Home » Spyware & Browser Hijacker Support Forum » Kann nach einer bestimmten Zeit keine Internetseiten mehr öffnen » Themenansicht

Kann nach einer bestimmten Zeit keine Internetseiten mehr öffnen
#0
27.07.2009, 20:05
Baconman
Member

Themenstarter

Beiträge: 17
#16 log.txt von RSIT:

Zitat

Logfile of random's system information tool 1.06 (written by random/random)
Run by Baconman at 2009-07-27 19:50:22
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 112 GB (47%) free of 238 GB
Total RAM: 3326 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:42, on 27.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\program files\srware iron\iron.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Autodesk\Maya2009\bin\maya.exe
C:\Users\Baconman\Pictures\Screenshot.exe
C:\program files\srware iron\iron.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Program Files\SRWare Iron\iron.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Baconman\Desktop\RSIT.exe
C:\Users\Baconman\Documents\Downloads\Baconman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6442 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-13 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2009-05-20 429800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"AODAssist.exe"=C:\Program Files\AMD\AMD OverDrive\AODAssist.exe [2007-09-25 42496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-08 148888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-13 1948440]
"Jdownloader"= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"AdobeBridge"= []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4e07c1-4ba1-11de-9151-806d6172696f}]
shell\AutoRun\command - D:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a533ad7-5007-11de-93ab-907f5522b216}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-07-27 19:50:22 ----D---- C:\rsit
2009-07-27 14:08:25 ----A---- C:\Windows\system32\vsregexp.dll
2009-07-27 14:08:20 ----A---- C:\Windows\system32\zlcommdb.dll
2009-07-27 14:08:20 ----A---- C:\Windows\system32\zlcomm.dll
2009-07-27 14:08:16 ----A---- C:\Windows\system32\vswmi.dll
2009-07-27 14:08:10 ----A---- C:\Windows\system32\zpeng25.dll
2009-07-27 14:08:09 ----D---- C:\Program Files\Zone Labs
2009-07-27 14:08:09 ----A---- C:\Windows\system32\vsxml.dll
2009-07-27 14:08:08 ----A---- C:\Windows\system32\vspubapi.dll
2009-07-27 14:08:08 ----A---- C:\Windows\system32\vsmonapi.dll
2009-07-27 14:08:08 ----A---- C:\Windows\system32\vsdata.dll
2009-07-27 14:07:30 ----D---- C:\Windows\system32\ZoneLabs
2009-07-27 14:06:38 ----A---- C:\Windows\system32\vsutil.dll
2009-07-27 14:06:38 ----A---- C:\Windows\system32\vsinit.dll
2009-07-27 13:50:21 ----SD---- C:\ComboFix
2009-07-27 13:50:21 ----A---- C:\Windows\system32\CF31089.exe
2009-07-27 13:44:15 ----A---- C:\Windows\system32\CF29965.exe
2009-07-27 12:55:31 ----A---- C:\Windows\system32\CF20417.exe
2009-07-27 12:50:51 ----A---- C:\Windows\system32\CF19222.exe
2009-07-27 12:44:00 ----A---- C:\Windows\zip.exe
2009-07-27 12:44:00 ----A---- C:\Windows\SWXCACLS.exe
2009-07-27 12:44:00 ----A---- C:\Windows\SWSC.exe
2009-07-27 12:44:00 ----A---- C:\Windows\SWREG.exe
2009-07-27 12:44:00 ----A---- C:\Windows\sed.exe
2009-07-27 12:44:00 ----A---- C:\Windows\PEV.exe
2009-07-27 12:44:00 ----A---- C:\Windows\NIRCMD.exe
2009-07-27 12:44:00 ----A---- C:\Windows\grep.exe
2009-07-27 12:43:57 ----D---- C:\Windows\ERDNT
2009-07-27 12:43:56 ----A---- C:\Windows\system32\CF17902.exe
2009-07-27 12:43:43 ----A---- C:\Windows\system32\swsc.exe
2009-07-27 12:42:39 ----D---- C:\Qoobox
2009-07-27 12:37:14 ----D---- C:\Program Files\CleanUp!
2009-07-26 16:38:56 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-07-23 23:10:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-22 16:06:23 ----D---- C:\Program Files\Hamachi
2009-07-22 01:50:09 ----AD---- C:\ProgramData\TEMP
2009-07-22 01:50:04 ----D---- C:\ProgramData\MotionDSP
2009-07-19 21:48:48 ----D---- C:\Program Files\Xilisoft
2009-07-19 20:01:32 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-07-17 22:55:47 ----RHD---- C:\Users\Baconman\AppData\Roaming\SecuROM
2009-07-17 21:55:57 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-07-17 21:55:57 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-07-17 21:55:56 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-07-17 21:55:56 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-07-17 21:55:56 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-07-17 21:55:55 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-07-17 21:55:03 ----A---- C:\Windows\system32\wrap_oal.dll
2009-07-17 21:55:02 ----A---- C:\Windows\system32\OpenAL32.dll
2009-07-17 21:32:30 ----D---- C:\Program Files\Ascaron Entertainment
2009-07-17 21:30:58 ----D---- C:\Windows\system32\AGEIA
2009-07-17 21:30:58 ----D---- C:\Program Files\AGEIA Technologies
2009-07-17 21:30:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-15 21:04:04 ----D---- C:\Windows\system32\eu-ES
2009-07-15 21:04:04 ----D---- C:\Windows\system32\ca-ES
2009-07-15 21:04:01 ----D---- C:\Windows\system32\vi-VN
2009-07-15 21:00:23 ----D---- C:\Windows\system32\SPReview
2009-07-15 20:46:58 ----A---- C:\Windows\system32\scavenge.dll
2009-07-15 20:46:44 ----A---- C:\Windows\system32\compcln.exe
2009-07-15 20:45:18 ----A---- C:\Windows\system32\secur32.dll
2009-07-15 20:45:18 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-15 20:45:18 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-15 20:45:18 ----A---- C:\Windows\system32\secproc.dll
2009-07-15 20:45:17 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-15 20:45:17 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-15 20:45:17 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-15 20:45:17 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-15 20:45:17 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-15 20:45:17 ----A---- C:\Windows\system32\sdclt.exe
2009-07-15 20:45:16 ----A---- C:\Windows\system32\samlib.dll
2009-07-15 20:45:16 ----A---- C:\Windows\system32\rwinsta.exe
2009-07-15 20:45:16 ----A---- C:\Windows\system32\rtutils.dll
2009-07-15 20:45:16 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-15 20:45:16 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-15 20:45:16 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-15 20:45:16 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-15 20:45:16 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-15 20:45:16 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scrrun.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scrptadm.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scrobj.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scksp.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scecli.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\scansetting.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\samsrv.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\rpcss.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-15 20:45:15 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-15 20:45:15 ----A---- C:\Windows\system32\riched20.dll
2009-07-15 20:45:14 ----A---- C:\Windows\system32\schannel.dll
2009-07-15 20:45:14 ----A---- C:\Windows\system32\scesrv.dll
2009-07-15 20:45:12 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-15 20:45:12 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-15 20:45:12 ----A---- C:\Windows\system32\pdh.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\powercpl.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-15 20:45:11 ----A---- C:\Windows\system32\pnpui.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\pnidui.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\photowiz.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\pcaui.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-15 20:45:11 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-15 20:45:10 ----A---- C:\Windows\system32\pmcsnap.dll
2009-07-15 20:45:10 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-15 20:45:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-15 20:45:10 ----A---- C:\Windows\system32\ntdll.dll
2009-07-15 20:45:10 ----A---- C:\Windows\system32\nslookup.exe
2009-07-15 20:45:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\osk.exe
2009-07-15 20:45:09 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\onex.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\olepro32.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\oleprn.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\ole32.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\offfilt.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\odbc32.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-15 20:45:09 ----A---- C:\Windows\system32\occache.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\ntprint.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-15 20:45:09 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-15 20:45:09 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\RelMon.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-15 20:45:08 ----A---- C:\Windows\system32\regsvc.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rastls.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rastapi.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasppp.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasplap.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasmans.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasdial.exe
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\raschap.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\query.exe
2009-07-15 20:45:08 ----A---- C:\Windows\system32\Query.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\quartz.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\qprocess.exe
2009-07-15 20:45:08 ----A---- C:\Windows\system32\qmgr.dll
2009-07-15 20:45:08 ----A---- C:\Windows\system32\qedit.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\reset.exe
2009-07-15 20:45:07 ----A---- C:\Windows\system32\regapi.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\reg.exe
2009-07-15 20:45:07 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\rdpendp.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\rdpclip.exe
2009-07-15 20:45:07 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-15 20:45:07 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-15 20:45:07 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-15 20:45:04 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-15 20:45:04 ----A---- C:\Windows\system32\printui.dll
2009-07-15 20:45:04 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-15 20:45:04 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-15 20:45:04 ----A---- C:\Windows\system32\PrintBrmUi.exe
2009-07-15 20:45:04 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-15 20:45:03 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-15 20:45:03 ----A---- C:\Windows\system32\powrprof.dll
2009-07-15 20:45:02 ----A---- C:\Windows\system32\qdvd.dll
2009-07-15 20:45:02 ----A---- C:\Windows\system32\qappsrv.exe
2009-07-15 20:45:02 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-15 20:45:02 ----A---- C:\Windows\system32\puiapi.dll
2009-07-15 20:45:01 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-15 20:45:01 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-15 20:45:01 ----A---- C:\Windows\system32\propsys.dll
2009-07-15 20:45:01 ----A---- C:\Windows\system32\propdefs.dll
2009-07-15 20:45:01 ----A---- C:\Windows\system32\profsvc.dll
2009-07-15 20:44:53 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-15 20:44:53 ----A---- C:\Windows\system32\shell32.dll
2009-07-15 20:44:53 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-15 20:44:53 ----A---- C:\Windows\system32\shadow.exe
2009-07-15 20:44:53 ----A---- C:\Windows\system32\sethc.exe
2009-07-15 20:44:53 ----A---- C:\Windows\system32\services.exe
2009-07-15 20:44:53 ----A---- C:\Windows\system32\sendmail.dll
2009-07-15 20:44:52 ----A---- C:\Windows\system32\setupapi.dll
2009-07-15 20:44:46 ----A---- C:\Windows\system32\eapphost.dll
2009-07-15 20:44:46 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\evr.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-15 20:44:44 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\dwm.exe
2009-07-15 20:44:44 ----A---- C:\Windows\system32\dsprop.dll
2009-07-15 20:44:44 ----A---- C:\Windows\system32\dsound.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\extmgr.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\esent.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\es.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\EncDec.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-15 20:44:43 ----A---- C:\Windows\system32\diagperf.dll
2009-07-15 20:44:43 ----A---- C:\Windows\explorer.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\drvstore.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\drvinst.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\diskraid.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\diskpart.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dfsr.exe
2009-07-15 20:44:42 ----A---- C:\Windows\system32\dfshim.dll
2009-07-15 20:44:42 ----A---- C:\Windows\system32\devmgr.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\gpscript.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\gpresult.exe
2009-07-15 20:44:41 ----A---- C:\Windows\system32\gpprnext.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\dmusic.dll
2009-07-15 20:44:41 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\iasnap.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-15 20:44:40 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\iasads.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\iasacct.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-15 20:44:40 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-15 20:44:40 ----A---- C:\Windows\system32\gpscript.exe
2009-07-15 20:44:39 ----A---- C:\Windows\system32\hidserv.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-15 20:44:39 ----A---- C:\Windows\system32\gpapi.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\gdi32.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fontext.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\findstr.exe
2009-07-15 20:44:39 ----A---- C:\Windows\system32\feclient.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fdBth.dll
2009-07-15 20:44:39 ----A---- C:\Windows\system32\fc.exe
2009-07-15 20:44:39 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-15 20:44:38 ----A---- C:\Windows\system32\gpedit.dll
2009-07-15 20:44:38 ----A---- C:\Windows\system32\fundisc.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\gameux.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-15 20:44:37 ----A---- C:\Windows\system32\fveui.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\fvecpl.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\fveapi.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\ftp.exe
2009-07-15 20:44:37 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\autofmt.exe
2009-07-15 20:44:37 ----A---- C:\Windows\system32\autoconv.exe
2009-07-15 20:44:37 ----A---- C:\Windows\system32\autochk.exe
2009-07-15 20:44:37 ----A---- C:\Windows\system32\authz.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\authui.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-15 20:44:37 ----A---- C:\Windows\system32\audiodg.exe
2009-07-15 20:44:36 ----A---- C:\Windows\system32\bthci.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\browseui.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\brcplsiw.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\brcpl.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\blackbox.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\basecsp.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\azroles.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-15 20:44:36 ----A---- C:\Windows\system32\autoplay.dll
2009-07-15 20:44:35 ----A---- C:\Windows\system32\BFE.DLL
2009-07-15 20:44:35 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-15 20:44:35 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-15 20:44:35 ----A---- C:\Windows\system32\aaclient.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\appmgmts.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\apphelp.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\apds.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-15 20:44:34 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\crypt32.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\credui.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\connect.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\conime.exe
2009-07-15 20:44:33 ----A---- C:\Windows\system32\comuid.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\advapi32.dll
2009-07-15 20:44:33 ----A---- C:\Windows\system32\adtschema.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-15 20:44:32 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-15 20:44:32 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\davclnt.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\dataclen.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\d3d9.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\csrstub.exe
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscui.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscsvc.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscript.exe
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscobj.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\CscMig.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscdll.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cscapi.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cryptui.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-15 20:44:32 ----A---- C:\Windows\system32\certmgr.dll
2009-07-15 20:44:32 ----A---- C:\Windows\system32\cdd.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\cipher.exe
2009-07-15 20:44:31 ----A---- C:\Windows\system32\ci.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\certreq.exe
2009-07-15 20:44:31 ----A---- C:\Windows\system32\certprop.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\certcli.dll
2009-07-15 20:44:31 ----A---- C:\Windows\system32\cbsra.exe
2009-07-15 20:44:31 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-15 20:44:31 ----A---- C:\Windows\system32\bthserv.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msihnd.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msiexec.exe
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msi.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msftedit.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msexch40.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\msdrm.dll
2009-07-15 20:44:30 ----A---- C:\Windows\system32\chgusr.exe
2009-07-15 20:44:30 ----A---- C:\Windows\system32\chgport.exe
2009-07-15 20:44:30 ----A---- C:\Windows\system32\chglogon.exe
2009-07-15 20:44:30 ----A---- C:\Windows\system32\change.exe
2009-07-15 20:44:30 ----A---- C:\Windows\system32\certutil.exe
2009-07-15 20:44:29 ----A---- C:\Windows\system32\msimsg.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\msctfui.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\msctfp.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\msctf.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\mprapi.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\mpr.dll
2009-07-15 20:44:29 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\netlogon.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\netcenter.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\netapi32.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mscories.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mscorier.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mscoree.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mscms.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\mscandui.dll
2009-07-15 20:44:28 ----A---- C:\Windows\system32\modemui.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\newdev.exe
2009-07-15 20:44:27 ----A---- C:\Windows\system32\newdev.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\netshell.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\msxml6.dll
2009-07-15 20:44:27 ----A---- C:\Windows\system32\msxml3.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\networkmap.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mswsock.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msutb.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mstscax.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mssrch.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mssph.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msshsq.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msshooks.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msscp.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msscb.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msrating.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msltus40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msjter40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msjint40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msjet40.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msisip.dll
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-15 20:44:26 ----A---- C:\Windows\system32\msimtf.dll
2009-07-15 20:44:25 ----A---- C:\Windows\system32\mstsc.exe
2009-07-15 20:44:25 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-15 20:44:25 ----A---- C:\Windows\system32\mssvp.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\mstime.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\mstext40.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\msstrc.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\InkEd.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\inetppui.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\inetpp.dll
2009-07-15 20:44:22 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-15 20:44:20 ----A---- C:\Windows\system32\jscript.dll
2009-07-15 20:44:20 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-15 20:44:20 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-15 20:44:20 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-15 20:44:20 ----A---- C:\Windows\system32\imm32.dll
2009-07-15 20:44:19 ----A---- C:\Windows\system32\input.dll
2009-07-15 20:44:18 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-15 20:44:18 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-15 20:44:18 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-15 20:44:18 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-15 20:44:18 ----A---- C:\Windows\system32\iertutil.dll
2009-07-15 20:44:18 ----A---- C:\Windows\system32\ieframe.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\ifmon.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iepeers.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\icardres.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\icardagt.exe
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iassdo.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iassam.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iasrad.dll
2009-07-15 20:44:17 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-15 20:44:16 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-15 20:44:16 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-15 20:44:16 ----A---- C:\Windows\system32\imapi2.dll
2009-07-15 20:44:16 ----A---- C:\Windows\system32\imapi.dll
2009-07-15 20:44:16 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-15 20:44:13 ----A---- C:\Windows\system32\mfplat.dll
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mfps.dll
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mferror.dll
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mfc42.dll
2009-07-15 20:44:12 ----A---- C:\Windows\system32\mf.dll
2009-07-15 20:44:10 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-15 20:44:10 ----A---- C:\Windows\system32\milcore.dll
2009-07-15 20:44:09 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-15 20:44:09 ----A---- C:\Windows\system32\mmcico.dll
2009-07-15 20:44:09 ----A---- C:\Windows\system32\mmci.dll
2009-07-15 20:44:09 ----A---- C:\Windows\system32\mmc.exe
2009-07-15 20:44:09 ----A---- C:\Windows\system32\midimap.dll
2009-07-15 20:44:08 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\kernel32.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\kerberos.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\kdusb.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\kdcom.dll
2009-07-15 20:44:07 ----A---- C:\Windows\system32\kd1394.dll
2009-07-15 20:44:06 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-15 20:44:06 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-15 20:44:06 ----A---- C:\Windows\system32\mcmde.dll
2009-07-15 20:44:06 ----A---- C:\Windows\system32\mblctr.exe
2009-07-15 20:44:06 ----A---- C:\Windows\system32\logman.exe
2009-07-15 20:44:06 ----A---- C:\Windows\system32\logagent.exe
2009-07-15 20:44:05 ----A---- C:\Windows\system32\wercon.exe
2009-07-15 20:44:05 ----A---- C:\Windows\system32\wer.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\webcheck.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\wdscore.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\shsetup.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\Magnify.exe
2009-07-15 20:44:05 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-15 20:44:05 ----A---- C:\Windows\system32\logoff.exe
2009-07-15 20:44:04 ----A---- C:\Windows\system32\winhttp.dll
2009-07-15 20:44:04 ----A---- C:\Windows\system32\WindowsUltimateExtrasCPL.dll
2009-07-15 20:44:04 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-15 20:44:04 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-15 20:44:04 ----A---- C:\Windows\system32\wdc.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\win32spl.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\whealogr.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\WFS.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\wersvc.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\WerFault.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\version.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\vds.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\vbscript.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\uxsms.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\Utilman.exe
2009-07-15 20:44:03 ----A---- C:\Windows\system32\usp10.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\userenv.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\usercpl.dll
2009-07-15 20:44:03 ----A---- C:\Windows\system32\user32.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wscript.exe
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wscapi.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wow32.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\wbengine.exe
2009-07-15 20:44:02 ----A---- C:\Windows\system32\w32time.dll
2009-07-15 20:44:02 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-15 20:44:02 ----A---- C:\Windows\system32\vssapi.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wusa.exe
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wshext.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wshbth.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wsepno.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wpcao.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wlanui.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-15 20:44:01 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\wisptis.exe
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winsrv.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winrnr.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winresume.exe
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winmm.dll
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winlogon.exe
2009-07-15 20:44:00 ----A---- C:\Windows\system32\winload.exe
2009-07-15 20:43:59 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-15 20:43:59 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-15 20:43:57 ----A---- C:\Windows\system32\wmp.dll
2009-07-15 20:43:57 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-15 20:43:54 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-15 20:43:54 ----A---- C:\Windows\system32\Storprop.dll
2009-07-15 20:43:53 ----A---- C:\Windows\system32\stobject.dll
2009-07-15 20:43:50 ----A---- C:\Windows\system32\sud.dll
2009-07-15 20:43:48 ----A---- C:\Windows\system32\srcore.dll
2009-07-15 20:43:48 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-15 20:43:47 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-15 20:43:22 ----A---- C:\Windows\system32\sysmain.dll
2009-07-15 20:43:21 ----A---- C:\Windows\system32\sysclass.dll
2009-07-15 20:43:21 ----A---- C:\Windows\system32\swprv.dll
2009-07-15 20:43:19 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-15 20:43:07 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-15 20:43:07 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-15 20:43:07 ----A---- C:\Windows\system32\slwmi.dll
2009-07-15 20:43:06 ----A---- C:\Windows\system32\smss.exe
2009-07-15 20:42:59 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-15 20:42:56 ----A---- C:\Windows\system32\slcc.dll
2009-07-15 20:42:54 ----A---- C:\Windows\system32\SLC.dll
2009-07-15 20:42:53 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-15 20:42:53 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-15 20:42:51 ----A---- C:\Windows\system32\slwga.dll
2009-07-15 20:42:51 ----A---- C:\Windows\system32\SLUI.exe
2009-07-15 20:42:51 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-15 20:42:51 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-15 20:42:50 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-15 20:42:50 ----A---- C:\Windows\system32\slcinst.dll
2009-07-15 20:42:50 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-15 20:42:49 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-15 20:42:48 ----A---- C:\Windows\system32\spinstall.exe
2009-07-15 20:42:48 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-15 20:42:47 ----A---- C:\Windows\system32\spoolss.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spwmp.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spwizui.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spreview.exe
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spp.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-15 20:42:46 ----A---- C:\Windows\system32\sperror.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\softkbd.dll
2009-07-15 20:42:46 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-15 20:42:46 ----A---- C:\Windows\system32\SndVol.exe
2009-07-15 20:42:45 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-15 20:42:45 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-15 20:42:42 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\untfs.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\umrdp.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\ulib.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\uDWM.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\tskill.exe
2009-07-15 20:42:42 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-15 20:42:42 ----A---- C:\Windows\system32\tsdiscon.exe
2009-07-15 20:42:42 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-15 20:42:42 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tscon.exe
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tscfgwmi.dll
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tquery.dll
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-15 20:42:38 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\themeui.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\themecpl.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\termsrv.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\telnet.exe
2009-07-15 20:42:31 ----A---- C:\Windows\system32\taskeng.exe
2009-07-15 20:42:31 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-15 20:42:31 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-15 20:41:07 ----D---- C:\Windows\system32\EventProviders
2009-07-15 10:29:22 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 10:29:21 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 10:29:21 ----A---- C:\Windows\system32\lpk.dll
2009-07-15 10:29:21 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 10:29:21 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 10:29:21 ----A---- C:\Windows\system32\atmlib.dll
2009-07-14 16:38:14 ----D---- C:\Users\Baconman\AppData\Roaming\Malwarebytes
2009-07-14 16:38:09 ----D---- C:\ProgramData\Malwarebytes
2009-07-14 12:57:09 ----D---- C:\ProgramData\ESET
2009-07-14 12:11:48 ----A---- C:\Windows\ntbtlog.txt
2009-07-13 22:55:51 ----D---- C:\Users\Baconman\AppData\Roaming\Mozilla
2009-07-13 22:55:43 ----D---- C:\Program Files\Mozilla Firefox
2009-07-13 22:45:38 ----D---- C:\Users\Baconman\AppData\Roaming\TheWorld
2009-07-12 12:33:28 ----D---- C:\Users\Baconman\AppData\Roaming\GrabIt
2009-07-08 18:36:05 ----D---- C:\Users\Baconman\AppData\Roaming\Ambient Design
2009-07-08 18:27:28 ----D---- C:\Program Files\Ambient Design
2009-07-08 15:47:57 ----D---- C:\Users\Baconman\AppData\Roaming\WTablet
2009-07-08 15:47:34 ----D---- C:\ProgramData\AppData
2009-07-08 15:42:59 ----D---- C:\Windows\system32\WTablet
2009-07-08 15:42:57 ----N---- C:\Windows\system32\Wintab32.dll
2009-07-08 15:42:56 ----N---- C:\Windows\system32\Pen_Tablet.dll
2009-07-08 15:42:54 ----N---- C:\Windows\system32\Pen_Tablet.exe
2009-07-08 15:42:50 ----D---- C:\Program Files\Tablet
2009-07-07 21:02:08 ----D---- C:\Program Files\Teamspeak2_RC2
2009-07-06 23:09:24 ----D---- C:\VIDEO
2009-07-06 23:09:24 ----D---- C:\PHOTO
2009-07-06 22:52:27 ----D---- C:\Program Files\Philips
2009-07-05 12:26:26 ----D---- C:\Autodesk
2009-07-02 21:20:27 ----D---- C:\Program Files\Stardock
2009-07-02 21:20:27 ----D---- C:\Program Files\Common Files\Stardock
2009-07-01 22:39:11 ----D---- C:\Users\Baconman\AppData\Roaming\DivX
2009-07-01 22:26:42 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-01 22:26:41 ----D---- C:\Program Files\DivX
2009-06-30 11:41:22 ----D---- C:\Program Files\SRWare Iron
2009-06-29 18:29:37 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-06-29 18:29:32 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-06-29 18:29:32 ----A---- C:\Windows\system32\pbsvc.exe
2009-06-29 17:54:04 ----D---- C:\Program Files\EA Games
2009-06-28 14:07:38 ----D---- C:\Python25

======List of files/folders modified in the last 1 months======

2009-07-27 19:50:42 ----D---- C:\Windows\Prefetch
2009-07-27 19:50:35 ----D---- C:\Windows\Temp
2009-07-27 19:39:58 ----D---- C:\Users\Baconman\AppData\Roaming\.purple
2009-07-27 18:54:18 ----D---- C:\Windows\Internet Logs
2009-07-27 14:19:18 ----D---- C:\Windows\System32
2009-07-27 14:19:18 ----D---- C:\Windows\inf
2009-07-27 14:19:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-27 14:13:35 ----D---- C:\Windows
2009-07-27 14:11:19 ----A---- C:\Windows\SchedLgU.Txt
2009-07-27 14:08:11 ----SHD---- C:\System Volume Information
2009-07-27 14:08:09 ----RD---- C:\Program Files
2009-07-27 14:08:04 ----D---- C:\Windows\system32\drivers
2009-07-27 14:08:03 ----D---- C:\Windows\system32\catroot
2009-07-27 14:06:38 ----SHD---- C:\Windows\Installer
2009-07-27 13:50:20 ----D---- C:\Windows\system32\de-DE
2009-07-26 16:12:55 ----D---- C:\Users\Baconman\AppData\Roaming\gtk-2.0
2009-07-25 21:28:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-25 01:00:16 ----D---- C:\Users\Baconman\AppData\Roaming\Skype
2009-07-25 00:00:17 ----D---- C:\Users\Baconman\AppData\Roaming\skypePM
2009-07-23 12:50:50 ----D---- C:\Program Files\ATI
2009-07-22 20:36:53 ----SD---- C:\Users\Baconman\AppData\Roaming\Microsoft
2009-07-22 20:30:26 ----D---- C:\Program Files\ATI Technologies
2009-07-22 20:30:10 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-22 17:18:49 ----D---- C:\Users\Baconman\AppData\Roaming\Hamachi
2009-07-22 01:55:50 ----HD---- C:\$AVG8.VAULT$
2009-07-22 01:50:09 ----HD---- C:\ProgramData
2009-07-21 07:57:38 ----D---- C:\Windows\Minidump
2009-07-21 07:21:14 ----D---- C:\Windows\system32\catroot2
2009-07-19 20:01:32 ----D---- C:\Program Files\Common Files
2009-07-17 21:55:44 ----RSD---- C:\Windows\assembly
2009-07-17 18:57:12 ----D---- C:\Users\Baconman\AppData\Roaming\uTorrent
2009-07-15 21:26:11 ----D---- C:\Windows\rescache
2009-07-15 21:15:27 ----D---- C:\Windows\Microsoft.NET
2009-07-15 21:12:31 ----SHD---- C:\Boot
2009-07-15 21:06:20 ----D---- C:\Program Files\Windows Mail
2009-07-15 21:06:20 ----D---- C:\Program Files\Windows Calendar
2009-07-15 21:06:20 ----D---- C:\Program Files\Movie Maker
2009-07-15 21:06:18 ----D---- C:\Program Files\Windows Sidebar
2009-07-15 21:06:18 ----D---- C:\Program Files\Windows Media Player
2009-07-15 21:06:18 ----D---- C:\Program Files\Internet Explorer
2009-07-15 21:06:17 ----D---- C:\Program Files\Windows Journal
2009-07-15 21:06:17 ----D---- C:\Program Files\Windows Collaboration
2009-07-15 21:06:15 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-15 21:06:15 ----D---- C:\Program Files\Common Files\System
2009-07-15 21:06:10 ----D---- C:\Windows\servicing
2009-07-15 21:06:10 ----D---- C:\Windows\ehome
2009-07-15 21:06:10 ----D---- C:\Program Files\Windows Defender
2009-07-15 21:05:44 ----D---- C:\Windows\system32\XPSViewer
2009-07-15 21:05:44 ----D---- C:\Windows\system32\lv-LV
2009-07-15 21:05:44 ----D---- C:\Windows\PolicyDefinitions
2009-07-15 21:05:44 ----D---- C:\Windows\IME
2009-07-15 21:05:43 ----D---- C:\Windows\system32\sk-SK
2009-07-15 21:05:43 ----D---- C:\Windows\system32\ko-KR
2009-07-15 21:05:43 ----D---- C:\Windows\system32\hr-HR
2009-07-15 21:05:43 ----D---- C:\Windows\system32\et-EE
2009-07-15 21:05:43 ----D---- C:\Windows\system32\en-US
2009-07-15 21:05:43 ----D---- C:\Windows\system32\da-DK
2009-07-15 21:05:42 ----D---- C:\Windows\system32\oobe
2009-07-15 21:05:42 ----D---- C:\Windows\system32\migration
2009-07-15 21:05:42 ----D---- C:\Windows\system32\it-IT
2009-07-15 21:05:42 ----D---- C:\Windows\system32\el-GR
2009-07-15 21:05:37 ----D---- C:\Windows\system32\zh-CN
2009-07-15 21:05:37 ----D---- C:\Windows\system32\sv-SE
2009-07-15 21:05:37 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-15 21:05:37 ----D---- C:\Windows\system32\SLUI
2009-07-15 21:05:37 ----D---- C:\Windows\system32\setup
2009-07-15 21:05:37 ----D---- C:\Windows\system32\ru-RU
2009-07-15 21:05:37 ----D---- C:\Windows\system32\pt-PT
2009-07-15 21:05:37 ----D---- C:\Windows\system32\manifeststore
2009-07-15 21:05:37 ----D---- C:\Windows\system32\hu-HU
2009-07-15 21:05:37 ----D---- C:\Windows\system32\he-IL
2009-07-15 21:05:37 ----D---- C:\Windows\system32\fr-FR
2009-07-15 21:05:37 ----D---- C:\Windows\system32\fi-FI
2009-07-15 21:05:37 ----D---- C:\Windows\system32\cs-CZ
2009-07-15 21:05:37 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-15 21:05:36 ----D---- C:\Windows\system32\zh-TW
2009-07-15 21:05:36 ----D---- C:\Windows\system32\uk-UA
2009-07-15 21:05:36 ----D---- C:\Windows\system32\sl-SI
2009-07-15 21:05:36 ----D---- C:\Windows\system32\ro-RO
2009-07-15 21:05:36 ----D---- C:\Windows\system32\pl-PL
2009-07-15 21:05:36 ----D---- C:\Windows\system32\ja-JP
2009-07-15 21:05:36 ----D---- C:\Windows\system32\es-ES
2009-07-15 21:05:36 ----D---- C:\Windows\system32\bg-BG
2009-07-15 21:05:35 ----D---- C:\Windows\system32\th-TH
2009-07-15 21:05:34 ----D---- C:\Windows\system32\wbem
2009-07-15 21:05:34 ----D---- C:\Windows\system32\tr-TR
2009-07-15 21:05:31 ----D---- C:\Windows\system32\nl-NL
2009-07-15 21:05:31 ----D---- C:\Windows\system32\nb-NO
2009-07-15 21:05:31 ----D---- C:\Windows\system32\lt-LT
2009-07-15 21:05:31 ----D---- C:\Windows\system32\ar-SA
2009-07-15 21:05:30 ----D---- C:\Windows\system32\migwiz
2009-07-15 21:05:29 ----D---- C:\Windows\system32\pt-BR
2009-07-15 21:04:09 ----RSD---- C:\Windows\Fonts
2009-07-15 21:04:09 ----D---- C:\Windows\AppPatch
2009-07-15 21:04:01 ----D---- C:\Windows\system32\Boot
2009-07-15 20:59:57 ----D---- C:\Windows\winsxs
2009-07-12 16:27:20 ----D---- C:\Users\Baconman\AppData\Roaming\FileZilla
2009-07-12 14:07:48 ----D---- C:\ProgramData\Ubisoft
2009-07-07 21:02:20 ----D---- C:\Users\Baconman\AppData\Roaming\teamspeak2
2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-05 12:27:00 ----D---- C:\Program Files\Autodesk
2009-07-04 16:38:00 ----D---- C:\ProgramData\CrazyBump
2009-07-04 16:37:56 ----D---- C:\ProgramData\licensecb
2009-07-02 22:58:54 ----D---- C:\Users\Baconman\AppData\Roaming\Adobe
2009-07-01 22:27:20 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-06-30 13:20:36 ----SD---- C:\Windows\Tasks
2009-06-29 18:29:32 ----D---- C:\Windows\system32\LogFiles
2009-06-29 17:53:34 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-13 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-06-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-13 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-16 293528]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-06 271360]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2009-05-28 47616]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-06 18048]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-24 95544]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-05-16 4933632]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-07-22 25280]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-01-16 489984]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\Windows\system32\DRIVERS\AegisP.sys []
S2 DS1410D;DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [1998-07-10 7328]
S3 ASUDriver;ASUDriver; \??\C:\Program Files\AMD\AMD OverDrive\i386\AODDriver.sys [2007-09-24 5248]
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys []
S3 Sntnlusb;Rainbow USB SuperPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-11-19 25216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-05-16 176128]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-21 906520]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-13 298776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-29 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-07-27 189104]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2007-12-26 53760]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2008-05-02 3032360]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-02 655624]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]

-----------------EOF-----------------
info.txt von RSIT:

Zitat

info.txt logfile of random's system information tool 1.06 2009-07-27 19:50:45

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\5aab5a491a3a52ae624fd639f6aaa95\Setup.exe --uninstall=1
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{8EB8E60B-315D-44EB-A896-10D88602EE46}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AMD OverDrive-->MsiExec.exe /I{6515FE5E-9F36-448F-934E-10CD94821807}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArmA2 Uninstall-->E:\Datein\Spiele\Bohemia Interactive\UnInstall.exe
ArtRage 2-->MsiExec.exe /X{19862E4F-6080-47C8-A3AC-AF9F0D39F1AB}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
aTube Catcher 1.0-->"C:\Program Files\DsNET Corp\aTube Catcher 1.0\unins000.exe"
Autodesk DirectConnect 2.0-->MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
Autodesk DirectConnect 2009 R1-->MsiExec.exe /I{7EA8E1A6-9519-4AA6-A3CA-B977E0677700}
Autodesk License Manager 1.0.31-->MsiExec.exe /I{CE5EB718-FCD1-410F-AC69-2EDCF63119BE}
Autodesk Mudbox 2009-->MsiExec.exe /I{48FA4241-BD99-440B-A3C4-E2D3B88FBF73}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4.1 Patch-->C:\Program Files\InstallShield Installation Information\{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Click-Crypt-->MsiExec.exe /X{DF5478C9-37C2-4DD6-8E14-09CC5FAD2B4B}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"E:\Datein\Spiele\Company of Heros\Uninstall_German.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Crazybump (remove only)-->"C:\Program Files\Crazybump\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Duplicate Remover 1.1-->"C:\Program Files\Winamp\Plugins\gen_ppdr\unins000.exe"
Edimax Wireless LAN-->C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe -runfromtemp -l0x0009 -removeonly
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x7 -removeonly
GLOBEtrotter FLEXid Drivers-->C:\Windows\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Users\Baconman\Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kikin Plugin (JDownloader Edition) 1.11-->C:\Program Files\kikin\uninst.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maya 2009-->MsiExec.exe /I{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MiniStumbler 0.4.0 (remove only)-->"C:\Program Files\MiniStumbler\uninst.exe"
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\setup.exe" -l0x9
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OGRE Command Line Tools-->MsiExec.exe /I{5940AABD-1573-4CBC-B82F-CA526690FEB5}
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Python 2.5.4-->MsiExec.exe /I{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
SA30xx Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x0007 -removeonly
Sacred 2 - Elite-->MsiExec.exe /X{2BB047B7-E613-4686-BE0C-E63BB26BE121}
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SRWare Iron 2.0.178.0-->"C:\Program Files\SRWare Iron\unins000.exe"
Stifttablett-->C:\Program Files\Tablet\Pen\Remove.exe /u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TortoiseSVN 1.6.2.16344 (32 bit)-->MsiExec.exe /X{FCA37CD2-7BA4-4A5A-8979-B64EA712F4CB}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

FW: ZoneAlarm Firewall
AS: ZoneAlarm Anti-Spyware (outdated)
AS: Windows-Defender (disabled)

======System event log======

Computer Name: baconmans-pc
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB948610(Update) in den Status Installation angefordert(Install Requested).
Record Number: 32451
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602132434.000000-000
Event Type: Informationen
User: BACONMANS-PC\Baconman

Computer Name: baconmans-pc
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB948610(Update) in den Status Installation angefordert(Install Requested).
Record Number: 32450
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602132434.000000-000
Event Type: Informationen
User: BACONMANS-PC\Baconman

Computer Name: baconmans-pc
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB948610(Update) in den Status Installation angefordert(Install Requested).
Record Number: 32449
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602132434.000000-000
Event Type: Informationen
User: BACONMANS-PC\Baconman

Computer Name: baconmans-pc
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB948610(Update) in den Status Installation angefordert(Install Requested).
Record Number: 32448
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602132434.000000-000
Event Type: Informationen
User: BACONMANS-PC\Baconman

Computer Name: baconmans-pc
Event Code: 4383
Message: Windows-Wartung hat das Update 948610-1101_neutral_GDR aus Paket KB948610 (Update) in den Status Wird bereitgestellt(Staging) gesetzt.
Record Number: 32447
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602132433.000000-000
Event Type: Informationen
User: BACONMANS-PC\Baconman

=====Application event log=====

Computer Name: baconmans-pc
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20090528160334.000000-000
Event Type: Informationen
User:

Computer Name: baconmans-pc
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20090528160332.000000-000
Event Type: Informationen
User:

Computer Name: BACONMANS-PC
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090528160329.000000-000
Event Type: Informationen
User:

Computer Name: BACONMANS-PC
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 2
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090528160329.000000-000
Event Type: Informationen
User:

Computer Name: BACONMANS-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090528160328.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: baconmans-pc
Event Code: 5447
Message: Ein Filter der Windows-Filterplattform wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: NT-AUTORITÄT\LOKALER DIENST

Prozessinformationen:
Prozess-ID: 2004

Anbieterinformationen:
ID: {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62}
Name: Windows-Firewall

Änderungsinformationen:
Änderungstyp: Hinzufügen

Filterinformationen:
ID: {BCB34B1D-270B-42B4-BA92-37035CE9B931}
Name: FTP-Inspektionsfilter
Typ: Nicht persistent
Laufzeit-ID: 69240

Ebeneninformationen:
ID: {C38D57D1-05A7-4C33-904F-7FBCEEE60E82}
Name: ALE-Verbindung (v4-Schicht)
Laufzeit-ID: 48

Calloutinformationen:
ID: {C3DBED20-0BB6-4BF3-828D-96732E1E0230}
Name: Windows Firewall: callout

Zusätzliche Informationen:
Gewicht: 18446744073709551615
Bedingungen:
Bedingungs-ID: {3971ef2b-623e-4f9a-8cb1-6e79b806b9a7}
Übereinstimmungswert: Gleich
Bedingungswert: 0x06

Filteraktion: Callout
Record Number: 313754
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727120845.671204-000
Event Type: Überwachung erfolgreich
User:

Computer Name: baconmans-pc
Event Code: 5447
Message: Ein Filter der Windows-Filterplattform wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: NT-AUTORITÄT\LOKALER DIENST

Prozessinformationen:
Prozess-ID: 2004

Anbieterinformationen:
ID: {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62}
Name: Windows-Firewall

Änderungsinformationen:
Änderungstyp: Hinzufügen

Filterinformationen:
ID: {3955C59D-7F74-4C72-A3DA-C6B02D1F8EA5}
Name: Filter für verschärfte Inspektion
Typ: Nicht persistent
Laufzeit-ID: 69239

Ebeneninformationen:
ID: {3D08BF4E-45F6-4930-A922-417098E20027}
Name: Datagrammdaten (v4-Schicht)
Laufzeit-ID: 24

Calloutinformationen:
ID: {C3DBED20-0BB6-4BF3-828D-96732E1E0518}
Name: Windows Firewall: callout

Zusätzliche Informationen:
Gewicht: 18446744073709551615
Bedingungen: -
Filteraktion: Callout
Record Number: 313753
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727120845.671204-000
Event Type: Überwachung erfolgreich
User:

Computer Name: baconmans-pc
Event Code: 5447
Message: Ein Filter der Windows-Filterplattform wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: NT-AUTORITÄT\LOKALER DIENST

Prozessinformationen:
Prozess-ID: 2004

Anbieterinformationen:
ID: {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62}
Name: Windows-Firewall

Änderungsinformationen:
Änderungstyp: Hinzufügen

Filterinformationen:
ID: {1D6F7DE0-5E2F-45B3-B979-A77DDB3250FC}
Name: Filter für verschärfte Inspektion
Typ: Nicht persistent
Laufzeit-ID: 69238

Ebeneninformationen:
ID: {47C9137A-7EC4-46B3-B6E4-48E926B1EDA4}
Name: Datenstrom (v6-Schicht)
Laufzeit-ID: 22

Calloutinformationen:
ID: {C3DBED20-0BB6-4BF3-828D-96732E1E0416}
Name: Windows Firewall: callout

Zusätzliche Informationen:
Gewicht: 18446744073709551615
Bedingungen: -
Filteraktion: Callout
Record Number: 313752
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727120845.671204-000
Event Type: Überwachung erfolgreich
User:

Computer Name: baconmans-pc
Event Code: 5447
Message: Ein Filter der Windows-Filterplattform wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: NT-AUTORITÄT\LOKALER DIENST

Prozessinformationen:
Prozess-ID: 2004

Anbieterinformationen:
ID: {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62}
Name: Windows-Firewall

Änderungsinformationen:
Änderungstyp: Hinzufügen

Filterinformationen:
ID: {AD3B2A55-A625-4A77-82A0-9072075DBAB2}
Name: FTP-Inspektionsfilter
Typ: Nicht persistent
Laufzeit-ID: 69241

Ebeneninformationen:
ID: {4A72393B-319F-44BC-84C3-BA54DCB3B6B4}
Name: ALE-Verbindung (v6-Schicht)
Laufzeit-ID: 50

Calloutinformationen:
ID: {C3DBED20-0BB6-4BF3-828D-96732E1E0232}
Name: Windows Firewall: callout

Zusätzliche Informationen:
Gewicht: 18446744073709551615
Bedingungen:
Bedingungs-ID: {3971ef2b-623e-4f9a-8cb1-6e79b806b9a7}
Übereinstimmungswert: Gleich
Bedingungswert: 0x06

Filteraktion: Callout
Record Number: 313751
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727120845.671204-000
Event Type: Überwachung erfolgreich
User:

Computer Name: baconmans-pc
Event Code: 5447
Message: Ein Filter der Windows-Filterplattform wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-19
Kontoname: NT-AUTORITÄT\LOKALER DIENST

Prozessinformationen:
Prozess-ID: 2004

Anbieterinformationen:
ID: {DECC16CA-3F33-4346-BE1E-8FB4AE0F3D62}
Name: Windows-Firewall

Änderungsinformationen:
Änderungstyp: Hinzufügen

Filterinformationen:
ID: {D4789CBD-1B90-47B0-A992-78D935ADD801}
Name: Filter für verschärfte Inspektion
Typ: Nicht persistent
Laufzeit-ID: 69237

Ebeneninformationen:
ID: {3B89653C-C170-49E4-B1CD-E0EEEEE19A3E}
Name: Datenstrom (v4-Schicht)
Laufzeit-ID: 20

Calloutinformationen:
ID: {C3DBED20-0BB6-4BF3-828D-96732E1E0414}
Name: Windows Firewall: callout

Zusätzliche Informationen:
Gewicht: 18446744073709551615
Bedingungen: -
Filteraktion: Callout
Record Number: 313750
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727120845.671204-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Autodesk\Maya2009\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Common Files\Autodesk Shared\AdLM\R1;C:\Program Files\Common Files\DivX Shared
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
So der andere Log kommt gleich ;)

OK hat sich i-wie erlädigt... GMER hängt sich immer beim scannen auf.. ich führ es jetzt nochmal als Admin aus.
Seitenanfang Seitenende
28.07.2009, 00:03
Swisstreasure
Moderator

Beiträge: 5694
#17 >>
Sagt Dir diese Datei etwas? Wenn nicht, lasse sie bei www.virustotal.com/de prüfen.
C:\Users\Baconman\Pictures\Screenshot.exe

>>
Was hast Du unter D: angeschlossen?
D:\Install.exe

>>
Entferne Combofix:
Windows Taste + R drücken
Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Scannne mit Supernantispyware und poste das Log:
http://board.protecus.de/t31252.htm

Gruss Swiss
Seitenanfang Seitenende
28.07.2009, 02:21
Baconman
Member

Themenstarter

Beiträge: 17
#18

Zitat

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2009 at 01:46 AM

Application Version : 4.26.1006

Core Rules Database Version : 4021
Trace Rules Database Version: 1961

Scan type : Complete Scan
Total Scan Time : 01:24:29

Memory items scanned : 874
Memory threats detected : 0
Registry items scanned : 6194
Registry threats detected : 0
File items scanned : 42103
File threats detected : 49

Adware.Tracking Cookie
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\baconman@atdmt[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\baconman@weborama[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\baconman@doubleclick[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@webmasterplan[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@www.porndad[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ad.adition[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@www.freepornsite[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@tracking.quisma[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@de.at.atwola[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ads.heias[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@adfarm1.adition[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@msnportal.112.2o7[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@tto2.traffictrack[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@serving-sys[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@zanox-affiliate[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@xxxhdworld[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@youporn[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@www.sex-geizkragen[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@atdmt[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@content.yieldmanager.edgesuite[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@track.webtrekk[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@bs.serving-sys[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@traffictrack[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ads.sportwerk[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@tradedoubler[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@content.yieldmanager[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@adtech[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ad.bauerverlag[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@adviva[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@oxygen-warez[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@doubleclick[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ad.zanox[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@specificclick[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@sex-geizkragen[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@im.banner.t-online[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@www.freehdporn[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@statcounter[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ads.adgoto[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@adultadworld[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@naiadsystems[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ad.trigami[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@4stats[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ad.yieldmanager[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@ads-dev.youporn[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@adserver.traffictrack[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@freepornsite[1].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@partypoker[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@smartadserver[2].txt
C:\Users\Baconman\AppData\Roaming\Microsoft\Windows\Cookies\Low\baconman@zanox[1].txt
Ok god ey... ich geh nie wieder auf "kostenlose" Erwachsenenseiten...
Screenshot.exe ist ein Programm dem ich vertraue. Es ist ein Tool das Screenshots automatisch hochläd.

Unter D ist mein DVD Laufwerk. Ist ne CD von einem Spiel eigelegt, deshalb install.exe ;)
Seitenanfang Seitenende
28.07.2009, 08:06
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#19 SysProt AntiRootkit
Support Windows 2000/XP/2003/Vista 32-bit

Kreiere auf dein Desktop eine neue Datei mit namen Sysprot
Download http://www.freewaregeeks.com/download/SysProt.zip dahin
Entpacke SysProt AntiRootkit
Schliesse alle Fenster und starte SysProt.exe
Klicke auf den Reiter Log setze ein Häkchen in:

Process
SSDT
Kernel Hooks
Ports
Hidden Files

Klicke jetzt Create Log
Am Ende erscheint ein Logfile (C:\SysProtLog.txt)
Poste dessen Inhalt im Thread
__________
MfG Argus
Seitenanfang Seitenende
28.07.2009, 13:07
Baconman
Member

Themenstarter

Beiträge: 17
#20 Der Log:

Zitat

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 440
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\Windows\System32\atiesrxx.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1252
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1376
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1460
Hidden: No
Window Visible: No

Name: C:\Windows\System32\atieclxx.exe
PID: 1576
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wisptis.exe
PID: 1616
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1672
Hidden: No
Window Visible: No

Name: C:\Windows\System32\ZoneLabs\vsmon.exe
PID: 1848
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 908
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1156
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2184
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2448
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wisptis.exe
PID: 2456
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PID: 2480
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 2524
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 2772
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 2872
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 3052
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 3060
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrA.exe
PID: 3192
Hidden: No
Window Visible: No

Name: C:\Windows\System32\PnkBstrB.exe
PID: 3248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3268
Hidden: No
Window Visible: No

Name: C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
PID: 3280
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3316
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Pen_Tablet.exe
PID: 3348
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3432
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3468
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 3596
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 3796
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WTablet\Pen_TabletUser.exe
PID: 3888
Hidden: No
Window Visible: No

Name: C:\Windows\System32\Pen_Tablet.exe
PID: 3904
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 2144
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2164
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgtray.exe
PID: 2208
Hidden: No
Window Visible: No

Name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 2260
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 2264
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 2376
Hidden: No
Window Visible: No

Name: C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PID: 2588
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PID: 3240
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 3508
Hidden: No
Window Visible: No

Name: C:\Program Files\EDIMAX\Common\RaUI.exe
PID: 3604
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 944
Hidden: No
Window Visible: No

Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 1052
Hidden: No
Window Visible: No

Name: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PID: 788
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PID: 3020
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 1160
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 4240
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 5740
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PID: 5128
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 4780
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 4612
Hidden: No
Window Visible: No

Name: C:\Users\Baconman\Desktop\SysProt\SysProt.exe
PID: 2236
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlpcConnectPort
Address: 93949880
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwConnectPort
Address: 939494E0
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateFile
Address: 93946828
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateKey
Address: 9395CD9C
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreatePort
Address: 93949C36
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateProcess
Address: 9395AAF8
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateProcessEx
Address: 9395AD12
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateSection
Address: 9395E780
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateWaitablePort
Address: 93949CDE
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteFile
Address: 93946D0A
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteKey
Address: 9395D698
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteValueKey
Address: 9395D414
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDuplicateObject
Address: 9395A4F8
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKey
Address: 9395DBC6
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKey2
Address: 9395DC3E
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKeyEx
Address: 9395DD2E
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwOpenFile
Address: 93946BA2
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwOpenProcess
Address: 9395BF18
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRenameKey
Address: 9395E370
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwReplaceKey
Address: 9395DDA6
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRequestWaitReplyPort
Address: 9394916A
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRestoreKey
Address: 9395E1B0
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSecureConnectPort
Address: 93949680
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSetInformationFile
Address: 93946EF8
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSetValueKey
Address: 9395D11A
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSystemDebugControl
Address: 9395B486
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwTerminateProcess
Address: 939CCDF0
Driver Base: 939C4000
Driver End: 939E9000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Function Name: ZwCreateUserProcess
Address: 9395AF30
Driver Base: 93930000
Driver End: 9398D000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: BACONMANS-PC.BELKIN:49478
Remote Address: 65.55.184.27:HTTPS
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: ESTABLISHED

Local Address: BACONMANS-PC.BELKIN:49477
Remote Address: CDS158.LON9.LLNW.NET:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: CLOSE_WAIT

Local Address: BACONMANS-PC.BELKIN:49475
Remote Address: 195.50.169.96:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: BACONMANS-PC.BELKIN:49470
Remote Address: BY1MSG2082109.MIXER.EDGE.MESSENGER.LIVE.COM:MSNP
Type: TCP
Process: 2248 (PID)
State: CLOSE_WAIT

Local Address: BACONMANS-PC.BELKIN:49314
Remote Address: BY2MSG1231706.PHX.GBL:MSNP
Type: TCP
Process: 2248 (PID)
State: CLOSE_WAIT

Local Address: BACONMANS-PC.BELKIN:49193
Remote Address: BY1MSG2093112.GATEWAY.EDGE.MESSENGER.LIVE.COM:MSNP
Type: TCP
Process: 2248 (PID)
State: CLOSE_WAIT

Local Address: BACONMANS-PC.BELKIN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BACONMANS-PC:49476
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: CLOSE_WAIT

Local Address: BACONMANS-PC:49474
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: BACONMANS-PC:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BACONMANS-PC:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BACONMANS-PC:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: BACONMANS-PC:10080
Remote Address: LOCALHOST:49476
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: FIN_WAIT2

Local Address: BACONMANS-PC:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: BACONMANS-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BACONMANS-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: BACONMANS-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BACONMANS-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: BACONMANS-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BACONMANS-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BACONMANS-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: BACONMANS-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BACONMANS-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: BACONMANS-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: BACONMANS-PC.BELKIN:55517
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC.BELKIN:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC.BELKIN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BACONMANS-PC.BELKIN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BACONMANS-PC:55518
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:45301
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\PnkBstrB.exe
State: NA

Local Address: BACONMANS-PC:44301
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\PnkBstrA.exe
State: NA

Local Address: BACONMANS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:55516
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BACONMANS-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: BACONMANS-PC:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: BACONMANS-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\CSC\v2.0.6
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Danke auch an dich für die Hilfe ;)
Seitenanfang Seitenende
28.07.2009, 13:57
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#21 Installiere Internet Explorer v8.00 und Update Vista
__________
MfG Argus
Seitenanfang Seitenende
09.08.2009, 11:28
Baconman
Member

Themenstarter

Beiträge: 17
#22 Ok bin dabei ;) Die optionalen auch?
Seitenanfang Seitenende
09.08.2009, 23:48
Swisstreasure
Moderator

Beiträge: 5694
#23 Alles updaten ;)

gruss Swiss
Seitenanfang Seitenende
10.08.2009, 11:07
Baconman
Member

Themenstarter

Beiträge: 17
#24 Das Runterladen der Updates dauert länger als gedacht...
Seitenanfang Seitenende
10.08.2009, 11:33
Swisstreasure
Moderator

Beiträge: 5694
#25 Das ist so, aber nie unterbrechen während der Installation. Das könnte das System aufhängen.

Gruss Swiss
Seitenanfang Seitenende
10.08.2009, 21:03
Baconman
Member

Themenstarter

Beiträge: 17
#26 Hehehe ich weis ist mir schonmal passiert...^^ ;)
Seitenanfang Seitenende
11.08.2009, 17:26
Baconman
Member

Themenstarter

Beiträge: 17
#27 So alle updates fertig ;)
Seitenanfang Seitenende
11.08.2009, 19:17
Swisstreasure
Moderator

Beiträge: 5694
#28 Hast Du denn noch Probleme?

Gruss Swiss
Seitenanfang Seitenende
11.08.2009, 22:05
Baconman
Member

Themenstarter

Beiträge: 17
#29 Mal sehen ;), was denkt ihr denn was es war?
Seitenanfang Seitenende
11.08.2009, 22:08
Swisstreasure
Moderator

Beiträge: 5694
#30 c:\program files\Adobe\adobe photoshop cs4\keygen.exe

Du hattest Glück, dass sich dahinter nich mehr verborgen hat. Denke daran, alles was du aus dem Internet lädst kann infiziert sein. Vorallem wenns ein Keygen ist. Also hüte dich davor ;)

Gruss swiss
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123