832AD000 \SystemRoot\system32\PSHED.dll
0x832BE000 \SystemRoot\system32\BOOTVID.dll
0x832C6000 \SystemRoot\system32\CLFS.SYS
0x83308000 \SystemRoot\system32\CI.dll
0x8A804000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A875000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A883000 \SystemRoot\system32\drivers\ACPI.sys
0x8A8CB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A8D4000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A8DC000 \SystemRoot\system32\drivers\pci.sys
0x8A906000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8A911000 \SystemRoot\System32\drivers\partmgr.sys
0x8A922000 \SystemRoot\system32\drivers\volmgr.sys
0x8A932000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A97D000 \SystemRoot\system32\drivers\nvraid.sys
0x8A99C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9C1000 \SystemRoot\system32\drivers\pciide.sys
0x8A9C8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A9D6000 \SystemRoot\System32\drivers\mountmgr.sys
0x833B3000 \SystemRoot\system32\drivers\vmbus.sys
0x8A9EC000 \SystemRoot\system32\drivers\winhv.sys
0x833DD000 \SystemRoot\system32\drivers\atapi.sys
0x83200000 \SystemRoot\system32\drivers\ataport.SYS
0x8AA11000 \SystemRoot\system32\drivers\nvstor.sys
0x8AA36000 \SystemRoot\system32\drivers\storport.sys
0x8AA7E000 \SystemRoot\system32\drivers\amdxata.sys
0x8AA87000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AABB000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AACC000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AC2B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AC56000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC69000 \SystemRoot\System32\Drivers\cng.sys
0x8ACC6000 \SystemRoot\System32\drivers\pcw.sys
0x8ACD4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8ACDD000 \SystemRoot\system32\drivers\ndis.sys
0x8AD94000 \SystemRoot\system32\drivers\NETIO.SYS
0x8ADD2000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AE18000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF62000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AF93000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8AF9C000 \SystemRoot\system32\drivers\volsnap.sys
0x8AFDB000 \SystemRoot\System32\Drivers\spldr.sys
0x8B017000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B044000 \SystemRoot\System32\Drivers\mup.sys
0x8B054000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B05C000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x8B061000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B093000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B0F1000 \SystemRoot\system32\drivers\cdrom.sys
0x8B110000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8B16E000 \SystemRoot\System32\Drivers\Null.SYS
0x8B175000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B17C000 \SystemRoot\System32\drivers\vga.sys
0x8B188000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B1A9000 \SystemRoot\System32\drivers\watchdog.sys
0x8B1B6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B1BE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B1C6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B1CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B1D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B1E7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B000000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B00C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90602000 \SystemRoot\system32\drivers\afd.sys
0x9065C000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x90661000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90693000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9069A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x906B9000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x906C9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x906DA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x906E8000 \SystemRoot\system32\DRIVERS\serial.sys
0x90702000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90715000 \SystemRoot\system32\drivers\vpcvmm.sys
0x9075C000 \SystemRoot\system32\drivers\termdd.sys
0x9076D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x907AE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x907B8000 \SystemRoot\system32\drivers\mssmbios.sys
0x907C2000 \SystemRoot\System32\drivers\discache.sys
0x90835000 \SystemRoot\system32\drivers\csc.sys
0x90899000 \SystemRoot\System32\Drivers\dfsc.sys
0x908B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x908BF000 \SystemRoot\System32\Drivers\aswSP.SYS
0x90907000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90928000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9093A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90944000 \SystemRoot\system32\drivers\i8042prt.sys
0x9095C000 \SystemRoot\system32\drivers\kbdclass.sys
0x90969000 \SystemRoot\system32\drivers\mouclass.sys
0x90976000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x90979000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90983000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x909CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x909DD000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9142C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91532000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91534000 \SystemRoot\system32\drivers\modem.sys
0x91541000 \SystemRoot\system32\drivers\1394ohci.sys
0x9156E000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x91E0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9288B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9288D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92944000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9297D000 \SystemRoot\system32\drivers\wmiacpi.sys
0x92986000 \SystemRoot\system32\drivers\CompositeBus.sys
0x92993000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x929A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x929BD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x929C8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x915C3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x915DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x929EA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x929F4000 \SystemRoot\system32\drivers\swenum.sys
0x90800000 \SystemRoot\system32\drivers\ks.sys
0x91417000 \SystemRoot\system32\drivers\umbus.sys
0x907CE000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x91E00000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x92E13000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x92E49000 \SystemRoot\system32\drivers\usbhub.sys
0x92E8D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x81E1F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92E9E000 \SystemRoot\system32\drivers\portcls.sys
0x81E00000 \SystemRoot\system32\drivers\drmk.sys
0x82490000 \SystemRoot\System32\win32k.sys
0x92ECD000 \SystemRoot\System32\drivers\Dxapi.sys
0x92ED7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92EE4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x92EEE000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x92F13000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x92F24000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x92F3B000 \SystemRoot\system32\drivers\usbccgp.sys
0x92F52000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92F5D000 \SystemRoot\System32\Drivers\StkAMini.sys
0x92F98000 \SystemRoot\System32\Drivers\STREAM.SYS
0x92FA6000 \SystemRoot\System32\Drivers\StkACamd.sys
0x8D62E000 \SystemRoot\System32\Drivers\StkAPin.sys
0x9AA00000 \SystemRoot\System32\Drivers\StkAPipe.sys
0x8D6A9000 \SystemRoot\System32\Drivers\StkASam.sys
0x8D6AE000 \SystemRoot\System32\Drivers\StkScan.sys
0x8D6B0000 \SystemRoot\system32\drivers\usbaudio.sys
0x826F0000 \SystemRoot\System32\TSDDD.dll
0x8D6C4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x82720000 \SystemRoot\System32\cdd.dll
0x8D6E8000 \SystemRoot\system32\DRIVERS\netr73.sys
0x8D776000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8D780000 \SystemRoot\system32\drivers\luafv.sys
0x8D79B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D7D3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8D7D6000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D7F0000 \??\C:\Windows\system32\drivers\uxpatch.sys
0x8D600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92FAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D610000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DC03000 \SystemRoot\system32\drivers\HTTP.sys
0x9DC88000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DCA1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DCB3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DCD6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DD11000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DD44000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xA0E1A000 \SystemRoot\system32\drivers\peauth.sys
0xA0EB1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0EBB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0EDC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0EE9000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0F38000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0F89000 \??\C:\Users\Helmut\AppData\Local\Temp\pgldrpob.sys
0x77C90000 \Windows\System32\ntdll.dll
0x476D0000 \Windows\System32\smss.exe
0x77ED0000 \Windows\System32\apisetschema.dll
0x00960000 \Windows\System32\autochk.exe
0x77EA0000 \Windows\System32\sechost.dll
0x77DD0000 \Windows\System32\user32.dll
0x77B90000 \Windows\System32\wininet.dll
0x779F0000 \Windows\System32\setupapi.dll
0x779B0000 \Windows\System32\ws2_32.dll
0x77990000 \Windows\System32\imm32.dll
0x77900000 \Windows\System32\clbcatq.dll
0x778F0000 \Windows\System32\lpk.dll
0x76CA0000 \Windows\System32\shell32.dll
0x76C10000 \Windows\System32\oleaut32.dll
0x76BC0000 \Windows\System32\gdi32.dll
0x76B90000 \Windows\System32\imagehlp.dll
0x76AE0000 \Windows\System32\rpcrt4.dll
0x76A40000 \Windows\System32\advapi32.dll
0x76A30000 \Windows\System32\nsi.dll
0x76990000 \Windows\System32\usp10.dll
0x76790000 \Windows\System32\iertutil.dll
0x76780000 \Windows\System32\normaliz.dll
0x76620000 \Windows\System32\ole32.dll
0x765D0000 \Windows\System32\Wldap32.dll
0x764F0000 \Windows\System32\kernel32.dll
0x76420000 \Windows\System32\msctf.dll
0x763A0000 \Windows\System32\comdlg32.dll
0x762F0000 \Windows\System32\msvcrt.dll
0x762E0000 \Windows\System32\psapi.dll
0x76280000 \Windows\System32\shlwapi.dll
0x76220000 \Windows\System32\difxapi.dll
0x760E0000 \Windows\System32\urlmon.dll
0x760B0000 \Windows\System32\cfgmgr32.dll
0x76060000 \Windows\System32\KernelBase.dll
0x76030000 \Windows\System32\wintrust.dll
0x75F10000 \Windows\System32\crypt32.dll
0x75E80000 \Windows\System32\comctl32.dll
0x75E60000 \Windows\System32\devobj.dll
0x75E50000 \Windows\System32\msasn1.dll

Processes (total 63):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
476 csrss.exe
528 C:\Windows\System32\wininit.exe
536 csrss.exe
588 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
896 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1108 C:\Windows\UnsignedThemesSvc.exe
1244 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\nvvsvc.exe
1432 C:\Windows\System32\svchost.exe
1556 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1564 C:\Windows\System32\wlanext.exe
1572 C:\Windows\System32\conhost.exe
1932 C:\Windows\System32\spoolsv.exe
1960 C:\Windows\System32\svchost.exe
112 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
336 C:\Windows\System32\svchost.exe
376 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
688 E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
980 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1320 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\StkASv2K.exe
2044 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2356 C:\Windows\System32\SearchIndexer.exe
2468 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2776 C:\Windows\System32\taskhost.exe
3100 C:\Windows\System32\dwm.exe
3124 C:\Windows\explorer.exe
3224 C:\Windows\RtHDVCpl.exe
3276 E:\WINDOWS7\Programme\PowerDVD\PDVDServ.exe
3420 E:\WINDOWS7\Programme\Tastatur\Ikeymain.exe
3428 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3436 C:\Windows\WindowsMobile\wmdc.exe
3512 E:\WINDOWS7\Programme\Real\Update\realsched.exe
3548 C:\Windows\System32\svchost.exe
3604 E:\WINDOWS7\Programme\Desktop Sidebar\dsidebar.exe
3792 E:\WINDOWS7\Programme\Kalenderchen\Kalenderchen.exe
3800 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3884 E:\WINDOWS7\Programme\TP-LINK\TL-WN321G\COMMON\TWCU.exe
3896 E:\WINDOWS7\Programme\Dexxa Optical Mouse\1.0\LwbWheel.exe
1472 C:\Program Files\Windows Media Player\wmpnetwk.exe
2880 C:\Windows\System32\svchost.exe
5052 C:\Windows\System32\ctfmon.exe
5340 C:\Windows\System32\svchost.exe
4344 E:\WINDOWS7\Programme\wincmd\TOTALCMD.EXE
3852 C:\Windows\System32\notepad.exe
2496 C:\Windows\System32\SearchProtocolHost.exe
6100 C:\Windows\System32\SearchFilterHost.exe
6072 C:\Windows\System32\audiodg.exe
1384 C:\Windows\System32\SearchProtocolHost.exe
4192 C:\Users\Helmut\Desktop\MBRCheck.exe
4076 C:\Windows\System32\conhost.exe
4056 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000019`c96b3000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f2cc00 (NTFS)
\\.\T: --> \\.\PhysicalDrive1 at offset 0x00000019`c96b3000 (NTFS)
\\.\U: --> \\.\PhysicalDrive1 at offset 0x0000000e`a6094200 (NTFS)

PhysicalDrive1 Model Number: ST3320418AS, Rev: CC34
PhysicalDrive0 Model Number: HitachiHDT721032SLA, Rev: ST2O

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 68C8C0C1F59FD889308063DD988B627F09D7FC53
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DE42B38757D6CB4D1DD813AD80BD373EE99BA5B9


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

W7Helmi 17.03.2011 13:23
Hallo Arne!
ast du schon mal dieses hier gelesen?
Ein bisschen Datenschutz für Google Analytics [Update] | heise Security
Vielleicht kannst du damit was anfangen.
Ich versteh das ned so ganz!

W7Helmi 17.03.2011 13:28
Ein bisschen Datenschutz für Google Analytics [Update] | heise Security

W7Helmi 17.03.2011 13:30
Sorry jetzt müßte es passen:
Ein bisschen Datenschutz für Google Analytics [Update] | heise Security

cosinus 17.03.2011 14:23
Hast du die Umleitungen noch? MBRCheck findet einen Fake-MBR, der TDSS-Killer von Kaspersky sagt es wäre alles ok.
Notfalls müssen wir den MBR neu schreiben. Dazu brauchst du eine Win7-DVD.

W7Helmi 17.03.2011 14:28
Was meinst du mit Umleitungen?
Win7 DVD habe ich!

W7Helmi 17.03.2011 14:49
Arne folgendes zur Erklärung:
Ich habe auf meinem Rechner 2 Festplatten drauf mit je 3 Partitionen. Das Primäre System war Win XP Home (dzt D:) und danach installierte ich die W7 Prof (32 Bit) in die 2. HD (dzt c:) und W7 Prof (64 Bit) (dzt u:) Auf der alten Partition von XP befindet sich auch der Bootmanager von W7 der sowohl XP als auch W7 (32 od. 64 Bit) auswählen lässt. Ich verwende ausschließlich W7 32 Bit und die anderen Systeme habe ich schon Monate nicht mehr aufgerufen. Auf den anderen 3 Partitionen habe ich nur Daten wie Bilder etc. Ich sage es dir nur damit du dir ein Bild machen kannst.

cosinus 17.03.2011 15:13
Sry Umleitung war der falsche begriff :schmoll:
Hast du überhaupt noch Probleme? Wird Google-Analytics bei dir immer noch von Avast angezeigt? Wenn ja, könnte man mal
Code:
127.0.0.1 www.google-analytics.com
in die Hostsdatei eintragen, damit fortan dein Rechner diese "böse" Seite nicht mehr aufrufen kann :pfeiff:

W7Helmi 17.03.2011 15:23
Ja klar kommt die Meldung immer noch fast bei jedem Aufruf einer Internetseite und das auf allen Rechnern die miteinander vernetzt sind. Zb am Laptop mit W7 und 2 Rechner mit XP überall avast drauf und überall die selbe Meldung. Ich habe Euren Artikel unten gelesen (Ähnliche Themen - Google Analytics) und bin mir da ned so sicher ob das überhaupt ein Virus etc. ist.
Was meinst du mit dem Eintrag in der Hostdatei??

W7Helmi 17.03.2011 15:30
Sorry ich muss dann leider weg und lese dann morgen wieder.
VIELEN DANK

cosinus 17.03.2011 19:31
Man kann auch mal selber recherchieren :pfeiff:

Hosts-Datei ? Wikipedia

W7Helmi 18.03.2011 10:09
Hallo Arne!
Wie meinst du das mit dem selbst recherchieren?
ich habe von Google die antwort bekommen:

Das ist nicht die URL die Google für Analytics verwendet
google-analytics.com/ga.jsI

Die korrekte URL wäre:
google-analytics.com/ga.js

Infektion: HTMLIframe-inf
Außerdem verwendet Google Analytics keine iFrames


Also kannst du davon ausgehen das die Avastmeldung zu recht besteht.
Wenn diese Meldung von deiner Seite kommt, dann wurde die Webseite gehackt.
Kommt diese Warnung auch mit anderen Webseiten, oder anderen Browsern, so hast du den Schädling auf deinem Rechner.

Soweit von Google
Ich habe diese Meldung auch bei Firefox und wie gesagt auf allen Rechnern die im Netz sind. Gibt es noch Hilfe außer Neuinstallation aller Systeme welches ein Wahnsinn wäre?

Lg Helmut

cosinus 18.03.2011 13:14
Zitat:
Ich habe diese Meldung auch bei Firefox und wie gesagt auf allen Rechnern die im Netz sind.
Hast du einen Router, bei dem das Standardpasswort nicht verändert wurde?
Wenn ja, setz den auf Werkseinstellungen zurück und vergib ein sicheres Adminpasswort!

W7Helmi 19.03.2011 04:04
Hallo Arne!
Ich habe versucht in den Router zu kommen aber das Passwort stimmt nicht mehr, somit kann deine Vermutung stimmen.
Ich werde in den nächsten Tagen die Telekom kontaktieren (wegen Konfiguration etc.)und dir dann weiter berichten.
Vorerst mal recht herzlichen Dank.
Lg
Helmut

cosinus 19.03.2011 13:30
Ein Reset des Routers auf Werkseinstellungen sollte auch helfen. Danach musst du aber alle Einstellungen wieder tätigen wie Zugangsdaten, WLAN-Verschlüsselung oder Deaktivierung vn WLAN falls du das nicht brauchst und natürlich setzen eines neuen sicheren Passworts für den Router.

W7Helmi 09.04.2011 02:24
Hallo Arne!
Gestern war endlich ein Techniker der Internetfirma hier und hat den Router neu aufgesetzt da dieser anscheinend mit Viren verseucht war. Man konnte in den Router nicht mehr reinkommen, jegliches Passwort wurde anscheinend durch den Virus gelöscht. Nach dem Neuaufsetzen sind bisher alle Probleme beseitigt. Auch ein Scan mit Maleware hat kein Ergebnis mehr gebracht und denke das das Problem somit beseitigt ist.
Ich bedanke mich für Deine Hilfe. VIELEN DANK
Lg
Helmut

cosinus 09.04.2011 14:54
Den Router kann man nicht neu aufsetzen. Da gibt es nichts zu formatieren. Man kann ihn höchstens in den Werkszustand zurücksetzen.
Virenbefall kann so ein Router eigentlich auch schlecht haben, Windows-Schädlinge laufen nicht auf einem Router, denn die führen idR ein speziell angepasstest Linux oder ähnliche OS aus.

W7Helmi 10.04.2011 03:30
Keine Ahnung was er da genau gemacht hat, Tatsache ist aber seit dem er den Router so 30 min bearbeitet hat ist weder die Trojanermeldung noch sonstiges auf ALLEN Rechnern vorgekommen, also Fazit: Es muss etwas am Router gewesen sein und trotzdem denke ich das er den Router neu aufgesetzt hat sonst hätte er ned ALLE Zugangsdaten inkl. WLan Passwörter etc. von mir gebraucht. Egal wie es auch sei es funktioniert und das ist mir das wichtigste.
Lg
Helmut


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:05 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130