Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart (https://www.trojaner-board.de/97667-tr-crypt-xpack-gen-laptop-gefunden-komische-ausfuehrungen-autostart.html)

Floppar 18.04.2011 20:25
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart
 
Guten Tag,

mich hat es heute auch mit einem "Trojaner" bzw Virus erwischt.
Und zwar hab ich vorhin diese Meldung von meinem Antivir bekommen:
Die Datei 'C:\Users\Fireball\AppData\Local\Temp\mnrcxsweao.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a09291b.qua' verschoben!

Seitdem spinnt mein Laptop total!
- Sachen auf dem Desktop wurden als versteckt makiert
- Komische Einträge im Systemstart (Uquajaneyule - Realtek HD Audio Coinstaller usw.)
Was gibts da für Möglichkeiten bzw was sollte ich tun?!

Lasse gerade nochmal Antiwir + Malwarebytes drüber laufen und hoffe das die vlt noch mehr Infos preisgeben.

Danke schonmal für die Hilfe

kira 18.04.2011 20:32
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

Zitat:
Malware versucht die Arbeit mit dem Computer zu erschweren: z.B. wenn Du auf von mir angegebenen Link klickst, kann es sein, dass Du dann automatisch auf eine gefälschte Seite weitergeleitet wirst.
In diesem Fall bitte möglichst sofortige Rückmeldung!
Ich mach dir einen Vorschlag:
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf "Restore bzw systemwiederherstellung" markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

5.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

6.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt pr

Floppar 18.04.2011 22:25
Kurze Zwischeninfo:

Also die SWH funktioniert nicht richtig.. Kommt immer eine Fehlermeldung von wegen ein Antivirenprogamm sei am laufen, obwohl alle deaktiviert sind.
Also auf der einen Seite sind jetzt einige Einträge aus dem Autostart weg aber ich hab trotzdem immer wieder eine *.dll Datei im Autostart die sich "realtek audio coinstaller" schimpft und der Befehl von einer ewehixusoya.dll aus dem Appdata/Local Ordner kommt.
(Hab die File mal per abgesichertem Modus gelöscht)
GMER Logfile:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 22:38:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001
Running: gmer.exe; Driver: C:\Users\Fireball\AppData\Local\Temp\kwliakow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwSaveKey + 13CD                                                                                      8308B9C9 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              830AB512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\spus.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text          C:\windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x92C29000, 0x2DEB7A, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                              932A6CA0 5 Bytes  JMP 872914E0
.text          ar6gya0l.SYS                                                                                                        93E17000 12 Bytes  [44, 48, 02, 83, EE, 46, 02, ...]
.text          ar6gya0l.SYS                                                                                                        93E1700D 9 Bytes  [27, 02, 83, 48, 4B, 02, 83, ...] {DAA ; ADD AL, [EBX-0x7cfdb4b8]; ADD [EAX], AL}
.text          ar6gya0l.SYS                                                                                                        93E17017 20 Bytes  [00, DE, A7, B1, 8B, E6, A5, ...]
.text          ar6gya0l.SYS                                                                                                        93E1702C 58 Bytes  [00, 00, 00, 00, 00, 68, 08, ...]
.text          ar6gya0l.SYS                                                                                                        93E17067 90 Bytes  [83, 64, AC, 08, 83, 20, 81, ...]
.text          ...                                                                                                               

---- User code sections - GMER 1.0.15 ----

.text          C:\windows\system32\Dwm.exe[2444] ntdll.dll!NtCreateUserProcess                                                    77AB5778 5 Bytes  JMP 006A4B7A
.text          C:\windows\system32\Dwm.exe[2444] ntdll.dll!LdrLoadDll                                                              77AD22B8 5 Bytes  JMP 006A4CA9
.text          C:\windows\system32\Dwm.exe[2444] kernel32.dll!GetFileAttributesExW                                                770D273D 5 Bytes  JMP 006A4D4B
.text          C:\windows\system32\Dwm.exe[2444] USER32.dll!TranslateMessage                                                      77BE64C7 5 Bytes  JMP 006A38C4
.text          C:\windows\system32\Dwm.exe[2444] USER32.dll!GetClipboardData                                                      77BF2BA7 5 Bytes  JMP 006A3A2A
.text          C:\windows\system32\Dwm.exe[2444] CRYPT32.dll!PFXImportCertStore                                                    75DE0DDC 5 Bytes  JMP 006A35DE
.text          C:\windows\system32\Dwm.exe[2444] WS2_32.dll!closesocket                                                            75F73918 5 Bytes  JMP 00693FA0
.text          C:\windows\system32\Dwm.exe[2444] WS2_32.dll!WSASend                                                                75F74406 5 Bytes  JMP 00693FF9
.text          C:\windows\system32\Dwm.exe[2444] WS2_32.dll!send                                                                  75F76F01 5 Bytes  JMP 00693FD8
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpQueryInfoA                                                        7725A33E 5 Bytes  JMP 006A717F
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetCloseHandle                                                  7725AB49 5 Bytes  JMP 006A7087
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFile                                                      7725B406 5 Bytes  JMP 006A70CA
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetQueryDataAvailable                                            77265E5D 5 Bytes  JMP 006A7153
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestW                                                      7726BA12 5 Bytes  JMP 006A6EA7
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExW                                                    77274A3D 5 Bytes  JMP 006A6F4F
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!InternetReadFileExA                                                  7728AE5E 5 Bytes  JMP 006A7109
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestExA                                                    772D189E 5 Bytes  JMP 006A6FEB
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA                                                      772D1984 2 Bytes  JMP 006A6EFB
.text          C:\windows\system32\Dwm.exe[2444] WININET.dll!HttpSendRequestA + 3                                                  772D1987 2 Bytes  [3D, 89]
.text          C:\windows\system32\taskhost.exe[2452] ntdll.dll!NtCreateUserProcess                                                77AB5778 5 Bytes  JMP 017E4B7A
.text          C:\windows\system32\taskhost.exe[2452] ntdll.dll!LdrLoadDll                                                        77AD22B8 5 Bytes  JMP 017E4CA9
.text          C:\windows\system32\taskhost.exe[2452] kernel32.dll!GetFileAttributesExW                                            770D273D 5 Bytes  JMP 017E4D4B
.text          C:\windows\system32\taskhost.exe[2452] USER32.dll!TranslateMessage                                                  77BE64C7 5 Bytes  JMP 017E38C4
.text          C:\windows\system32\taskhost.exe[2452] USER32.dll!GetClipboardData                                                  77BF2BA7 5 Bytes  JMP 017E3A2A
.text          C:\windows\system32\taskhost.exe[2452] WS2_32.dll!closesocket                                                      75F73918 5 Bytes  JMP 017D3FA0
.text          C:\windows\system32\taskhost.exe[2452] WS2_32.dll!WSASend                                                          75F74406 5 Bytes  JMP 017D3FF9
.text          C:\windows\system32\taskhost.exe[2452] WS2_32.dll!send                                                              75F76F01 5 Bytes  JMP 017D3FD8
.text          C:\windows\system32\taskhost.exe[2452] CRYPT32.dll!PFXImportCertStore                                              75DE0DDC 5 Bytes  JMP 017E35DE
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpQueryInfoA                                                  7725A33E 5 Bytes  JMP 017E717F
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetCloseHandle                                              7725AB49 5 Bytes  JMP 017E7087
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFile                                                7725B406 5 Bytes  JMP 017E70CA
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetQueryDataAvailable                                      77265E5D 5 Bytes  JMP 017E7153
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestW                                                7726BA12 5 Bytes  JMP 017E6EA7
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExW                                              77274A3D 5 Bytes  JMP 017E6F4F
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!InternetReadFileExA                                              7728AE5E 5 Bytes  JMP 017E7109
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestExA                                              772D189E 5 Bytes  JMP 017E6FEB
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA                                                772D1984 2 Bytes  JMP 017E6EFB
.text          C:\windows\system32\taskhost.exe[2452] WININET.dll!HttpSendRequestA + 3                                            772D1987 2 Bytes  [51, 8A]
.text          C:\windows\Explorer.EXE[2528] ntdll.dll!NtCreateUserProcess                                                        77AB5778 5 Bytes  JMP 02AD4B7A
.text          C:\windows\Explorer.EXE[2528] ntdll.dll!LdrLoadDll                                                                  77AD22B8 5 Bytes  JMP 02AD4CA9
.text          C:\windows\Explorer.EXE[2528] kernel32.dll!GetFileAttributesExW                                                    770D273D 5 Bytes  JMP 02AD4D4B
.text          C:\windows\Explorer.EXE[2528] USER32.dll!TranslateMessage                                                          77BE64C7 5 Bytes  JMP 02AD38C4
.text          C:\windows\Explorer.EXE[2528] USER32.dll!GetClipboardData                                                          77BF2BA7 5 Bytes  JMP 02AD3A2A
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpQueryInfoA                                                            7725A33E 5 Bytes  JMP 02AD717F
.text          C:\windows\Explorer.EXE[2528] WININET.dll!InternetCloseHandle                                                      7725AB49 5 Bytes  JMP 02AD7087
.text          C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFile                                                          7725B406 5 Bytes  JMP 02AD70CA
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersA                                                    7725DCD2 5 Bytes  JMP 001F18D5
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpAddRequestHeadersW                                                    77264FAE 5 Bytes  JMP 001F1A9D
.text          C:\windows\Explorer.EXE[2528] WININET.dll!InternetQueryDataAvailable                                                77265E5D 5 Bytes  JMP 02AD7153
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestW                                                          7726BA12 5 Bytes  JMP 02AD6EA7
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExW                                                        77274A3D 5 Bytes  JMP 02AD6F4F
.text          C:\windows\Explorer.EXE[2528] WININET.dll!InternetReadFileExA                                                      7728AE5E 5 Bytes  JMP 02AD7109
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestExA                                                        772D189E 5 Bytes  JMP 02AD6FEB
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA                                                          772D1984 2 Bytes  JMP 02AD6EFB
.text          C:\windows\Explorer.EXE[2528] WININET.dll!HttpSendRequestA + 3                                                      772D1987 2 Bytes  [80, 8B]
.text          C:\windows\Explorer.EXE[2528] CRYPT32.dll!PFXImportCertStore                                                        75DE0DDC 5 Bytes  JMP 02AD35DE
.text          C:\windows\Explorer.EXE[2528] WS2_32.dll!closesocket                                                                75F73918 5 Bytes  JMP 02AC3FA0
.text          C:\windows\Explorer.EXE[2528] WS2_32.dll!WSASend                                                                    75F74406 5 Bytes  JMP 02AC3FF9
.text          C:\windows\Explorer.EXE[2528] WS2_32.dll!send                                                                      75F76F01 5 Bytes  JMP 02AC3FD8
.text          C:\Windows\System32\rundll32.exe[2844] ntdll.dll!NtCreateUserProcess                                                77AB5778 5 Bytes  JMP 015B4B7A
.text          C:\Windows\System32\rundll32.exe[2844] ntdll.dll!LdrLoadDll                                                        77AD22B8 5 Bytes  JMP 015B4CA9
.text          C:\Windows\System32\rundll32.exe[2844] kernel32.dll!GetFileAttributesExW                                            770D273D 5 Bytes  JMP 015B4D4B
.text          C:\Windows\System32\rundll32.exe[2844] USER32.dll!TranslateMessage                                                  77BE64C7 5 Bytes  JMP 015B38C4
.text          C:\Windows\System32\rundll32.exe[2844] USER32.dll!GetClipboardData                                                  77BF2BA7 5 Bytes  JMP 015B3A2A
.text          C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!closesocket                                                      75F73918 5 Bytes  JMP 015A3FA0
.text          C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!WSASend                                                          75F74406 5 Bytes  JMP 015A3FF9
.text          C:\Windows\System32\rundll32.exe[2844] WS2_32.dll!send                                                              75F76F01 5 Bytes  JMP 015A3FD8
.text          C:\Windows\System32\rundll32.exe[2844] CRYPT32.dll!PFXImportCertStore                                              75DE0DDC 5 Bytes  JMP 015B35DE
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpQueryInfoA                                                  7725A33E 5 Bytes  JMP 015B717F
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetCloseHandle                                              7725AB49 5 Bytes  JMP 015B7087
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFile                                                7725B406 5 Bytes  JMP 015B70CA
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetQueryDataAvailable                                      77265E5D 5 Bytes  JMP 015B7153
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestW                                                7726BA12 5 Bytes  JMP 015B6EA7
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExW                                              77274A3D 5 Bytes  JMP 015B6F4F
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!InternetReadFileExA                                              7728AE5E 5 Bytes  JMP 015B7109
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestExA                                              772D189E 5 Bytes  JMP 015B6FEB
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA                                                772D1984 2 Bytes  JMP 015B6EFB
.text          C:\Windows\System32\rundll32.exe[2844] WININET.dll!HttpSendRequestA + 3                                            772D1987 2 Bytes  [2E, 8A]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                  [8BA40C4C] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                      [8BA40CA0] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8BA10042] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                          [8BA106D6] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8BA10800] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                    [8BA1013E] \SystemRoot\System32\Drivers\spus.sys
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortQuerySystemTime]                                      78800C75
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortUchar]                                        06750015
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                        005AB7E8
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortRequestCallback]                                      CCCC0008
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteRequest]                                      CCCCCCCC
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortEtwTraceLog]                                          800C5D8B
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                            7500117B
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortGetDeviceBase]                                        56587500
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[ataport.SYS!AtaPortDeviceStateChange]                                    8008758B
IAT            \SystemRoot\System32\Drivers\ar6gya0l.SYS[NTOSKRNL.exe!KeTickCount]                                                78801875

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]            [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[2844] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]              [75AFFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              863181F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                856521F8
Device          \Driver\ACPI_HAL \Device\00000050                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    872921F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC}                                            8724A1F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    86372500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    872921F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    86372500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        87092500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{757227C0-FB57-48ED-A716-ADDEAE82F2D3}                                            8724A1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                      [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                      [8BCD5360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        87092500
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              856521F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{1BC72468-10FD-4771-992B-EF2F7347F383}                                            8724A1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            8724A1F8
Device          \Driver\PCI_PNP1623 \Device\0000005e                                                                                spus.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    872921F8
Device          \Driver\sptd \Device\1512981624                                                                                    spus.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    872921F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    86372500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    872921F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    872921F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    86372500
Device          \Driver\ar6gya0l \Device\Scsi\ar6gya0l1Port1Path0Target0Lun0                                                        873521F8
Device          \Driver\ar6gya0l \Device\Scsi\ar6gya0l1                                                                            873521F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:300]                                                                                                      86F23E7A
Thread          System [4:304]                                                                                                      86F26008

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6bb2                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea93e9                                       
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xFA 0x4C 0xA5 0xE0 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x5D 0x27 0xFF 0x65 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x96 0x39 0x52 0xFC ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6bb2 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea93e9 (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xFA 0x4C 0xA5 0xE0 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x5D 0x27 0xFF 0x65 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x96 0x39 0x52 0xFC ...

---- EOF - GMER 1.0.15 ----
Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: ST950032 rev.0001 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
kernel: MBR read successfully
user & kernel MBR OK
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:59, on 18.04.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
D:\Downloads\mbam-setup.exe
C:\Users\Fireball\AppData\Local\Temp\is-P1NH7.tmp\mbam-setup.tmp
D:\Downloads\HijackThis.exe
C:\windows\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Egiqa] rundll32.exe "C:\Users\Fireball\AppData\Local\ewehixusoya.dll",Startup
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89FD7D1-41CD-4404-9EF0-572D9CD6FEAC}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BC72468-10FD-4771-992B-EF2F7347F383}: NameServer = 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5950 bytes
Code:
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7601]
 
 
C:

      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  18.04.2011 23:23    C:\Windows --------- 32768 
  18.04.2011 23:22    C:\ProgramData --------- 8192 
  18.04.2011 22:46    C:\System Volume Information --------- 24576 
  18.04.2011 22:46    C:\mbr.log --------- 309 
  18.04.2011 21:42    C:\Program Files --------- 28672 
  14.10.2010 21:51    C:\MSOCache --------- 0 
  26.01.2010 17:45    C:\$Recycle.Bin --------- 4096 
  26.11.2009 12:03    C:\IO.SYS --------- 0 
  26.11.2009 12:03    C:\MSDOS.SYS --------- 0 
  01.11.2009 23:00    C:\Users --------- 4096 
  29.10.2009 13:04    C:\Recovery --------- 0 
  07.10.2009 11:52    C:\Intel --------- 0 
  14.07.2009 06:53    C:\Documents and Settings --------- 0 
  14.07.2009 04:37    C:\PerfLogs --------- 0 
  10.06.2009 23:42    C:\config.sys --------- 10 
  10.06.2009 23:42    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\windows

  18.04.2011 23:23    C:\windows\setupact.log --------- 168 
  18.04.2011 23:23    C:\windows\bootstat.dat --------- 67584 
  18.04.2011 23:27    C:\windows\WindowsUpdate.log --------- 1650501 
  18.04.2011 22:52    C:\windows\setuperr.log --------- 0 
  20.11.2010 14:21    C:\windows\twain_32.dll --------- 51200 
  20.11.2010 14:17    C:\windows\explorer.exe --------- 2616320 
  20.11.2010 14:16    C:\windows\bfsvc.exe --------- 65024 
  04.05.2010 14:15    C:\windows\wininit.ini --------- 182 
  04.05.2010 08:02    C:\windows\win.ini --------- 510 
  17.04.2010 01:45    C:\windows\WLXPGSS.SCR --------- 307056 
  25.11.2009 02:36    C:\windows\Sfc3ng.INI --------- 604 
  13.11.2009 17:09    C:\windows\hmview.ini --------- 46 
  08.11.2009 17:20    C:\windows\Irremote.ini --------- 4767 
  29.10.2009 13:22    C:\windows\HotFixList.ini --------- 2 
  08.10.2009 03:48    C:\windows\ativpsrm.bin --------- 0 
  07.10.2009 12:16    C:\windows\Csup.txt --------- 10 
  17.09.2009 21:00    C:\windows\SetLCDStretchMode.exe --------- 345600 
  18.08.2009 18:16    C:\windows\RtlExUpd.dll --------- 831488 
  28.07.2009 12:37    C:\windows\atiogl.xml --------- 18632 
  14.07.2009 06:41    C:\windows\WindowsShell.Manifest --------- 749 
  14.07.2009 03:14    C:\windows\write.exe --------- 9216 
  14.07.2009 03:14    C:\windows\winhlp32.exe --------- 9728 
  14.07.2009 03:14    C:\windows\twunk_32.exe --------- 31232 
  14.07.2009 03:14    C:\windows\regedit.exe --------- 398336 
  14.07.2009 03:14    C:\windows\notepad.exe --------- 179712 
  14.07.2009 03:14    C:\windows\hh.exe --------- 15360 
  14.07.2009 03:14    C:\windows\HelpPane.exe --------- 497152 
  14.07.2009 03:14    C:\windows\fveupdate.exe --------- 13824 
  14.07.2009 00:58    C:\windows\mib.bin --------- 43131 
  10.06.2009 23:46    C:\windows\system.ini --------- 219 
  10.06.2009 23:42    C:\windows\_default.pif --------- 707 
  10.06.2009 23:42    C:\windows\winhelp.exe --------- 256192 
  10.06.2009 23:41    C:\windows\twunk_16.exe --------- 49680 
  10.06.2009 23:41    C:\windows\twain.dll --------- 94784 
  10.06.2009 23:34    C:\windows\WMSysPr9.prx --------- 316640 
  10.06.2009 23:19    C:\windows\msdfmap.ini --------- 1405 
  10.06.2009 23:14    C:\windows\Starter.xml --------- 48201 
  10.06.2009 23:14    C:\windows\HomePremium.xml --------- 48265 
  09.06.2009 23:28    C:\windows\agrsmdel.exe --------- 64000 
  15.04.2009 04:21    C:\windows\SetDisplayResolution.exe --------- 307200 
  19.12.2008 21:04    C:\windows\SetDisplayResolutionNP.xml --------- 3282 
  19.12.2008 21:04    C:\windows\SetDisplayResolutionDT.xml --------- 3282 
----------------------------------------

 
C:\windows\System

 13.07.2009 23:41      C:\windows\System\OLESVR.DLL --------- 24064
 13.07.2009 23:41      C:\windows\System\WFWNET.DRV --------- 12704
 13.07.2009 23:41      C:\windows\System\COMMDLG.DLL --------- 32816
 13.07.2009 23:41      C:\windows\System\TIMER.DRV --------- 4048
 13.07.2009 23:41      C:\windows\System\MMSYSTEM.DLL --------- 68992
 13.07.2009 23:41      C:\windows\System\mmtask.tsk --------- 1152
 13.07.2009 23:41      C:\windows\System\mouse.drv --------- 2032
 13.07.2009 23:41      C:\windows\System\vga.drv --------- 2176
 13.07.2009 23:41      C:\windows\System\sound.drv --------- 1744
 13.07.2009 23:41      C:\windows\System\keyboard.drv --------- 2000
 13.07.2009 23:41      C:\windows\System\SHELL.DLL --------- 5120
 13.07.2009 23:41      C:\windows\System\system.drv --------- 3360
 10.06.2009 23:42      C:\windows\System\ver.dll --------- 9008
 10.06.2009 23:42      C:\windows\System\olecli.dll --------- 82944
 10.06.2009 23:42      C:\windows\System\lzexpand.dll --------- 9936
 10.06.2009 23:25      C:\windows\System\stdole.tlb --------- 5532
 10.06.2009 23:21      C:\windows\System\msvideo.dll --------- 126912
 10.06.2009 23:21      C:\windows\System\mciwave.drv --------- 28160
 10.06.2009 23:21      C:\windows\System\mciseq.drv --------- 25264
 10.06.2009 23:21      C:\windows\System\mciavi.drv --------- 73376
 10.06.2009 23:21      C:\windows\System\avifile.dll --------- 109456
 10.06.2009 23:21      C:\windows\System\avicap.dll --------- 69584
----------------------------------------

 
C:\windows\System32

 18.04.2011 23:31    C:\windows\system32\drivers --------- 65536 
 18.04.2011 23:30    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14512 
 18.04.2011 23:30    C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14512 
 18.04.2011 23:23    C:\windows\system32\config --------- 24576 
 18.04.2011 23:23    C:\windows\system32\wbem --------- 65536 
 18.04.2011 23:22    C:\windows\system32\AdvancedInstallers --------- 0 
 18.04.2011 23:21    C:\windows\system32\Boot --------- 0 
 18.04.2011 23:21    C:\windows\system32\catroot2 --------- 24576 
 18.04.2011 23:21    C:\windows\system32\CodeIntegrity --------- 0 
 18.04.2011 23:21    C:\windows\system32\da-DK --------- 0 
 18.04.2011 23:21    C:\windows\system32\cs-CZ --------- 0 
 18.04.2011 23:21    C:\windows\system32\de-DE --------- 262144 
 18.04.2011 23:21    C:\windows\system32\Dism --------- 0 
 18.04.2011 23:21    C:\windows\system32\DriverStore --------- 4096 
 18.04.2011 23:21    C:\windows\system32\es-ES --------- 0 
 18.04.2011 23:21    C:\windows\system32\manifeststore --------- 0 
 18.04.2011 23:21    C:\windows\system32\migration --------- 0 
 18.04.2011 23:21    C:\windows\system32\migwiz --------- 4096 
 18.04.2011 23:21    C:\windows\system32\MUI --------- 0 
 18.04.2011 23:21    C:\windows\system32\oobe --------- 0 
 18.04.2011 23:21    C:\windows\system32\Setup --------- 0 
 18.04.2011 23:21    C:\windows\system32\Speech --------- 0 
 18.04.2011 23:21    C:\windows\system32\spp --------- 0 
 18.04.2011 23:21    C:\windows\system32\SPReview --------- 0 
 18.04.2011 23:21    C:\windows\system32\sppui --------- 0 
 18.04.2011 23:21    C:\windows\system32\sysprep --------- 0 
 18.04.2011 23:21    C:\windows\system32\XPSViewer --------- 0 
 18.04.2011 22:41    C:\windows\system32\mbr.log --------- 309 
 18.04.2011 21:43    C:\windows\system32\Tasks --------- 4096 
 18.04.2011 21:37    C:\windows\system32\mbr.exe --------- 89088 
 18.04.2011 21:03    C:\windows\system32\perfh009.dat --------- 708078 
 18.04.2011 21:03    C:\windows\system32\perfc009.dat --------- 143082 
 18.04.2011 21:03    C:\windows\system32\perfh007.dat --------- 764762 
 18.04.2011 21:03    C:\windows\system32\perfc007.dat --------- 176878 
 18.04.2011 21:03    C:\windows\system32\PerfStringBackup.INI --------- 1790536 
 16.04.2011 14:24    C:\windows\system32\catroot --------- 4096 
 15.04.2011 12:39    C:\windows\system32\FNTCACHE.DAT --------- 411504 
 15.04.2011 12:32    C:\windows\system32\msclmd.dll --------- 152576 
 15.04.2011 11:00    C:\windows\system32\EventProviders --------- 0 
 15.04.2011 10:54    C:\windows\system32\MRT.exe --------- 39828936 
 14.03.2011 12:18    C:\windows\system32\NDF --------- 0 
 11.03.2011 07:33    C:\windows\system32\mfc42u.dll --------- 1164288 
 11.03.2011 07:33    C:\windows\system32\mfc42.dll --------- 1137664 
 08.03.2011 07:28    C:\windows\system32\inetcomm.dll --------- 741376 
 07.03.2011 07:33    C:\windows\system32\wininet.dll --------- 981504 
 07.03.2011 07:33    C:\windows\system32\urlmon.dll --------- 1230336 
 07.03.2011 07:31    C:\windows\system32\mshtml.dll --------- 5981696 
 07.03.2011 07:31    C:\windows\system32\jsproxy.dll --------- 48128 
 07.03.2011 07:31    C:\windows\system32\ieui.dll --------- 176640 
 07.03.2011 07:31    C:\windows\system32\ieframe.dll --------- 10990080 
 07.03.2011 05:52    C:\windows\system32\mshtml.tlb --------- 1638912 
 03.03.2011 07:38    C:\windows\system32\dnsrslvr.dll --------- 132608 
 03.03.2011 07:38    C:\windows\system32\dnsapi.dll --------- 270336 
 03.03.2011 07:36    C:\windows\system32\dnscacheugc.exe --------- 28672 
 03.03.2011 05:42    C:\windows\system32\win32k.sys --------- 2333184 
 24.02.2011 07:38    C:\windows\system32\XpsGdiConverter.dll --------- 288256 
 19.02.2011 08:30    C:\windows\system32\FntCache.dll --------- 805376 
 19.02.2011 08:30    C:\windows\system32\DWrite.dll --------- 1076736 
 19.02.2011 08:30    C:\windows\system32\d2d1.dll --------- 739840 
 19.02.2011 08:30    C:\windows\system32\atmlib.dll --------- 34304 
 19.02.2011 06:34    C:\windows\system32\atmfd.dll --------- 294912 
 18.02.2011 07:43    C:\windows\system32\vbscript.dll --------- 428032 
 18.02.2011 07:41    C:\windows\system32\jscript.dll --------- 716800 
 13.02.2011 03:35    C:\windows\system32\en-US --------- 221184 
 12.02.2011 07:35    C:\windows\system32\FXSCOVER.exe --------- 191488 
 17.01.2011 07:47    C:\windows\system32\d3d10_1.dll --------- 161792 
 16.01.2011 23:48    C:\windows\system32\Setup.dll --------- 126464 
 07.01.2011 09:46    C:\windows\system32\XpsPrint.dll --------- 870912 
 23.12.2010 07:54    C:\windows\system32\sbe.dll --------- 850944 
 23.12.2010 07:54    C:\windows\system32\CPFilters.dll --------- 642048 
 23.12.2010 07:54    C:\windows\system32\EncDec.dll --------- 534528 
 23.12.2010 07:50    C:\windows\system32\mpg2splt.ax --------- 199680 
 17.12.2010 09:07    C:\windows\system32\kerberos.dll --------- 542208 
 10.12.2010 19:29    C:\windows\system32\sqlctr90.dll --------- 64864 
 10.12.2010 19:29    C:\windows\system32\sqlncli.dll --------- 2248032 
 06.12.2010 15:58    C:\windows\system32\abgx360.exe --------- 2496715 
 29.11.2010 18:38    C:\windows\system32\QuickTimeVR.qtx --------- 94208 
 29.11.2010 18:38    C:\windows\system32\QuickTime.qts --------- 69632 
 20.11.2010 14:36    C:\windows\system32\Narrator.exe --------- 1077248 
 20.11.2010 14:36    C:\windows\system32\NAPHLPR.DLL --------- 107008 
 20.11.2010 14:36    C:\windows\system32\NAPCRYPT.DLL --------- 46080 
 20.11.2010 14:32    C:\windows\system32\AuthFWSnapin.dll --------- 5066752 
 20.11.2010 14:30    C:\windows\system32\ntoskrnl.exe --------- 3911040 
 20.11.2010 14:30    C:\windows\system32\ntkrnlpa.exe --------- 3966848 
 20.11.2010 14:29    C:\windows\system32\mcupdate_GenuineIntel.dll --------- 520064 
 20.11.2010 14:29    C:\windows\system32\halacpi.dll --------- 137088 
 20.11.2010 14:29    C:\windows\system32\hal.dll --------- 194432 
 20.11.2010 14:29    C:\windows\system32\halmacpi.dll --------- 194432 
 20.11.2010 14:29    C:\windows\system32\bootres.dll --------- 2217856 
 20.11.2010 14:29    C:\windows\system32\consent.exe --------- 101760 
 20.11.2010 14:24    C:\windows\system32\ntdll.dll --------- 1288488 
 20.11.2010 14:24    C:\windows\system32\fveapi.dll --------- 271664 
 20.11.2010 14:24    C:\windows\system32\winresume.exe --------- 442720 
 20.11.2010 14:24    C:\windows\system32\winload.exe --------- 508904 
 20.11.2010 14:24    C:\windows\system32\ci.dll --------- 690680 
 20.11.2010 14:23    C:\windows\system32\basecsp.dll --------- 144768 
 20.11.2010 14:21    C:\windows\system32\zipfldr.dll --------- 327680 
 20.11.2010 14:21    C:\windows\system32\XpsRasterService.dll --------- 135168 
 20.11.2010 14:21    C:\windows\system32\xpsservices.dll --------- 1712640 
 20.11.2010 14:21    C:\windows\system32\wwanprotdim.dll --------- 40960 
----------------------------------------

 
C:\windows\Prefetch

----------------------------------------

 
C:\windows\Tasks

 18.04.2011 23:23    C:\windows\Tasks\SA.DAT --------- 6 
 18.04.2011 22:43    C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job --------- 1078 
 18.04.2011 22:43    C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job --------- 1130 
 28.02.2011 09:23    C:\windows\Tasks\SCHEDLGU.TXT --------- 32632 
----------------------------------------

 
C:\windows\Temp

 18.04.2011 23:23    C:\windows\Temp\lpksetup-20110418-232350-0.log --------- 3500 
 18.04.2011 23:09    C:\windows\Temp\lpksetup-20110418-230857-0.log --------- 3500 
 18.04.2011 22:52    C:\windows\Temp\lpksetup-20110418-225221-0.log --------- 3500 
 18.04.2011 21:59    C:\windows\Temp\Cookies --------- 0 
 18.04.2011 21:49    C:\windows\Temp\History --------- 0 
 18.04.2011 21:49    C:\windows\Temp\Temporary Internet Files --------- 0 
 18.04.2011 20:57    C:\windows\Temp\lpksetup-20110418-205713-0.log --------- 3500 
 18.04.2011 11:32    C:\windows\Temp\lpksetup-20110418-113220-0.log --------- 3500 
----------------------------------------

 
C:\Users\Fireball\AppData\Local\Temp

 18.04.2011 23:33    C:\Users\Fireball\AppData\Local\Temp\~DF5E823017F53DE822.TMP --------- 81920 
 18.04.2011 23:31    C:\Users\Fireball\AppData\Local\Temp\~DF283559A38E35B79D.TMP --------- 81920 
 18.04.2011 23:30    C:\Users\Fireball\AppData\Local\Temp\CVR57FE.tmp.cvr --------- 0 
 18.04.2011 23:24    C:\Users\Fireball\AppData\Local\Temp\WPDNSE --------- 0 
 18.04.2011 23:22    C:\Users\Fireball\AppData\Local\Temp\~nsu.tmp --------- 0 
 18.04.2011 21:39    C:\Users\Fireball\AppData\Local\Temp\utt222.tmp.bat --------- 53 
 18.04.2011 21:39    C:\Users\Fireball\AppData\Local\Temp\utt222.tmp --------- 0 
 18.04.2011 21:20    C:\Users\Fireball\AppData\Local\Temp\CVR8E2B.tmp.cvr --------- 0 
 18.04.2011 21:11    C:\Users\Fireball\AppData\Local\Temp\CVR4346.tmp.cvr --------- 0 
 18.04.2011 22:47    C:\Users\Fireball\AppData\Local\Temp\hsperfdata_Fireball --------- 0 
 18.04.2011 21:05    C:\Users\Fireball\AppData\Local\Temp\0.8775945902354931.exe --------- 168279 
 18.04.2011 20:48    C:\Users\Fireball\AppData\Local\Temp\tmpF59E.tmp --------- 569344 
 18.04.2011 20:48    C:\Users\Fireball\AppData\Local\Temp\tmp46AA.tmp --------- 569344 
 18.04.2011 20:48    C:\Users\Fireball\AppData\Local\Temp\woanecmrsx.exe --------- 89088 
 18.04.2011 20:48    C:\Users\Fireball\AppData\Local\Temp\err.log33402762 --------- 29184 
 18.04.2011 11:32    C:\Users\Fireball\AppData\Local\Temp\CVRD4EA.tmp.cvr --------- 0 
 12.03.2011 13:14    C:\Users\Fireball\AppData\Local\Temp\Low --------- 0 
 29.10.2009 13:24    C:\Users\Fireball\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
 14.07.2009 03:14    C:\Users\Fireball\AppData\Local\Temp\esarncwmox.exe --------- 47104 
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\ProgramData\..

Fireball   
Mcx1-FIREBALL-PC   
Public   
Default   
All Users   
Default User   
desktop.ini   
----------------------------------------

 
C:\windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        www.123fporn.info
127.0.0.1        123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com
127.0.0.1        123simsen.com
127.0.0.1        www.123simsen.com
127.0.0.1        123topsearch.com
127.0.0.1        www.123topsearch.com
127.0.0.1        125sms.co.uk
127.0.0.1        www.125sms.co.uk
127.0.0.1        125sms.com
127.0.0.1        www.125sms.com
127.0.0.1        132.com
127.0.0.1        www.132.com
127.0.0.1        1337crew.info
127.0.0.1        www.1337crew.info
127.0.0.1        www.1337-crew.to
127.0.0.1        1337-crew.to
127.0.0.1        136136.net
127.0.0.1        www.136136.net
127.0.0.1        www.150freesms.de
127.0.0.1        150freesms.de
127.0.0.1        www.163ns.com
127.0.0.1        163ns.com
127.0.0.1        171203.com
127.0.0.1        17concepts.info
127.0.0.1        www.17concepts.info
127.0.0.1        17-plus.com
127.0.0.1        1800searchonline.com
127.0.0.1        www.1800searchonline.com
127.0.0.1        180searchassistant.com
127.0.0.1        www.180searchassistant.com
127.0.0.1        180solutions.com
127.0.0.1        www.180solutions.com
127.0.0.1        181.365soft.info
127.0.0.1        www.181.365soft.info
127.0.0.1        1987324.com
127.0.0.1        www.1987324.com
127.0.0.1        1-domains-registrations.com
127.0.0.1        www.1-domains-registrations.com
127.0.0.1        www.1sexparty.com
127.0.0.1        1sexparty.com
127.0.0.1        www.1sms.de
127.0.0.1        1sms.de
127.0.0.1        www.1spybot.com
127.0.0.1        1spybot.com
127.0.0.1        www.1stantivirus.com
127.0.0.1        1stantivirus.com
127.0.0.1        www.1stpagehere.com
127.0.0.1        1stpagehere.com
127.0.0.1        www.1stsearchportal.com
127.0.0.1        1stsearchportal.com

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            12 K
System                          4 Services                  0        6.400 K
smss.exe                      336 Services                  0          800 K
csrss.exe                      472 Services                  0        3.308 K
wininit.exe                    544 Services                  0        3.208 K
csrss.exe                      568 Console                    1        6.048 K
services.exe                  592 Services                  0        9.088 K
lsass.exe                      616 Services                  0        7.552 K
lsm.exe                        624 Services                  0        4.436 K
svchost.exe                    736 Services                  0        7.004 K
winlogon.exe                  816 Console                    1        4.608 K
svchost.exe                    880 Services                  0        6.132 K
atiesrxx.exe                  920 Services                  0        2.988 K
svchost.exe                  1016 Services                  0        15.416 K
svchost.exe                  1064 Services                  0        64.564 K
svchost.exe                  1104 Services                  0        33.028 K
svchost.exe                  1240 Services                  0        11.504 K
atieclxx.exe                  1308 Console                    1        4.164 K
svchost.exe                  1344 Services                  0        4.168 K
svchost.exe                  1420 Services                  0        16.744 K
spoolsv.exe                  1568 Services                  0        8.824 K
sched.exe                    1616 Services                  0        1.532 K
svchost.exe                  1640 Services                  0        5.408 K
agrsmsvc.exe                  1760 Services                  0        1.984 K
avguard.exe                  1780 Services                  0        11.584 K
AppleMobileDeviceService.    1808 Services                  0        6.180 K
BcmSqlStartupSvc.exe          1836 Services                  0        2.720 K
mDNSResponder.exe            1864 Services                  0        4.568 K
svchost.exe                  1896 Services                  0        11.600 K
Rezip.exe                    1948 Services                  0        3.516 K
sqlbrowser.exe                1980 Services                  0        3.136 K
sqlwriter.exe                2008 Services                  0        4.736 K
svchost.exe                    420 Services                  0        4.024 K
avshadow.exe                  2252 Services                  0        3.300 K
conhost.exe                  2260 Services                  0        2.036 K
alg.exe                      2436 Services                  0        3.580 K
svchost.exe                  2544 Services                  0        4.088 K
TrustedInstaller.exe          2688 Services                  0        6.284 K
taskeng.exe                  2916 Console                    1        4.644 K
taskhost.exe                  2940 Console                    1        49.916 K
dwm.exe                      2948 Console                    1        46.052 K
explorer.exe                  3028 Console                    1      114.284 K
SUPBackGround.exe            3060 Console                    1        1.708 K
SSCKbdHk.exe                  3116 Console                    1          764 K
SearchIndexer.exe            3788 Services                  0        27.064 K
wmpnetwk.exe                  3872 Services                  0        4.660 K
svchost.exe                  1692 Services                  0        6.568 K
firefox.exe                  3964 Console                    1      111.164 K
plugin-container.exe          3008 Console                    1        37.844 K
OUTLOOK.EXE                  2884 Console                    1      123.668 K
OSPPSVC.EXE                  3616 Services                  0        8.948 K
WmiPrvSE.exe                  1184 Services                  0        5.112 K
mbam.exe                      3296 Console                    1        90.004 K
cmd.exe                      3332 Console                    1        4.180 K
conhost.exe                  3632 Console                    1        20.504 K
SearchProtocolHost.exe        3620 Services                  0        6.408 K
SearchFilterHost.exe          2040 Services                  0        4.588 K
tasklist.exe                  3452 Console                    1        4.360 K

 
***** Ende des Scans 18.04.2011 um 23:34:23,12 ***

kira 19.04.2011 05:27
Falls noch nicht vorhanden lade es herunter, ansonsten Update ziehen und die Anleitung einhalten:

1.
Du hast deine ersten Scanergebnisse von Malwarebytes bestimmt noch, wo alle entfernten Objekte liegen? Zeige mir bitte das Protokoll. Wenn mehrere Ergebnissen vorliegen, alle posten

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Setze ein Häckchen bei Scan All Users.
  • Unter Standard Registry wähle bitte All
  • Unter Extra Registry, wähle bitte Use SafeList
  • Schliesse bitte alle laufenden Programme.
  • Klicke nun auf Run Scan ( links oben ).
  • nach Beendigung des Scans werden 2 Logfiles auf dem Desktop erstellt
  • Poste den Inhalt von OTL.txt und Extra.txt hier in Deinen Thread

Floppar 19.04.2011 05:27
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6391

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18.04.2011 22:03:30
mbam-log-2011-04-18 (22-03-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 82397
Laufzeit: 33 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Uqujaneyule (Trojan.Hiloti) -> Value: Uqujaneyule -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Fireball\AppData\Local\dlers47.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\program files\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.

Floppar 19.04.2011 09:22
Code:
OTL Extras logfile created on: 4/19/2011 6:30:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"XBMC" = XBMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/18/2011 3:05:32 PM | Computer Name = Fireball-PC | Source = ESENT | ID = 215
Description = WinMail (3184) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 4/18/2011 4:52:36 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
 
Error - 4/18/2011 5:09:40 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
 
Error - 4/18/2011 5:24:22 PM | Computer Name = Fireball-PC | Source = System Restore | ID = 8210
Description =
 
Error - 4/18/2011 5:30:37 PM | Computer Name = Fireball-PC | Source = MBAMService | ID = 131073
Description =
 
Error - 4/18/2011 8:58:16 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 8:58:37 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/18/2011 9:00:17 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 9:00:18 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/18/2011 9:00:20 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung.  11:03:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung.  11:03:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 4/18/2011 5:55:51 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:55:52 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 4/18/2011 5:57:02 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 4/18/2011 5:57:04 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147014847
 
Error - 4/18/2011 5:57:33 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 4/19/2011 6:30:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.62 Gb Free Space | 66.20% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 173.84 Gb Free Space | 50.10% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 23:22:17 | 000,000,000 | ---D | M]
 
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/18 20:53:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com
[2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml
[2011/01/17 23:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/29 17:09:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/29 17:19:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/10/29 17:19:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/05/04 11:59:05 | 000,393,182 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13576 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes
[2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll
[2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll
[2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll
[2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll
[2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll
[2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe
[2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll
[2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll
[2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe
[2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe
[2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll
[2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll
[2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll
[2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll
[2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll
[2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll
[2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll
[2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll
[2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll
[2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll
[2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll
[2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll
[2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll
[2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll
[2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe
[2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll
[2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll
[2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe
[2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll
[2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll
[2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll
[2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll
[2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll
[2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll
[2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll
[2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll
[2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll
[2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll
[2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll
[2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe
[2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll
[2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe
[2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll
[2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll
[2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll
[2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll
[2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll
[2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll
[2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll
[2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll
[2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe
[2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll
[2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll
[2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe
[2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll
[2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll
[2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL
[2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll
[2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll
[2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll
[2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll
[2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL
[2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll
[2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll
[2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll
[2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL
[2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll
[2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll
[2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll
[2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll
[2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll
[2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe
[2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll
[2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll
[2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll
[2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe
[2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe
[2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe
[2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll
[2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe
[2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll
[2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll
[2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll
[2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll
[2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL
[2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe
[2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll
[2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll
[2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll
[2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll
[2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll
[2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll
[2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll
[2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll
[2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll
[2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll
[2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll
[2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll
[2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll
[2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL
[2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll
[2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll
[2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll
[2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll
[2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll
[2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll
[2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe
[2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll
[2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll
[2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll
[2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll
[2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll
[2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll
[2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll
[2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll
[2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll
[2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe
[2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys
[2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll
[2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll
[2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll
[2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll
[2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll
[2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll
[2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll
[2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll
[2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr
[2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe
[2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll
[2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll
[2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll
[2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll
[2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll
[2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll
[2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll
[2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll
[2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll
[2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll
[2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll
[2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll
[2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll
[2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll
[2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll
[2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll
[2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll
[2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe
[2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll
[2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll
[2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl
[2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll
[2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL
[2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll
[2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll
[2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe
[2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll
[2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll
[2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll
[2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll
[2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll
[2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll
[2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx
[2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe
[2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll
[2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe
[2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll
[2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll
[2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll
[2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll
[2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll
[2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll
[2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl
[2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl
[2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll
[2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll
[2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll
[2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll
[2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl
[2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe
[2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll
[2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll
[2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe
[2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll
[2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll
[2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll
[2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll
[2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll
[2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll
[2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll
[2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax
[2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe
[2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll
[2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll
[2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll
[2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll
[2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll
[2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll
[2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe
[2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe
[2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe
[2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll
[2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax
[2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll
[2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll
[2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe
[2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll
[2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL
[2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll
[2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll
[2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe
[2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll
[2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll
[2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll
[2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll
[2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp
[2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe
[2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll
[2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll
[2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll
[2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe
[2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe
[2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll
[2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe
[2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll
[2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll
[2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr
[2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll
[2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll
[2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll
[2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll
[2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll
[2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll
[2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll
[2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe
[2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe
[2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll
[2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll
[2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll
[2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe
[2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe
[2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll
[2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe
[2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll
[2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll
[2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll
[2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll
[2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll
[2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll
[2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll
[2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe
[2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL
[2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll
[2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe
[2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe
[2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL
[2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll
[2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll
[2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr
[2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll
[2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll
[2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll
[2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe
[2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll
[2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys
[2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll
[2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe
[2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe
[2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll
[2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll
[2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll
[2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll
[2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll
[2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL
[2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL
[2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll
[2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll
[2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe
[2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll
[2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr
[2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr
[2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll
[2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll
[2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll
[2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll
[2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax
[2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl
[2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe
[2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll
[2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax
[2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL
[2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll
[2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll
[2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe
[2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll
[2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe
[2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe
[2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll
[2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe
[2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe
[2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll
[2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll
[2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll
[2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll
[2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll
[2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe
[2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll
[2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll
[2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe
[2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL
[2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe
[2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll
[2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll
[2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll
[2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL
[2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll
[2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll
[2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe
[2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe
[2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl
[2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll
[2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll
[2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll
[2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll
[2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll
[2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe
[2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll
[2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll
[2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll
[2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll
[2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll
[2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll
[2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe
[2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll
[2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll
[2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe
[2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe
[2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll
[2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll
[2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME
[2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll
[2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll
[2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll
[2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll
[2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe
[2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax
[2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll
[2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll
[2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe
[2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe
[2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll
[2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll
[2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe
[2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe
[2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll
[2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax
[2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll
[2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll
[2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe
[2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax
[2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll
[2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll
[2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys
[2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe
[2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll
[2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll
[2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll
[2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll
[2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll
[2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll
[2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll
[2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll
[2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll
[2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll
[2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll
[2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll
[2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime
[2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll
[2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll
[2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll
[2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll
[2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll
[2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll
[2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll
[2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll
[2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll
[2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys
[2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL
[2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll
[2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll
[2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL
[2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL
[2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll
[2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll
[2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll
[2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL
[2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll
[2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll
[2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll
[2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe
[2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll
[2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll
[2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll
[2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe
[2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/19 05:43:05 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job
[2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/19 00:05:12 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 23:57:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/18 23:56:58 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/18 22:43:03 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job
[2011/04/18 21:37:34 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
 
========== Files Created - No Company Name ==========
 
[2011/04/19 06:22:31 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/18 21:37:18 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011/04/18 20:50:22 | 000,000,120 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat
[2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini
[2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys
[2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI
[2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/04/18 23:59:40 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple
[2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360
[2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech
[2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite
[2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0
[2011/04/16 22:24:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ
[2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView
[2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec
[2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda
[2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper
[2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian
[2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client
[2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W
[2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net
[2011/01/02 18:42:18 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\XBMC
[2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Floppar 19.04.2011 20:29
Es läuft bis auf ein einzige Ausnahme ganz gut und zwar, dass Firefox mich öfters auf andere Seiten schickt, welche ich gar nicht gesucht habe per Google.
Sprich Google verlinkt mich sogesehen falsch auf andere Seiten...

kira 19.04.2011 22:11
1.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
PRC - C:\Windows\System32\Rezip.exe ()
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
[2011/04/19 06:22:31 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\bljcgx.sys
[2011/04/18 22:52:38 | 000,000,120 | -H-- | M] () -- C:\Users\Fireball\AppData\Local\Thobu.dat
[2011/04/18 23:22:10 | 000,000,000 | -HSD | M] -- C:\Users\Fireball\AppData\Roaming\lowsec

:Commands
[purity]
[resethosts]
[emptytemp]

Floppar 19.04.2011 22:21
Code:
abgx360 v1.0.5                18.04.2011               
Adobe AIR        Adobe Systems Inc.        18.04.2011                1.1.0.5790
Adobe Dreamweaver CS4        Adobe Systems Incorporated        18.04.2011        826,7MB        10.0
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        18.04.2011        6,00MB        10.1.102.64
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.04.2011        6,00MB        10.2.153.1
Adobe Media Player        Adobe Systems Incorporated        18.04.2011                1.1
Adobe Reader 9.4.3 - Deutsch        Adobe Systems Incorporated        06.04.2011        185,1MB        9.4.3
Apple Application Support        Apple Inc.        10.01.2011        52,7MB        1.4.1
Apple Mobile Device Support        Apple Inc.        10.01.2011        21,7MB        3.3.0.69
Apple Software Update        Apple Inc.        08.11.2009        2,16MB        2.1.1.116
Atheros Client Installation Program        Atheros        04.07.2010                7.0
ATI Catalyst Install Manager        ATI Technologies, Inc.        06.10.2009        13,8MB        3.0.741.0
Avira AntiVir Personal - Free Antivirus        Avira GmbH        18.04.2011        59,8MB        10.0.0.635
Bonjour        Apple Inc.        17.10.2010        0,96MB        2.0.3.0
Business Contact Manager für Outlook 2007 SP2        Microsoft Corporation        18.04.2011                3.0.8619.1
CCleaner        Piriform        18.04.2011                2.32
ChargeableUSB        SAMSUNG        06.10.2009                1.0.0.0
DivX Converter        DivX, Inc.        18.04.2011                7.1.0
DivX Plus DirectShow Filters        DivX, Inc.        18.04.2011               
DivX-Setup        DivX, Inc.        18.04.2011                1.0.2.22
Easy Display Manager        Samsung Electronics Co., Ltd.        06.10.2009                3.0
ffdshow v1.1.3562 [2010-09-07]                01.01.2011        16,8MB        1.1.3562.0
Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        03.04.2011        36,0MB       
HijackThis 2.0.2        TrendMicro        18.04.2011                2.0.2
ICQ7.2        ICQ        07.08.2010                7.2
ImgBurn        LIGHTNING UK!        12.01.2011                2.5.5.0
Intel® Matrix Storage Manager        Intel Corporation        18.04.2011               
IrfanView (remove only)                18.04.2011               
iTunes        Apple Inc.        10.01.2011        144,8MB        10.1.1.4
Java DB 10.6.2.1        Oracle        18.04.2011        29,9MB        10.6.2.1
Java(TM) 6 Update 24        Oracle        18.04.2011        96,9MB        6.0.240
Java(TM) SE Development Kit 6 Update 24        Oracle        18.04.2011        151,6MB        1.6.0.240
JDownloader        AppWork UG (haftungsbeschränkt)        18.04.2011                0.89
K-Lite Codec Pack 4.4.5 (Full)                28.10.2009                4.4.5
LSI HDA Modem        LSI Corporation        18.04.2011        16,00KB        2.2.97
Malwarebytes' Anti-Malware        Malwarebytes Corporation        17.04.2011        10,5MB       
Marvell Miniport Driver        Marvell        18.04.2011                10.70.3.3
Microsoft .NET Framework 1.1                18.04.2011               
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.04.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        18.04.2011        52,0MB        4.0.30319
Microsoft Office Outlook Connector        Microsoft Corporation        29.09.2010        3,36MB        14.0.5118.5000
Microsoft Office Professional Plus 2010        Microsoft Corporation        18.04.2011                14.0.4763.1000
Microsoft Silverlight        Microsoft Corporation        20.02.2011        142,6MB        4.0.60129.0
Microsoft SQL Server 2005        Microsoft Corporation        18.04.2011               
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        28.10.2009        1,72MB        3.1.0000
Microsoft SQL Server Native Client        Microsoft Corporation        14.02.2011        2,63MB        9.00.5000.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        14.02.2011        0,68MB        9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        28.10.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        03.11.2010        2,38MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.10.2009        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        27.10.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        28.10.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        25.03.2010        0,58MB        9.0.30729.4148
Mozilla Firefox (3.6.16)        Mozilla        18.04.2011                3.6.16 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        29.10.2009        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,33MB        4.20.9876.0
Nero Lite 9.4.13.2 Build.1.0        Scheccia        18.04.2011                1.0
NVIDIA PhysX        NVIDIA Corporation        27.10.2010        73,2MB        9.10.0513
Pidgin                18.04.2011                2.7.5
QuickTime        Apple Inc.        10.01.2011        73,7MB        7.69.80.9
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        27.08.2010                6.0.1.5948
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        06.10.2009                1.01.0088
Samsung Recovery Solution 4        Samsung        06.10.2009                4.0.0.3
Samsung Support Center        Samsung        06.10.2009        40,8MB        1.0.1
Samsung Update Plus        Samsung Electronics Co., Ltd.        06.10.2009                2.0
Spybot - Search & Destroy        Safer Networking Limited        03.05.2010                1.6.2
Steam        Valve Corporation        27.06.2010        1,49MB        1.0.0.0
SUPERAntiSpyware Free Edition        SUPERAntiSpyware.com        03.05.2010        31,8MB        4.36.0.1006
Synaptics Pointing Device Driver        Synaptics Incorporated        18.04.2011                15.0.10.0
Uninstall 1.0.0.1                03.04.2011        10,9MB       
Unity Web Player        Unity Technologies ApS        14.01.2010        12,0MB        2.6.1f3_31223
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        14.02.2011        36,3MB        9.00.5000.00
VLC media player 1.1.8        VideoLAN        18.04.2011                1.1.8
Winamp        Nullsoft, Inc        18.04.2011                5.61
Winamp Erkennungs-Plug-in        Nullsoft, Inc        15.04.2011        75,00KB        1.0.0.1
Windows Live Anmelde-Assistent        Microsoft Corporation        28.10.2009        1,94MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        18.04.2011                14.0.8117.0416
Windows Live Sync        Microsoft Corporation        25.06.2010        2,79MB        14.0.8117.416
Windows Live-Uploadtool        Microsoft Corporation        28.10.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        06.11.2009        0,29MB        1.0.0.8
WinRAR                18.04.2011
Code:
All processes killed
========== OTL ==========
Process Rezip.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
File C:\windows\System32\drivers\bljcgx.sys not found.
C:\Users\Fireball\AppData\Local\Thobu.dat moved successfully.
C:\Users\Fireball\AppData\Roaming\lowsec folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fireball
->Temp folder emptied: 36189 bytes
->Temporary Internet Files folder emptied: 10183806 bytes
->Java cache emptied: 2858744 bytes
->FireFox cache emptied: 70383680 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8652 bytes
 
User: Mcx1-FIREBALL-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 69276 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1765032 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 81.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04192011_232227

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Floppar 20.04.2011 08:55
Und ich hab jetzt öfters auch noch diesen Skriptfehler
mit der URL"hxxp://www2a.glam.com/mobile/detect.act?affiliateId=38198522"

kira 20.04.2011 09:57
Zu Punkt 1. und 2.:

Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an!
dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.
[Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Autorun-Funktion - was ist das?

1.
Malware-Scan mit Emsisoft Anti-Malware 5.0

Ohne Hintergrundwächter durchsucht Emsisoft Anti-Malware 5.0 den Computer auf Befall von Trojanern, Spyware, Adware, Würmern, Keyloggern, Rootkits, Dialern und anderen schädlichen Programmen. Das Programm ist geeignet für für Windows 98, ME, 2000, XP, 2003 Server und Vista.
  • Lade die Gratisversion von => Emsisoft Anti-Malware 5.0 herunter und installiere das Programm.
  • Lade über Jetzt Updaten die aktuellen Signaturen herunter.
  • Wähle den Freeware-Modus aus.
  • Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
  • Am Ende des Scans alle Funde markieren und über den Button Ausgewählte in Quarantäne schicken.
  • Über den Button Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten

2.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

Floppar 20.04.2011 12:28
TR/Crypt.XPACK.Gen auf Laptop gefunden + komische Ausführungen im Autostart
 
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=18b20326dc4b98458ebb8b4c712697ec
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-20 11:25:42
# local_time=2011-04-20 01:25:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 30318252 30318252 0 0
# compatibility_mode=1797 16775165 100 94 137408 39827277 130586 0
# compatibility_mode=5893 16776574 100 94 128685 54921612 0 0
# compatibility_mode=8192 67108863 100 0 102 102 0 0
# scanned=159926
# found=0
# cleaned=0
# scan_time=8321
Weiß nicht ob das vlt auch von Bedeutung ist, aber meine explorer.exe braucht immer ca 130MB Arbeitsspeicher, was mir persönlich sehr viel vorkommt?!

Code:
Emsisoft Anti-Malware - Version 5.1
Letztes Update: 4/20/2011 11:11:45 AM
 
Scan Einstellungen:
 
Scan Methode: N/A
Objekte: Speicher, Traces, Cookies, C:\, D:\
Archiv Scan: Aus
Heuristik: Aus
ADS Scan: An
 
Scan Beginn:    4/20/2011 1:27:44 PM
 
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe    gefunden: Gen.Variant.Buzy!IK
 
Gescannt
 
Dateien:    164229
Traces:    624765
Cookies:    2
Prozesse:    52
 
Gefunden
 
Dateien:    1
Traces:    0
Cookies:    0
Prozesse:    0
Registry Keys:    0
 
Scan Ende:    4/20/2011 2:59:32 PM
Scan Zeit:    1:31:48
 
C:\Users\Fireball\AppData\Roaming\GameTuts\Modio\0.85.5\modioupdater.exe    Quarantäne Gen.Variant.Buzy!IK
 
Quarantäne
 
Dateien:    1
Traces:    0
Cookies:    0

kira 20.04.2011 21:44
1.
gehe bitte mal auf Dienste, ob der Service "Rezip" deaktiviert ist?:
  • Klicke auf "Start" -> gibst Du in das Suchfeld "Dienste" ein
  • dann klicke im oberen Bereich mit der rechten Maustaste auf den Eintrag "Dienste"
  • und im Kontextmenü auf "Als Administrator ausführen" ->Anleitung/tipps4you.de
  • den ausgewählte Dienst auf deaktiviert setzen!

2.
kannst auch gleich auf deaktiviert setzen:
Code:
Apple Mobile Device - Apple Inc.
Dienst "Bonjour" (Bonjour Service)
iPod-Dienst (iPod Service)
- ausserdem:

3.
Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen
Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen
also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein!

4.
poste erneut eun neues OTL-Log

Floppar 20.04.2011 21:58
Hab die Dienste deaktiviert und die Wiederherstellung deaktiviert und wieder aktiviert
OTL Logfile:
Code:
OTL logfile created on: 4/20/2011 10:53:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Winamp\Elevator.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (a2acc) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (Emsi Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sport1.de/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {F7D98436-EE72-4501-9468-FDB99883A9A2}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 07:24:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 22:19:34 | 000,000,000 | ---D | M]
 
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions
[2009/10/29 14:00:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/20 22:32:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Black Stratini) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Chromifox Basic) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\chromifox@altmusictv.com
[2011/04/18 23:22:09 | 000,000,000 | -H-D | M] (Firebug) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\firebug@software.joehewitt.com
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Fireball\AppData\Roaming\mozilla\Firefox\Profiles\9kuzni9z.default\extensions\moveplayer@movenetworks.com
[2011/03/01 01:27:03 | 000,001,820 | -H-- | M] () -- C:\Users\Fireball\AppData\Roaming\Mozilla\Firefox\Profiles\9kuzni9z.default\searchplugins\bing.xml
[2011/04/19 22:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/24 07:24:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/19 22:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/18 23:22:11 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\FIREBALL\APPDATA\LOCAL\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/03/24 07:24:48 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/03/24 07:24:48 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/14 02:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/03/24 07:24:49 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/03/12 12:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/11 12:49:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/01/11 12:49:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/06/24 12:23:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/06/24 12:23:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/06/24 12:23:55 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/24 12:23:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/06/24 12:23:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/06/24 12:23:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/04/19 23:22:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1001\..Trusted Ranges: Range37 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/20 11:08:07 | 000,000,000 | ---D | C] -- C:\Users\Fireball\Documents\Anti-Malware
[2011/04/20 08:29:50 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Local\AOL
[2011/04/19 22:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/04/19 22:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/19 22:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/04/19 22:19:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/04/19 22:19:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/19 22:19:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/18 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Malwarebytes
[2011/04/18 21:15:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/18 21:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/18 21:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2011/04/18 20:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Fireball\AppData\Local\{F7D98436-EE72-4501-9468-FDB99883A9A2}
[2011/04/16 14:25:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/04/15 13:57:06 | 000,000,000 | RH-D | C] -- C:\Users\Fireball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/04/15 11:01:31 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2011/04/15 11:00:46 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2011/04/15 10:50:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\TsUsbFlt.sys
[2011/04/15 10:50:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/04/15 10:50:38 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/04/15 10:50:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2011/04/15 10:50:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2011/04/15 10:50:35 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2011/04/15 10:50:35 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2011/04/15 10:50:34 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2011/04/15 10:50:33 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2011/04/15 10:50:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizui.dll
[2011/04/15 10:50:31 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/04/15 10:50:31 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2011/04/15 10:50:31 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssrch.dll
[2011/04/15 10:50:31 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertEnroll.dll
[2011/04/15 10:50:31 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcupdate_GenuineIntel.dll
[2011/04/15 10:50:30 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/15 10:50:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHost.exe
[2011/04/15 10:50:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PresentationHostProxy.dll
[2011/04/15 10:50:29 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/15 10:50:29 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tquery.dll
[2011/04/15 10:50:29 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RacEngn.dll
[2011/04/15 10:50:28 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuthFWSnapin.dll
[2011/04/15 10:50:26 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/04/15 10:50:25 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/15 10:50:25 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d9.dll
[2011/04/15 10:50:24 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2011/04/15 10:50:23 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spinstall.exe
[2011/04/15 10:50:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wer.dll
[2011/04/15 10:50:23 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certcli.dll
[2011/04/15 10:50:23 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spreview.exe
[2011/04/15 10:50:22 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2011/04/15 10:50:21 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSAT.exe
[2011/04/15 10:50:21 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmcore.dll
[2011/04/15 10:50:21 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2011/04/15 10:50:21 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diagperf.dll
[2011/04/15 10:50:21 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/15 10:50:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TSWorkspace.dll
[2011/04/15 10:50:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/04/15 10:50:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scavengeui.dll
[2011/04/15 10:50:20 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localspl.dll
[2011/04/15 10:50:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/15 10:50:20 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/15 10:50:20 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsmf.dll
[2011/04/15 10:50:20 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2011/04/15 10:50:19 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbgeng.dll
[2011/04/15 10:50:19 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netlogon.dll
[2011/04/15 10:50:19 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2011/04/15 10:50:19 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfgx.dll
[2011/04/15 10:50:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2011/04/15 10:50:18 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Query.dll
[2011/04/15 10:50:18 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2011/04/15 10:50:17 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcndmgr.dll
[2011/04/15 10:50:17 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2011/04/15 10:50:17 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppobjs.dll
[2011/04/15 10:50:17 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2fs.dll
[2011/04/15 10:50:17 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceApi.dll
[2011/04/15 10:50:17 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll
[2011/04/15 10:50:17 | 000,252,928 | ---- | C] (Microsoft) -- C:\windows\System32\DShowRdpFilter.dll
[2011/04/15 10:50:17 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\upnp.dll
[2011/04/15 10:50:17 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netfxperf.dll
[2011/04/15 10:50:16 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certmgr.dll
[2011/04/15 10:50:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcbuilder.exe
[2011/04/15 10:50:15 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsservices.dll
[2011/04/15 10:50:15 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winload.exe
[2011/04/15 10:50:15 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppwinob.dll
[2011/04/15 10:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmd.exe
[2011/04/15 10:50:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/04/15 10:50:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32spl.dll
[2011/04/15 10:50:14 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfds.dll
[2011/04/15 10:50:14 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedynos.dll
[2011/04/15 10:50:13 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2011/04/15 10:50:13 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\werconcpl.dll
[2011/04/15 10:50:13 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2011/04/15 10:50:13 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\samsrv.dll
[2011/04/15 10:50:13 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winresume.exe
[2011/04/15 10:50:13 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2011/04/15 10:50:13 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credui.dll
[2011/04/15 10:50:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2011/04/15 10:50:13 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/15 10:50:12 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dbghelp.dll
[2011/04/15 10:50:12 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NaturalLanguage6.dll
[2011/04/15 10:50:12 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2011/04/15 10:50:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2011/04/15 10:50:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2011/04/15 10:50:12 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basecsp.dll
[2011/04/15 10:50:11 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll
[2011/04/15 10:50:11 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlsrv32.dll
[2011/04/15 10:50:11 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\calc.exe
[2011/04/15 10:50:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\evr.dll
[2011/04/15 10:50:11 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpksetup.exe
[2011/04/15 10:50:11 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSATAPI.dll
[2011/04/15 10:50:11 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fveapi.dll
[2011/04/15 10:50:11 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnike.dll
[2011/04/15 10:50:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sxs.dll
[2011/04/15 10:50:10 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/04/15 10:50:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgprint.dll
[2011/04/15 10:50:09 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ci.dll
[2011/04/15 10:50:09 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSDApi.dll
[2011/04/15 10:50:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpeffects.dll
[2011/04/15 10:50:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aepdu.dll
[2011/04/15 10:50:09 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\net1.exe
[2011/04/15 10:50:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rpchttp.dll
[2011/04/15 10:50:09 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetpp.dll
[2011/04/15 10:50:09 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aitagent.exe
[2011/04/15 10:50:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prncache.dll
[2011/04/15 10:50:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scansetting.dll
[2011/04/15 10:50:07 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVCORE.DLL
[2011/04/15 10:50:07 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pnidui.dll
[2011/04/15 10:50:07 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2011/04/15 10:50:07 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlangpui.dll
[2011/04/15 10:50:07 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netdiagfx.dll
[2011/04/15 10:50:07 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MMDevAPI.dll
[2011/04/15 10:50:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSHVHOST.DLL
[2011/04/15 10:50:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2011/04/15 10:50:07 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fde.dll
[2011/04/15 10:50:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2011/04/15 10:50:07 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2011/04/15 10:50:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\davclnt.dll
[2011/04/15 10:50:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SyncCenter.dll
[2011/04/15 10:50:06 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdengin2.dll
[2011/04/15 10:50:06 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2011/04/15 10:50:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wscapi.dll
[2011/04/15 10:50:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbGDCoInstaller.dll
[2011/04/15 10:50:05 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2011/04/15 10:50:05 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMPEG2ENC.DLL
[2011/04/15 10:50:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[2011/04/15 10:50:05 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mcmde.dll
[2011/04/15 10:50:05 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXPTaskRingtone.dll
[2011/04/15 10:50:05 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imapi2.dll
[2011/04/15 10:50:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aeinv.dll
[2011/04/15 10:50:05 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011/04/15 10:50:05 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/15 10:50:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsta.dll
[2011/04/15 10:50:05 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WinSCard.dll
[2011/04/15 10:50:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcl.exe
[2011/04/15 10:50:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/04/15 10:50:04 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPEncEn.dll
[2011/04/15 10:50:04 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2011/04/15 10:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dwmredir.dll
[2011/04/15 10:50:03 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bootres.dll
[2011/04/15 10:50:03 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Narrator.exe
[2011/04/15 10:50:03 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoconv.exe
[2011/04/15 10:50:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssvp.dll
[2011/04/15 10:50:03 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autofmt.exe
[2011/04/15 10:50:03 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsmsnap.dll
[2011/04/15 10:50:03 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinfo32.exe
[2011/04/15 10:50:03 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vaultsvc.dll
[2011/04/15 10:50:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AudioSes.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halmacpi.dll
[2011/04/15 10:50:03 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hal.dll
[2011/04/15 10:50:03 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msutb.dll
[2011/04/15 10:50:03 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiohlp.dll
[2011/04/15 10:50:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IPHLPAPI.DLL
[2011/04/15 10:50:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\audiodg.exe
[2011/04/15 10:50:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\regapi.dll
[2011/04/15 10:50:03 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hbaapi.dll
[2011/04/15 10:50:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mimefilt.dll
[2011/04/15 10:50:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2011/04/15 10:50:02 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/04/15 10:50:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercpl.dll
[2011/04/15 10:50:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msihnd.dll
[2011/04/15 10:50:02 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srchadmin.dll
[2011/04/15 10:50:02 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2011/04/15 10:50:02 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\framedyn.dll
[2011/04/15 10:50:02 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tcpipcfg.dll
[2011/04/15 10:50:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2011/04/15 10:50:02 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscorier.dll
[2011/04/15 10:50:02 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2011/04/15 10:50:01 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdc.dll
[2011/04/15 10:50:01 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayCpl.dll
[2011/04/15 10:50:01 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2011/04/15 10:50:01 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DXP.dll
[2011/04/15 10:50:01 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scesrv.dll
[2011/04/15 10:50:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2011/04/15 10:50:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QAGENT.DLL
[2011/04/15 10:50:01 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netid.dll
[2011/04/15 10:50:00 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanpref.dll
[2011/04/15 10:50:00 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/04/15 10:50:00 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMNetMgr.dll
[2011/04/15 10:50:00 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Vault.dll
[2011/04/15 10:50:00 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastls.dll
[2011/04/15 10:50:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\untfs.dll
[2011/04/15 10:50:00 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2011/04/15 10:50:00 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2011/04/15 10:50:00 | 000,098,816 | ---- | C] (Microsoft) -- C:\windows\System32\Robocopy.exe
[2011/04/15 10:50:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nci.dll
[2011/04/15 10:50:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/15 10:49:59 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DxpTaskSync.dll
[2011/04/15 10:49:59 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Display.dll
[2011/04/15 10:49:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2011/04/15 10:49:59 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\termmgr.dll
[2011/04/15 10:49:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\puiobj.dll
[2011/04/15 10:49:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mtxclu.dll
[2011/04/15 10:49:59 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sharemediacpl.dll
[2011/04/15 10:49:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssphtb.dll
[2011/04/15 10:49:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/04/15 10:49:58 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DiagCpl.dll
[2011/04/15 10:49:58 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdtctm.dll
[2011/04/15 10:49:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eudcedit.exe
[2011/04/15 10:49:58 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\scsiport.sys
[2011/04/15 10:49:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logoncli.dll
[2011/04/15 10:49:58 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shsetup.dll
[2011/04/15 10:49:57 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SensorsCpl.dll
[2011/04/15 10:49:57 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\themecpl.dll
[2011/04/15 10:49:57 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FirewallControlPanel.dll
[2011/04/15 10:49:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpccpl.dll
[2011/04/15 10:49:57 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\biocpl.dll
[2011/04/15 10:49:57 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiadefui.dll
[2011/04/15 10:49:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PhotoScreensaver.scr
[2011/04/15 10:49:57 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msconfig.exe
[2011/04/15 10:49:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FWPUCLNT.DLL
[2011/04/15 10:49:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppcomapi.dll
[2011/04/15 10:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasppp.dll
[2011/04/15 10:49:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscmmc.dll
[2011/04/15 10:49:56 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscms.dll
[2011/04/15 10:49:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\localsec.dll
[2011/04/15 10:49:56 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hgcpl.dll
[2011/04/15 10:49:56 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprddm.dll
[2011/04/15 10:49:56 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\scecli.dll
[2011/04/15 10:49:56 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011/04/15 10:49:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscories.dll
[2011/04/15 10:49:56 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasacct.dll
[2011/04/15 10:49:55 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PerfCenterCPL.dll
[2011/04/15 10:49:55 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\usercpl.dll
[2011/04/15 10:49:55 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2011/04/15 10:49:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVolSSO.dll
[2011/04/15 10:49:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdsrv.dll
[2011/04/15 10:49:54 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanui.dll
[2011/04/15 10:49:53 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\accessibilitycpl.dll
[2011/04/15 10:49:53 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcenter.dll
[2011/04/15 10:49:53 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mblctr.exe
[2011/04/15 10:49:53 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\batmeter.dll
[2011/04/15 10:49:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VAN.dll
[2011/04/15 10:49:53 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\main.cpl
[2011/04/15 10:49:53 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[2011/04/15 10:49:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2011/04/15 10:49:53 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizeng.dll
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SndVol.exe
[2011/04/15 10:49:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroleui.dll
[2011/04/15 10:49:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSAC3ENC.DLL
[2011/04/15 10:49:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wksprt.exe
[2011/04/15 10:49:53 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ks.sys
[2011/04/15 10:49:53 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\adsldp.dll
[2011/04/15 10:49:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netjoin.dll
[2011/04/15 10:49:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2011/04/15 10:49:53 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\w32tm.exe
[2011/04/15 10:49:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fdeploy.dll
[2011/04/15 10:49:52 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\networkmap.dll
[2011/04/15 10:49:52 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sud.dll
[2011/04/15 10:49:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenter.dll
[2011/04/15 10:49:52 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mspbda.dll
[2011/04/15 10:49:52 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prnfldr.dll
[2011/04/15 10:49:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysmon.ocx
[2011/04/15 10:49:52 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slui.exe
[2011/04/15 10:49:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Faultrep.dll
[2011/04/15 10:49:52 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wusa.exe
[2011/04/15 10:49:52 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MCEWMDRMNDBootstrap.dll
[2011/04/15 10:49:52 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MediaMetadataHandler.dll
[2011/04/15 10:49:52 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskbarcpl.dll
[2011/04/15 10:49:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OnLineIDCpl.dll
[2011/04/15 10:49:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrad.dll
[2011/04/15 10:49:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2011/04/15 10:49:51 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdcpl.dll
[2011/04/15 10:49:51 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2011/04/15 10:49:51 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bthprops.cpl
[2011/04/15 10:49:51 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabletPC.cpl
[2011/04/15 10:49:51 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpd_ci.dll
[2011/04/15 10:49:51 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionCenterCPL.dll
[2011/04/15 10:49:51 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DeviceCenter.dll
[2011/04/15 10:49:51 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shwebsvc.dll
[2011/04/15 10:49:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\intl.cpl
[2011/04/15 10:49:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011/04/15 10:49:51 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdedit.exe
[2011/04/15 10:49:51 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iprtrmgr.dll
[2011/04/15 10:49:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\defaultlocationcpl.dll
[2011/04/15 10:49:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsquirt.exe
[2011/04/15 10:49:51 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\efscore.dll
[2011/04/15 10:49:51 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ifsutil.dll
[2011/04/15 10:49:51 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\autoplay.dll
[2011/04/15 10:49:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/04/15 10:49:51 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\halacpi.dll
[2011/04/15 10:49:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recovery.dll
[2011/04/15 10:49:51 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2011/04/15 10:49:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppnp.dll
[2011/04/15 10:49:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/04/15 10:49:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2011/04/15 10:49:51 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntlanman.dll
[2011/04/15 10:49:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSTPager.ax
[2011/04/15 10:49:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2011/04/15 10:49:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidclass.sys
[2011/04/15 10:49:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ftp.exe
[2011/04/15 10:49:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2011/04/15 10:49:51 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sisbkup.dll
[2011/04/15 10:49:50 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OobeFldr.dll
[2011/04/15 10:49:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll
[2011/04/15 10:49:50 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\blackbox.dll
[2011/04/15 10:49:50 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshwfp.dll
[2011/04/15 10:49:50 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched20.dll
[2011/04/15 10:49:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\systemcpl.dll
[2011/04/15 10:49:50 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntprint.dll
[2011/04/15 10:49:50 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sethc.exe
[2011/04/15 10:49:50 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rstrui.exe
[2011/04/15 10:49:50 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\recdisc.exe
[2011/04/15 10:49:50 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\activeds.dll
[2011/04/15 10:49:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksproxy.ax
[2011/04/15 10:49:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpsrcwp.dll
[2011/04/15 10:49:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmartcardCredentialProvider.dll
[2011/04/15 10:49:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsutil.dll
[2011/04/15 10:49:50 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bcdboot.exe
[2011/04/15 10:49:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AuxiliaryDisplayServices.dll
[2011/04/15 10:49:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPHLPR.DLL
[2011/04/15 10:49:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\migisol.dll
[2011/04/15 10:49:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\fms.dll
[2011/04/15 10:49:50 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\httpapi.dll
[2011/04/15 10:49:49 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msftedit.dll
[2011/04/15 10:49:49 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dfrgui.exe
[2011/04/15 10:49:49 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wvc.dll
[2011/04/15 10:49:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanmsm.dll
[2011/04/15 10:49:49 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimgapi.dll
[2011/04/15 10:49:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nshipsec.dll
[2011/04/15 10:49:49 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2011/04/15 10:49:49 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdm.tsp
[2011/04/15 10:49:49 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsqmcons.exe
[2011/04/15 10:49:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgent.dll
[2011/04/15 10:49:49 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wavemsp.dll
[2011/04/15 10:49:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sysclass.dll
[2011/04/15 10:49:49 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetup.exe
[2011/04/15 10:49:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2011/04/15 10:49:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\isoburn.exe
[2011/04/15 10:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2011/04/15 10:49:49 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\windows\twain_32.dll
[2011/04/15 10:49:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzutil.exe
[2011/04/15 10:49:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wtsapi32.dll
[2011/04/15 10:49:48 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmsdk.dll
[2011/04/15 10:49:48 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ssText3d.scr
[2011/04/15 10:49:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srrstr.dll
[2011/04/15 10:49:48 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\clusapi.dll
[2011/04/15 10:49:48 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qasf.dll
[2011/04/15 10:49:48 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanconn.dll
[2011/04/15 10:49:48 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/04/15 10:49:48 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcap.dll
[2011/04/15 10:49:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvfw32.dll
[2011/04/15 10:49:48 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\uxlib.dll
[2011/04/15 10:49:48 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupugc.exe
[2011/04/15 10:49:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nslookup.exe
[2011/04/15 10:49:48 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2011/04/15 10:49:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/15 10:49:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/04/15 10:49:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\slwga.dll
[2011/04/15 10:49:47 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onexui.dll
[2011/04/15 10:49:47 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msscp.dll
[2011/04/15 10:49:47 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drmmgrtn.dll
[2011/04/15 10:49:47 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wimserv.exe
[2011/04/15 10:49:47 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nltest.exe
[2011/04/15 10:49:47 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\raschap.dll
[2011/04/15 10:49:47 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/04/15 10:49:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskraid.exe
[2011/04/15 10:49:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iTVData.dll
[2011/04/15 10:49:47 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DevicePairingFolder.dll
[2011/04/15 10:49:47 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\input.dll
[2011/04/15 10:49:47 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wpdwcn.dll
[2011/04/15 10:49:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpencom.dll
[2011/04/15 10:49:47 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ocsetapi.dll
[2011/04/15 10:49:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vdsbas.dll
[2011/04/15 10:49:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfmon.exe
[2011/04/15 10:49:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011/04/15 10:49:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/04/15 10:49:47 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QUTIL.DLL
[2011/04/15 10:49:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UserAccountControlSettings.dll
[2011/04/15 10:49:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\bfsvc.exe
[2011/04/15 10:49:47 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\runonce.exe
[2011/04/15 10:49:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\NAPCRYPT.DLL
[2011/04/15 10:49:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\acppage.dll
[2011/04/15 10:49:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vpnikeapi.dll
[2011/04/15 10:49:46 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Bubbles.scr
[2011/04/15 10:49:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmdev.dll
[2011/04/15 10:49:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2011/04/15 10:49:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqlcese30.dll
[2011/04/15 10:49:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2011/04/15 10:49:46 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdiagn.dll
[2011/04/15 10:49:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsadmin.exe
[2011/04/15 10:49:46 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFPlay.dll
[2011/04/15 10:49:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rmcast.sys
[2011/04/15 10:49:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shacct.dll
[2011/04/15 10:49:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logagent.exe
[2011/04/15 10:49:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2011/04/15 10:49:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/04/15 10:49:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PnPUnattend.exe
[2011/04/15 10:49:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unimdmat.dll
[2011/04/15 10:49:46 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpd3d.dll
[2011/04/15 10:49:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsium.dll
[2011/04/15 10:49:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsmproxy.dll
[2011/04/15 10:49:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sspisrv.dll
[2011/04/15 10:49:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OpcServices.dll
[2011/04/15 10:49:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMADMOD.DLL
[2011/04/15 10:49:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVSDECD.DLL
[2011/04/15 10:49:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceStatus.dll
[2011/04/15 10:49:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WPDSp.dll
[2011/04/15 10:49:45 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2011/04/15 10:49:45 | 000,257,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsAnytimeUpgrade.exe
[2011/04/15 10:49:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdh.dll
[2011/04/15 10:49:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mystify.scr
[2011/04/15 10:49:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Ribbons.scr
[2011/04/15 10:49:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sqmapi.dll
[2011/04/15 10:49:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PortableDeviceSyncProvider.dll
[2011/04/15 10:49:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ActionQueue.dll
[2011/04/15 10:49:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011/04/15 10:49:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2011/04/15 10:49:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mprapi.dll
[2011/04/15 10:49:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VBICodec.ax
[2011/04/15 10:49:45 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\powercfg.cpl
[2011/04/15 10:49:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MdSched.exe
[2011/04/15 10:49:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2011/04/15 10:49:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiavideo.dll
[2011/04/15 10:49:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Kswdmcap.ax
[2011/04/15 10:49:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QSVRMGMT.DLL
[2011/04/15 10:49:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fphc.dll
[2011/04/15 10:49:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll
[2011/04/15 10:49:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2011/04/15 10:49:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\logman.exe
[2011/04/15 10:49:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\olethk32.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapistub.dll
[2011/04/15 10:49:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mapi32.dll
[2011/04/15 10:49:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tabcal.exe
[2011/04/15 10:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mpeg2Data.ax
[2011/04/15 10:49:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lpremove.exe
[2011/04/15 10:49:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncryptui.dll
[2011/04/15 10:49:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\djoin.exe
[2011/04/15 10:49:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\takeown.exe
[2011/04/15 10:49:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2011/04/15 10:49:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2011/04/15 10:49:45 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\utildll.dll
[2011/04/15 10:49:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/04/15 10:49:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2011/04/15 10:49:44 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmdrmnet.dll
[2011/04/15 10:49:44 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdv.dll
[2011/04/15 10:49:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msnetobj.dll
[2011/04/15 10:49:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unattend.dll
[2011/04/15 10:49:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RelPost.exe
[2011/04/15 10:49:44 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\EhStorAPI.dll
[2011/04/15 10:49:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppinst.dll
[2011/04/15 10:49:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cmstp.exe
[2011/04/15 10:49:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisrndr.ax
[2011/04/15 10:49:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\QCLIPROV.DLL
[2011/04/15 10:49:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MuiUnattend.exe
[2011/04/15 10:49:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cca.dll
[2011/04/15 10:49:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll
[2011/04/15 10:49:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pdhui.dll
[2011/04/15 10:49:43 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMSPDMOD.DLL
[2011/04/15 10:49:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msorcl32.dll
[2011/04/15 10:49:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\itircl.dll
[2011/04/15 10:49:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iscsicli.exe
[2011/04/15 10:49:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\diskpart.exe
[2011/04/15 10:49:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\desk.cpl
[2011/04/15 10:49:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iasrecst.dll
[2011/04/15 10:49:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupcln.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2011/04/15 10:49:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2011/04/15 10:49:43 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\resutils.dll
[2011/04/15 10:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\amstream.dll
[2011/04/15 10:49:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rastapi.dll
[2011/04/15 10:49:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spbcd.dll
[2011/04/15 10:49:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MultiDigiMon.exe
[2011/04/15 10:49:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsnmp32.dll
[2011/04/15 10:49:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\umb.dll
[2011/04/15 10:49:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setbcdlocale.dll
[2011/04/15 10:49:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wkscli.dll
[2011/04/15 10:49:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WavDest.dll
[2011/04/15 10:49:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\basesrv.dll
[2011/04/15 10:49:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\relog.exe
[2011/04/15 10:49:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PrintIsolationProxy.dll
[2011/04/15 10:49:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\AzSqlExt.dll
[2011/04/15 10:49:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netiougc.exe
[2011/04/15 10:49:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netbtugc.exe
[2011/04/15 10:49:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\syssetup.dll
[2011/04/15 10:49:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nrpsrv.dll
[2011/04/15 10:49:42 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IMJP10.IME
[2011/04/15 10:49:42 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSTIFF.dll
[2011/04/15 10:49:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2011/04/15 10:49:42 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2011/04/15 10:49:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpps.dll
[2011/04/15 10:49:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2011/04/15 10:49:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tlscsp.dll
[2011/04/15 10:49:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CertPolEng.dll
[2011/04/15 10:49:42 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\findstr.exe
[2011/04/15 10:49:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax
[2011/04/15 10:49:42 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciqtz32.dll
[2011/04/15 10:49:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2011/04/15 10:49:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wiarpc.dll
[2011/04/15 10:49:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WerFaultSecure.exe
[2011/04/15 10:49:42 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ReAgentc.exe
[2011/04/15 10:49:41 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sppc.dll
[2011/04/15 10:49:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2011/04/15 10:49:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cabinet.dll
[2011/04/15 10:49:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\manage-bde.exe
[2011/04/15 10:49:41 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSDvbNP.ax
[2011/04/15 10:49:41 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\repair-bde.exe
[2011/04/15 10:49:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetmib1.dll
[2011/04/15 10:49:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\g711codc.ax
[2011/04/15 10:49:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\luainstall.dll
[2011/04/15 10:49:41 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcconf.dll
[2011/04/15 10:49:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2011/04/15 10:49:41 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\unlodctr.exe
[2011/04/15 10:49:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbisurf.ax
[2011/04/15 10:49:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdiasqmmodule.dll
[2011/04/15 10:49:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/15 10:49:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdmo.dll
[2011/04/15 10:49:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbrpm.sys
[2011/04/15 10:49:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcfg.exe
[2011/04/15 10:49:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\HotStartUserAgent.dll
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\tdi.sys
[2011/04/15 10:49:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdprefdrvapi.dll
[2011/04/15 10:49:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spopk.dll
[2011/04/15 10:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\muifontsetup.dll
[2011/04/15 10:49:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll
[2011/04/15 10:49:40 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPENCDD.dll
[2011/04/15 10:49:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2011/04/15 10:49:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSMON.dll
[2011/04/15 10:49:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\profprov.dll
[2011/04/15 10:49:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2011/04/15 10:49:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elsTrans.dll
[2011/04/15 10:49:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TRAPI.dll
[2011/04/15 10:49:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsperf.dll
[2011/04/15 10:49:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perfts.dll
[2011/04/15 10:49:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\icaapi.dll
[2011/04/15 10:49:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/15 10:49:39 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imkr80.ime
[2011/04/15 10:49:39 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napdsnap.dll
[2011/04/15 10:49:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2011/04/15 10:49:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dsauth.dll
[2011/04/15 10:49:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsdchngr.dll
[2011/04/15 10:49:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shgina.dll
[2011/04/15 10:49:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schedcli.dll
[2011/04/15 10:49:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sscore.dll
[2011/04/15 10:49:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\riched32.dll
[2011/04/15 10:49:38 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/15 10:49:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wshirda.dll
[2011/04/15 10:49:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcfgex.dll
[2011/04/15 10:49:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RDPREFDD.dll
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD2.sys
[2011/04/15 10:49:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBCAMD.sys
[2011/04/15 10:49:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\C_ISCII.DLL
[2011/04/15 10:49:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwmp.dll
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdxm.ocx
[2011/04/15 10:49:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxmasf.dll
[2011/04/15 10:49:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\shunimpl.dll
[2011/04/15 10:49:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2011/04/15 10:49:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdlk41a.dll
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUQ.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSF.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDNEPR.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINBEN.DLL
[2011/04/15 10:49:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUS.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDUGHR1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTURME.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTAJIK.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMON.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDMAORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDLT1.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTEL.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINTAM.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINORI.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINMAR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINKAN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDINHIN.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBULG.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBLR.DLL
[2011/04/15 10:49:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDBASH.DLL
[2011/04/15 10:49:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGEO.DLL
[2011/04/15 10:49:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\nlsbres.dll
[2011/04/15 10:49:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\BlbEvents.dll
[2011/04/15 10:49:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pifmgr.dll
[2011/04/15 10:49:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spwizres.dll
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDSG.DLL
[2011/04/15 10:49:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDCZ1.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDTUF.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDPO.DLL
[2011/04/15 10:49:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\KBDGKL.DLL
[2011/04/15 10:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnaddr.dll
[2011/04/15 10:49:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2011/04/15 10:49:14 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wbemcomn.dll
[2011/04/15 10:49:14 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2011/04/15 10:49:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SmiEngine.dll
[2011/04/15 10:49:01 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\PkgMgr.exe
[2011/04/15 10:49:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdscore.dll
[2011/04/15 10:48:36 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drvstore.dll
[2011/04/15 10:48:36 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpx.dll
[2011/04/15 06:55:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/15 06:55:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/15 06:55:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/15 06:47:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/15 06:47:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/15 06:47:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/15 06:47:21 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/15 06:47:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/15 06:35:47 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/15 06:34:22 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WFS.exe
[2011/04/15 06:34:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/15 06:34:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/15 06:33:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/15 06:33:27 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/03/31 11:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/20 22:43:01 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001Core.job
[2011/04/20 22:43:00 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1393878847-3825134562-3829623230-1001UA.job
[2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 22:28:15 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/20 22:20:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/20 22:20:38 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/19 23:22:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/04/19 22:19:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/04/19 22:19:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/04/19 22:19:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/04/18 21:03:30 | 000,764,762 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 21:03:30 | 000,708,078 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 21:03:30 | 000,176,878 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 21:03:30 | 000,143,082 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 20:57:13 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2011/04/15 23:33:29 | 000,000,218 | -H-- | M] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 12:39:01 | 000,411,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/15 12:32:01 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msclmd.dll
 
========== Files Created - No Company Name ==========
 
[2011/04/15 23:33:29 | 000,000,218 | -H-- | C] () -- C:\Users\Fireball\.recently-used.xbel
[2011/04/15 10:50:27 | 000,146,852 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2011/04/15 10:49:40 | 000,010,429 | ---- | C] () -- C:\windows\System32\ScavengeSpace.xml
[2011/04/15 10:49:33 | 000,105,559 | ---- | C] () -- C:\windows\System32\RacRules.xml
[2010/12/06 15:58:56 | 002,496,715 | ---- | C] () -- C:\windows\System32\abgx360.exe
[2010/11/04 09:06:13 | 000,000,096 | -H-- | C] () -- C:\Users\Fireball\AppData\Local\fusioncache.dat
[2010/05/04 11:55:06 | 000,000,182 | ---- | C] () -- C:\windows\wininit.ini
[2010/04/04 01:45:41 | 000,138,056 | -H-- | C] () -- C:\Users\Fireball\AppData\Roaming\PnkBstrK.sys
[2009/11/25 02:25:57 | 000,000,604 | ---- | C] () -- C:\windows\Sfc3ng.INI
[2009/11/13 17:09:38 | 000,000,046 | ---- | C] () -- C:\windows\hmview.ini
[2009/11/08 17:20:13 | 000,004,767 | ---- | C] () -- C:\windows\Irremote.ini
[2009/11/01 23:00:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/29 21:40:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/29 14:55:21 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/10/29 14:55:18 | 000,795,648 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/29 14:55:18 | 000,130,048 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/10/29 14:55:16 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/10/29 13:22:36 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/08 04:30:57 | 000,764,762 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/10/08 04:30:57 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/10/08 04:30:57 | 000,176,878 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/10/08 04:30:57 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/10/08 04:10:19 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/10/08 04:10:19 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/10/08 04:10:18 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/10/08 03:48:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/10/07 12:15:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/10/07 11:59:41 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,411,504 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,708,078 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,143,082 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/04/20 22:53:41 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\.purple
[2011/04/16 08:38:28 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\abgx360
[2011/01/16 23:42:27 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\AlcaTech
[2009/10/29 17:14:48 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DAEMON Tools Lite
[2011/04/04 23:50:31 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\GameTuts
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\gtk-2.0
[2011/04/20 08:30:57 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ICQ
[2009/10/29 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ImgBurn
[2011/04/18 23:22:10 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\IrfanView
[2010/08/08 10:49:21 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Miranda
[2010/07/03 18:05:23 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Need for Speed World
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\ProtectDISC
[2011/04/18 23:22:08 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\streamripper
[2010/07/18 11:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\Trillian
[2011/04/18 23:22:07 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\TS3Client
[2011/04/18 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2010/10/27 17:18:04 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\W
[2010/10/27 20:58:53 | 000,000,000 | -H-D | M] -- C:\Users\Fireball\AppData\Roaming\wargaming.net
[2011/02/28 09:23:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 4/20/2011 10:53:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.65 Gb Total Space | 68.09 Gb Free Space | 65.69% Space Free | Partition Type: NTFS
Drive D: | 347.01 Gb Total Space | 135.13 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
 
Computer Name: FIREBALL-PC | User Name: Fireball | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"abgx360" = abgx360 v1.0.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nero Lite 9.4.13.2" = Nero Lite 9.4.13.2 Build.1.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2231
 
Error - 4/20/2011 9:39:36 AM | Computer Name = Fireball-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2231
 
Error - 4/20/2011 9:59:12 AM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x1414  Startzeit der fehlerhaften Anwendung: 0x01cbff609836e47b  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 5e7471cc-6b56-11e0-baa1-00245412e07c
 
Error - 4/20/2011 2:28:07 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 2:28:31 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/20/2011 2:30:25 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 2:30:26 PM | Computer Name = Fireball-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/20/2011 4:40:10 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01cbff9adf75145f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 623cd1d2-6b8e-11e0-9b09-00245412e07c
 
Error - 4/20/2011 4:53:40 PM | Computer Name = Fireball-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.1.3133,
Zeitstempel: 0x4d88ec8b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2ef57  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0002fc96  ID des fehlerhaften
 Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cbff9b23e1a53a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
Berichtskennung:
 44d4916b-6b90-11e0-9b09-00245412e07c
 
[ Media Center Events ]
Error - 12/16/2009 6:03:50 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:50 - Fehler beim Herstellen der Internetverbindung.  11:03:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 12/16/2009 6:04:05 AM | Computer Name = Fireball-PC | Source = MCUpdate | ID = 0
Description = 11:03:56 - Fehler beim Herstellen der Internetverbindung.  11:03:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 4/19/2011 4:22:16 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 4/19/2011 5:22:28 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Rezip" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 4/19/2011 5:23:27 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 4/19/2011 5:24:15 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/20/2011 2:13:11 AM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 4/20/2011 2:14:39 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 4/20/2011 5:04:40 AM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SASDIFSV" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%183
 
Error - 4/20/2011 4:20:48 PM | Computer Name = Fireball-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 4/20/2011 4:21:11 PM | Computer Name = Fireball-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
--- --- ---

kira 20.04.2011 23:03
OTL mit neue Skript ausführen, genauso wie hier beschrieben (unter Punkt 2.):-> http://www.trojaner-board.de/97667-t...tml#post642948
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2011/04/18 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Fireball\AppData\Roaming\Uxbe
[2009/10/29 13:07:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

:Commands
[emptytemp]
► berichte erneut über den Zustand des Computers


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:43 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131